diff --git a/JavaScriptCore-ObjC_Bridge.zip b/JavaScriptCore-ObjC_Bridge.zip new file mode 100644 index 00000000..e28fba97 Binary files /dev/null and b/JavaScriptCore-ObjC_Bridge.zip differ diff --git a/JavaScriptCore/API/APICallbackFunction.h b/JavaScriptCore/API/APICallbackFunction.h new file mode 100755 index 00000000..683b6389 --- /dev/null +++ b/JavaScriptCore/API/APICallbackFunction.h @@ -0,0 +1,72 @@ +/* + * Copyright (C) 2013 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY + * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef APICallbackFunction_h +#define APICallbackFunction_h + +#include "APICast.h" +#include "APIShims.h" +#include "Error.h" +#include + +namespace JSC { + +struct APICallbackFunction { + +template static EncodedJSValue JSC_HOST_CALL call(ExecState*); + +}; + +template +EncodedJSValue JSC_HOST_CALL APICallbackFunction::call(ExecState* exec) +{ + JSContextRef execRef = toRef(exec); + JSObjectRef functionRef = toRef(exec->callee()); + JSObjectRef thisObjRef = toRef(jsCast(exec->hostThisValue().toThis(exec, NotStrictMode))); + + int argumentCount = static_cast(exec->argumentCount()); + Vector arguments; + arguments.reserveInitialCapacity(argumentCount); + for (int i = 0; i < argumentCount; i++) + arguments.uncheckedAppend(toRef(exec, exec->argument(i))); + + JSValueRef exception = 0; + JSValueRef result; + { + APICallbackShim callbackShim(exec); + result = jsCast(toJS(functionRef))->m_callback(execRef, functionRef, thisObjRef, argumentCount, arguments.data(), &exception); + } + if (exception) + exec->vm().throwException(exec, toJS(exec, exception)); + + // result must be a valid JSValue. + if (!result) + return JSValue::encode(jsUndefined()); + + return JSValue::encode(toJS(exec, result)); +} +} // namespace JSC + +#endif // APICallbackFunction_h diff --git a/JavaScriptCore/API/APICast.h b/JavaScriptCore/API/APICast.h old mode 100644 new mode 100755 index f019a7a4..fc5d71b2 --- a/JavaScriptCore/API/APICast.h +++ b/JavaScriptCore/API/APICast.h @@ -27,14 +27,13 @@ #define APICast_h #include "JSAPIValueWrapper.h" +#include "JSCJSValue.h" #include "JSGlobalObject.h" -#include "JSValue.h" -#include namespace JSC { class ExecState; class PropertyNameArray; - class JSGlobalData; + class VM; class JSObject; class JSValue; } @@ -63,46 +62,63 @@ inline JSC::ExecState* toJS(JSGlobalContextRef c) inline JSC::JSValue toJS(JSC::ExecState* exec, JSValueRef v) { ASSERT_UNUSED(exec, exec); - ASSERT(v); #if USE(JSVALUE32_64) JSC::JSCell* jsCell = reinterpret_cast(const_cast(v)); if (!jsCell) - return JSC::JSValue(); + return JSC::jsNull(); + JSC::JSValue result; if (jsCell->isAPIValueWrapper()) - return JSC::jsCast(jsCell)->value(); - return jsCell; + result = JSC::jsCast(jsCell)->value(); + else + result = jsCell; #else - return JSC::JSValue::decode(reinterpret_cast(const_cast(v))); + JSC::JSValue result = JSC::JSValue::decode(reinterpret_cast(const_cast(v))); #endif + if (!result) + return JSC::jsNull(); + if (result.isCell()) + RELEASE_ASSERT(result.asCell()->methodTable()); + return result; } inline JSC::JSValue toJSForGC(JSC::ExecState* exec, JSValueRef v) { ASSERT_UNUSED(exec, exec); - ASSERT(v); #if USE(JSVALUE32_64) JSC::JSCell* jsCell = reinterpret_cast(const_cast(v)); if (!jsCell) return JSC::JSValue(); - return jsCell; + JSC::JSValue result = jsCell; #else - return JSC::JSValue::decode(reinterpret_cast(const_cast(v))); + JSC::JSValue result = JSC::JSValue::decode(reinterpret_cast(const_cast(v))); #endif + if (result && result.isCell()) + RELEASE_ASSERT(result.asCell()->methodTable()); + return result; } -inline JSC::JSObject* toJS(JSObjectRef o) +// Used in JSObjectGetPrivate as that may be called during finalization +inline JSC::JSObject* uncheckedToJS(JSObjectRef o) { return reinterpret_cast(o); } +inline JSC::JSObject* toJS(JSObjectRef o) +{ + JSC::JSObject* object = uncheckedToJS(o); + if (object) + RELEASE_ASSERT(object->methodTable()); + return object; +} + inline JSC::PropertyNameArray* toJS(JSPropertyNameAccumulatorRef a) { return reinterpret_cast(a); } -inline JSC::JSGlobalData* toJS(JSContextGroupRef g) +inline JSC::VM* toJS(JSContextGroupRef g) { - return reinterpret_cast(const_cast(g)); + return reinterpret_cast(const_cast(g)); } inline JSValueRef toRef(JSC::ExecState* exec, JSC::JSValue v) @@ -145,7 +161,7 @@ inline JSPropertyNameAccumulatorRef toRef(JSC::PropertyNameArray* l) return reinterpret_cast(l); } -inline JSContextGroupRef toRef(JSC::JSGlobalData* g) +inline JSContextGroupRef toRef(JSC::VM* g) { return reinterpret_cast(g); } diff --git a/JavaScriptCore/API/APIShims.h b/JavaScriptCore/API/APIShims.h old mode 100644 new mode 100755 index e1589f6a..c57693ed --- a/JavaScriptCore/API/APIShims.h +++ b/JavaScriptCore/API/APIShims.h @@ -28,39 +28,29 @@ #include "CallFrame.h" #include "GCActivityCallback.h" +#include "IncrementalSweeper.h" #include "JSLock.h" #include namespace JSC { class APIEntryShimWithoutLock { -public: - enum RefGlobalDataTag { DontRefGlobalData = 0, RefGlobalData }; - protected: - APIEntryShimWithoutLock(JSGlobalData* globalData, bool registerThread, RefGlobalDataTag shouldRefGlobalData) - : m_shouldRefGlobalData(shouldRefGlobalData) - , m_globalData(globalData) - , m_entryIdentifierTable(wtfThreadData().setCurrentIdentifierTable(globalData->identifierTable)) + APIEntryShimWithoutLock(VM* vm, bool registerThread) + : m_vm(vm) + , m_entryIdentifierTable(wtfThreadData().setCurrentIdentifierTable(vm->identifierTable)) { - if (shouldRefGlobalData) - m_globalData->ref(); - UNUSED_PARAM(registerThread); if (registerThread) - globalData->heap.machineThreads().addCurrentThread(); - m_globalData->heap.activityCallback()->synchronize(); + vm->heap.machineThreads().addCurrentThread(); } ~APIEntryShimWithoutLock() { wtfThreadData().setCurrentIdentifierTable(m_entryIdentifierTable); - if (m_shouldRefGlobalData) - m_globalData->deref(); } protected: - RefGlobalDataTag m_shouldRefGlobalData; - JSGlobalData* m_globalData; + RefPtr m_vm; IdentifierTable* m_entryIdentifierTable; }; @@ -68,57 +58,45 @@ class APIEntryShim : public APIEntryShimWithoutLock { public: // Normal API entry APIEntryShim(ExecState* exec, bool registerThread = true) - : APIEntryShimWithoutLock(&exec->globalData(), registerThread, RefGlobalData) + : APIEntryShimWithoutLock(&exec->vm(), registerThread) + , m_lockHolder(exec->vm().exclusiveThread ? 0 : exec) { - init(); } - // This constructor is necessary for HeapTimer to prevent it from accidentally resurrecting - // the ref count of a "dead" JSGlobalData. - APIEntryShim(JSGlobalData* globalData, RefGlobalDataTag refGlobalData, bool registerThread = true) - : APIEntryShimWithoutLock(globalData, registerThread, refGlobalData) + // JSPropertyNameAccumulator only has a vm. + APIEntryShim(VM* vm, bool registerThread = true) + : APIEntryShimWithoutLock(vm, registerThread) + , m_lockHolder(vm->exclusiveThread ? 0 : vm) { - init(); - } - - // JSPropertyNameAccumulator only has a globalData. - APIEntryShim(JSGlobalData* globalData, bool registerThread = true) - : APIEntryShimWithoutLock(globalData, registerThread, RefGlobalData) - { - init(); } ~APIEntryShim() { - m_globalData->timeoutChecker.stop(); - m_globalData->apiLock().unlock(); + // Destroying our JSLockHolder should also destroy the VM. + m_vm.clear(); } private: - void init() - { - m_globalData->apiLock().lock(); - m_globalData->timeoutChecker.start(); - } + JSLockHolder m_lockHolder; }; class APICallbackShim { public: APICallbackShim(ExecState* exec) - : m_dropAllLocks(exec) - , m_globalData(&exec->globalData()) + : m_dropAllLocks(exec->vm().exclusiveThread ? 0 : exec) + , m_vm(&exec->vm()) { wtfThreadData().resetCurrentIdentifierTable(); } ~APICallbackShim() { - wtfThreadData().setCurrentIdentifierTable(m_globalData->identifierTable); + wtfThreadData().setCurrentIdentifierTable(m_vm->identifierTable); } private: JSLock::DropAllLocks m_dropAllLocks; - JSGlobalData* m_globalData; + VM* m_vm; }; } diff --git a/JavaScriptCore/API/JSAPIWrapperObject.h b/JavaScriptCore/API/JSAPIWrapperObject.h new file mode 100755 index 00000000..90903977 --- /dev/null +++ b/JavaScriptCore/API/JSAPIWrapperObject.h @@ -0,0 +1,60 @@ +/* + * Copyright (C) 2013 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS'' + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, + * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF + * THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef JSAPIWrapperObject_h +#define JSAPIWrapperObject_h + +#include "JSBase.h" +#include "JSDestructibleObject.h" +#include "WeakReferenceHarvester.h" + +#if JSC_OBJC_API_ENABLED + +namespace JSC { + +class JSAPIWrapperObject : public JSDestructibleObject { +public: + typedef JSDestructibleObject Base; + + void finishCreation(VM&); + static void visitChildren(JSCell*, JSC::SlotVisitor&); + + void* wrappedObject() { return m_wrappedObject; } + void setWrappedObject(void*); + +protected: + static const unsigned StructureFlags = OverridesVisitChildren | Base::StructureFlags; + + JSAPIWrapperObject(VM&, Structure*); + +private: + void* m_wrappedObject; +}; + +} // namespace JSC + +#endif // JSC_OBJC_API_ENABLED + +#endif // JSAPIWrapperObject_h diff --git a/JavaScriptCore/API/JSAPIWrapperObject.mm b/JavaScriptCore/API/JSAPIWrapperObject.mm new file mode 100755 index 00000000..c06de397 --- /dev/null +++ b/JavaScriptCore/API/JSAPIWrapperObject.mm @@ -0,0 +1,112 @@ +/* + * Copyright (C) 2013 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS'' + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, + * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF + * THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "config.h" +#include "JSAPIWrapperObject.h" + +#include "JSCJSValueInlines.h" +#include "JSCallbackObject.h" +#include "JSCellInlines.h" +#include "JSVirtualMachineInternal.h" +#include "SlotVisitorInlines.h" +#include "Structure.h" +#include "StructureInlines.h" + +#if JSC_OBJC_API_ENABLED + +class JSAPIWrapperObjectHandleOwner : public JSC::WeakHandleOwner { +public: + virtual void finalize(JSC::Handle, void*); + virtual bool isReachableFromOpaqueRoots(JSC::Handle, void* context, JSC::SlotVisitor&); +}; + +static JSAPIWrapperObjectHandleOwner* jsAPIWrapperObjectHandleOwner() +{ + DEFINE_STATIC_LOCAL(JSAPIWrapperObjectHandleOwner, jsWrapperObjectHandleOwner, ()); + return &jsWrapperObjectHandleOwner; +} + +void JSAPIWrapperObjectHandleOwner::finalize(JSC::Handle handle, void*) +{ + JSC::JSAPIWrapperObject* wrapperObject = JSC::jsCast(handle.get().asCell()); + if (!wrapperObject->wrappedObject()) + return; + [static_cast(wrapperObject->wrappedObject()) release]; + JSC::WeakSet::deallocate(JSC::WeakImpl::asWeakImpl(handle.slot())); +} + +bool JSAPIWrapperObjectHandleOwner::isReachableFromOpaqueRoots(JSC::Handle handle, void*, JSC::SlotVisitor& visitor) +{ + JSC::JSAPIWrapperObject* wrapperObject = JSC::jsCast(handle.get().asCell()); + // We use the JSGlobalObject when processing weak handles to prevent the situation where using + // the same Objective-C object in multiple global objects keeps all of the global objects alive. + if (!wrapperObject->wrappedObject()) + return false; + return JSC::Heap::isMarked(wrapperObject->structure()->globalObject()) && visitor.containsOpaqueRoot(wrapperObject->wrappedObject()); +} + +namespace JSC { + +template <> const ClassInfo JSCallbackObject::s_info = { "JSAPIWrapperObject", &Base::s_info, 0, 0, CREATE_METHOD_TABLE(JSCallbackObject) }; + +template<> const bool JSCallbackObject::needsDestruction = true; + +template <> +Structure* JSCallbackObject::createStructure(VM& vm, JSGlobalObject* globalObject, JSValue proto) +{ + return Structure::create(vm, globalObject, proto, TypeInfo(ObjectType, StructureFlags), &s_info); +} + +JSAPIWrapperObject::JSAPIWrapperObject(VM& vm, Structure* structure) + : Base(vm, structure) + , m_wrappedObject(0) +{ +} + +void JSAPIWrapperObject::finishCreation(VM& vm) +{ + Base::finishCreation(vm); + WeakSet::allocate(this, jsAPIWrapperObjectHandleOwner(), 0); // Balanced in JSAPIWrapperObjectHandleOwner::finalize. +} + +void JSAPIWrapperObject::setWrappedObject(void* wrappedObject) +{ + ASSERT(!m_wrappedObject); + m_wrappedObject = [static_cast(wrappedObject) retain]; +} + +void JSAPIWrapperObject::visitChildren(JSCell* cell, JSC::SlotVisitor& visitor) +{ + JSAPIWrapperObject* thisObject = JSC::jsCast(cell); + COMPILE_ASSERT(StructureFlags & OverridesVisitChildren, OverridesVisitChildrenWithoutSettingFlag); + Base::visitChildren(cell, visitor); + + if (thisObject->wrappedObject()) + scanExternalObjectGraph(cell->structure()->globalObject()->vm(), visitor, thisObject->wrappedObject()); +} + +} // namespace JSC + +#endif // JSC_OBJC_API_ENABLED diff --git a/JavaScriptCore/API/JSBase.cpp b/JavaScriptCore/API/JSBase.cpp old mode 100644 new mode 100755 index d0ffa311..7669ff1a --- a/JavaScriptCore/API/JSBase.cpp +++ b/JavaScriptCore/API/JSBase.cpp @@ -29,20 +29,25 @@ #include "APICast.h" #include "APIShims.h" +#include "CallFrame.h" +#include "Completion.h" +#include "InitializeThreading.h" +#include "JSGlobalObject.h" +#include "JSLock.h" +#include "JSObject.h" #include "OpaqueJSString.h" +#include "Operations.h" #include "SourceCode.h" -#include -#include -#include -#include -#include -#include #include using namespace JSC; JSValueRef JSEvaluateScript(JSContextRef ctx, JSStringRef script, JSObjectRef thisObject, JSStringRef sourceURL, int startingLineNumber, JSValueRef* exception) { + if (!ctx) { + ASSERT_NOT_REACHED(); + return 0; + } ExecState* exec = toJS(ctx); APIEntryShim entryShim(exec); @@ -50,10 +55,10 @@ JSValueRef JSEvaluateScript(JSContextRef ctx, JSStringRef script, JSObjectRef th // evaluate sets "this" to the global object if it is NULL JSGlobalObject* globalObject = exec->dynamicGlobalObject(); - SourceCode source = makeSource(script->ustring(), sourceURL->ustring(), TextPosition(OrdinalNumber::fromOneBasedInt(startingLineNumber), OrdinalNumber::first())); + SourceCode source = makeSource(script->string(), sourceURL->string(), TextPosition(OrdinalNumber::fromOneBasedInt(startingLineNumber), OrdinalNumber::first())); JSValue evaluationException; - JSValue returnValue = evaluate(globalObject->globalExec(), globalObject->globalScopeChain(), source, jsThisObject, &evaluationException); + JSValue returnValue = evaluate(globalObject->globalExec(), source, jsThisObject, &evaluationException); if (evaluationException) { if (exception) @@ -70,10 +75,14 @@ JSValueRef JSEvaluateScript(JSContextRef ctx, JSStringRef script, JSObjectRef th bool JSCheckScriptSyntax(JSContextRef ctx, JSStringRef script, JSStringRef sourceURL, int startingLineNumber, JSValueRef* exception) { + if (!ctx) { + ASSERT_NOT_REACHED(); + return false; + } ExecState* exec = toJS(ctx); APIEntryShim entryShim(exec); - SourceCode source = makeSource(script->ustring(), sourceURL->ustring(), TextPosition(OrdinalNumber::fromOneBasedInt(startingLineNumber), OrdinalNumber::first())); + SourceCode source = makeSource(script->string(), sourceURL->string(), TextPosition(OrdinalNumber::fromOneBasedInt(startingLineNumber), OrdinalNumber::first())); JSValue syntaxException; bool isValidSyntax = checkSyntax(exec->dynamicGlobalObject()->globalExec(), source, &syntaxException); @@ -100,12 +109,28 @@ void JSGarbageCollect(JSContextRef ctx) ExecState* exec = toJS(ctx); APIEntryShim entryShim(exec, false); - exec->globalData().heap.reportAbandonedObjectGraph(); + exec->vm().heap.reportAbandonedObjectGraph(); } void JSReportExtraMemoryCost(JSContextRef ctx, size_t size) { + if (!ctx) { + ASSERT_NOT_REACHED(); + return; + } + ExecState* exec = toJS(ctx); + APIEntryShim entryShim(exec); + exec->vm().heap.reportExtraMemoryCost(size); +} + +extern "C" JS_EXPORT void JSSynchronousGarbageCollectForDebugging(JSContextRef); + +void JSSynchronousGarbageCollectForDebugging(JSContextRef ctx) +{ + if (!ctx) + return; + ExecState* exec = toJS(ctx); APIEntryShim entryShim(exec); - exec->globalData().heap.reportExtraMemoryCost(size); + exec->vm().heap.collectAllGarbage(); } diff --git a/JavaScriptCore/API/JSBase.h b/JavaScriptCore/API/JSBase.h old mode 100644 new mode 100755 index fed54fe2..50e8f1e6 --- a/JavaScriptCore/API/JSBase.h +++ b/JavaScriptCore/API/JSBase.h @@ -30,6 +30,10 @@ #include #endif +#ifdef __OBJC__ +#import +#endif + /* JavaScript engine interface */ /*! @typedef JSContextGroupRef A group that associates JavaScript contexts with one another. Contexts in the same group may share and exchange JavaScript objects. */ @@ -71,7 +75,7 @@ typedef struct OpaqueJSValue* JSObjectRef; #elif defined(__GNUC__) && !defined(__CC_ARM) && !defined(__ARMCC__) #define JS_EXPORT __attribute__((visibility("default"))) #elif defined(WIN32) || defined(_WIN32) || defined(_WIN32_WCE) || defined(__CC_ARM) || defined(__ARMCC__) -#if defined(BUILDING_JavaScriptCore) || defined(BUILDING_WTF) +#if defined(BUILDING_JavaScriptCore) || defined(STATICALLY_LINKED_WITH_JavaScriptCore) #define JS_EXPORT __declspec(dllexport) #else #define JS_EXPORT __declspec(dllimport) @@ -135,4 +139,9 @@ JS_EXPORT void JSGarbageCollect(JSContextRef ctx); } #endif +/* Enable the Objective-C API for platforms with a modern runtime. */ +#if !defined(JSC_OBJC_API_ENABLED) +#define JSC_OBJC_API_ENABLED (defined(__clang__) && defined(__APPLE__) && defined(__MAC_OS_X_VERSION_MIN_REQUIRED) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 1090 && !defined(__i386__)) +#endif + #endif /* JSBase_h */ diff --git a/JavaScriptCore/API/JSBasePrivate.h b/JavaScriptCore/API/JSBasePrivate.h old mode 100644 new mode 100755 diff --git a/JavaScriptCore/API/JSCTestRunnerUtils.cpp b/JavaScriptCore/API/JSCTestRunnerUtils.cpp new file mode 100755 index 00000000..9c067f23 --- /dev/null +++ b/JavaScriptCore/API/JSCTestRunnerUtils.cpp @@ -0,0 +1,82 @@ +/* + * Copyright (C) 2013 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY + * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "config.h" +#include "JSCTestRunnerUtils.h" + +#include "APICast.h" +#include "CodeBlock.h" +#include "Operations.h" + +namespace JSC { + +static FunctionExecutable* getExecutable(JSContextRef context, JSValueRef theFunctionValueRef) +{ + ExecState* exec = toJS(context); + JSValue theFunctionValue = toJS(exec, theFunctionValueRef); + + JSFunction* theFunction = jsDynamicCast(theFunctionValue); + if (!theFunction) + return 0; + + FunctionExecutable* executable = jsDynamicCast( + theFunction->executable()); + return executable; +} + +JSValueRef numberOfDFGCompiles(JSContextRef context, JSValueRef theFunctionValueRef) +{ + bool pretendToHaveManyCompiles = false; +#if ENABLE(DFG_JIT) + if (!Options::useJIT() || !Options::useDFGJIT()) + pretendToHaveManyCompiles = true; +#else + pretendToHaveManyCompiles = true; +#endif + + if (FunctionExecutable* executable = getExecutable(context, theFunctionValueRef)) { + CodeBlock* baselineCodeBlock = executable->baselineCodeBlockFor(CodeForCall); + + if (!baselineCodeBlock) + return JSValueMakeNumber(context, 0); + + if (pretendToHaveManyCompiles) + return JSValueMakeNumber(context, 1000000.0); + return JSValueMakeNumber(context, baselineCodeBlock->numberOfDFGCompiles()); + } + + return JSValueMakeUndefined(context); +} + +JSValueRef setNeverInline(JSContextRef context, JSValueRef theFunctionValueRef) +{ + if (FunctionExecutable* executable = getExecutable(context, theFunctionValueRef)) + executable->setNeverInline(true); + + return JSValueMakeUndefined(context); +} + +} // namespace JSC + diff --git a/JavaScriptCore/API/JSCTestRunnerUtils.h b/JavaScriptCore/API/JSCTestRunnerUtils.h new file mode 100755 index 00000000..aaecdd5c --- /dev/null +++ b/JavaScriptCore/API/JSCTestRunnerUtils.h @@ -0,0 +1,39 @@ +/* + * Copyright (C) 2013 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY + * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef JSCTestRunnerUtils_h +#define JSCTestRunnerUtils_h + +#include +#include + +namespace JSC { + +JS_EXPORT_PRIVATE JSValueRef numberOfDFGCompiles(JSContextRef, JSValueRef theFunction); +JS_EXPORT_PRIVATE JSValueRef setNeverInline(JSContextRef, JSValueRef theFunction); + +} // namespace JSC + +#endif // JSCTestRunnerUtils_h diff --git a/JavaScriptCore/API/JSCallbackConstructor.cpp b/JavaScriptCore/API/JSCallbackConstructor.cpp old mode 100644 new mode 100755 index c8b4c065..371d583a --- a/JavaScriptCore/API/JSCallbackConstructor.cpp +++ b/JavaScriptCore/API/JSCallbackConstructor.cpp @@ -28,18 +28,19 @@ #include "APIShims.h" #include "APICast.h" -#include -#include -#include -#include +#include "Error.h" +#include "JSGlobalObject.h" +#include "JSLock.h" +#include "ObjectPrototype.h" +#include "Operations.h" #include namespace JSC { -const ClassInfo JSCallbackConstructor::s_info = { "CallbackConstructor", &JSNonFinalObject::s_info, 0, 0, CREATE_METHOD_TABLE(JSCallbackConstructor) }; +const ClassInfo JSCallbackConstructor::s_info = { "CallbackConstructor", &Base::s_info, 0, 0, CREATE_METHOD_TABLE(JSCallbackConstructor) }; JSCallbackConstructor::JSCallbackConstructor(JSGlobalObject* globalObject, Structure* structure, JSClassRef jsClass, JSObjectCallAsConstructorCallback callback) - : JSNonFinalObject(globalObject->globalData(), structure) + : JSDestructibleObject(globalObject->vm(), structure) , m_class(jsClass) , m_callback(callback) { @@ -47,8 +48,8 @@ JSCallbackConstructor::JSCallbackConstructor(JSGlobalObject* globalObject, Struc void JSCallbackConstructor::finishCreation(JSGlobalObject* globalObject, JSClassRef jsClass) { - Base::finishCreation(globalObject->globalData()); - ASSERT(inherits(&s_info)); + Base::finishCreation(globalObject->vm()); + ASSERT(inherits(info())); if (m_class) JSClassRetain(jsClass); } @@ -61,7 +62,7 @@ JSCallbackConstructor::~JSCallbackConstructor() void JSCallbackConstructor::destroy(JSCell* cell) { - jsCast(cell)->JSCallbackConstructor::~JSCallbackConstructor(); + static_cast(cell)->JSCallbackConstructor::~JSCallbackConstructor(); } static EncodedJSValue JSC_HOST_CALL constructJSCallback(ExecState* exec) @@ -72,10 +73,11 @@ static EncodedJSValue JSC_HOST_CALL constructJSCallback(ExecState* exec) JSObjectCallAsConstructorCallback callback = jsCast(constructor)->callback(); if (callback) { - int argumentCount = static_cast(exec->argumentCount()); - Vector arguments(argumentCount); - for (int i = 0; i < argumentCount; i++) - arguments[i] = toRef(exec, exec->argument(i)); + size_t argumentCount = exec->argumentCount(); + Vector arguments; + arguments.reserveInitialCapacity(argumentCount); + for (size_t i = 0; i < argumentCount; ++i) + arguments.uncheckedAppend(toRef(exec, exec->argument(i))); JSValueRef exception = 0; JSObjectRef result; @@ -84,7 +86,7 @@ static EncodedJSValue JSC_HOST_CALL constructJSCallback(ExecState* exec) result = callback(ctx, constructorRef, argumentCount, arguments.data(), &exception); } if (exception) - throwError(exec, toJS(exec, exception)); + exec->vm().throwException(exec, toJS(exec, exception)); // result must be a valid JSValue. if (!result) return throwVMTypeError(exec); diff --git a/JavaScriptCore/API/JSCallbackConstructor.h b/JavaScriptCore/API/JSCallbackConstructor.h old mode 100644 new mode 100755 index 25fde132..13505228 --- a/JavaScriptCore/API/JSCallbackConstructor.h +++ b/JavaScriptCore/API/JSCallbackConstructor.h @@ -27,13 +27,13 @@ #define JSCallbackConstructor_h #include "JSObjectRef.h" -#include +#include "runtime/JSDestructibleObject.h" namespace JSC { -class JSCallbackConstructor : public JSNonFinalObject { +class JSCallbackConstructor : public JSDestructibleObject { public: - typedef JSNonFinalObject Base; + typedef JSDestructibleObject Base; static JSCallbackConstructor* create(ExecState* exec, JSGlobalObject* globalObject, Structure* structure, JSClassRef classRef, JSObjectCallAsConstructorCallback callback) { @@ -46,11 +46,11 @@ class JSCallbackConstructor : public JSNonFinalObject { static void destroy(JSCell*); JSClassRef classRef() const { return m_class; } JSObjectCallAsConstructorCallback callback() const { return m_callback; } - static const ClassInfo s_info; + DECLARE_INFO; - static Structure* createStructure(JSGlobalData& globalData, JSGlobalObject* globalObject, JSValue proto) + static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue proto) { - return Structure::create(globalData, globalObject, proto, TypeInfo(ObjectType, StructureFlags), &s_info); + return Structure::create(vm, globalObject, proto, TypeInfo(ObjectType, StructureFlags), info()); } protected: diff --git a/JavaScriptCore/API/JSCallbackFunction.cpp b/JavaScriptCore/API/JSCallbackFunction.cpp old mode 100644 new mode 100755 index d287ab77..a5ffe0a4 --- a/JavaScriptCore/API/JSCallbackFunction.cpp +++ b/JavaScriptCore/API/JSCallbackFunction.cpp @@ -26,65 +26,47 @@ #include "config.h" #include "JSCallbackFunction.h" -#include "APIShims.h" +#include "APICallbackFunction.h" #include "APICast.h" +#include "APIShims.h" #include "CodeBlock.h" +#include "Error.h" #include "ExceptionHelpers.h" -#include "JSFunction.h" #include "FunctionPrototype.h" -#include -#include +#include "JSFunction.h" +#include "JSGlobalObject.h" +#include "JSLock.h" +#include "Operations.h" #include namespace JSC { -ASSERT_CLASS_FITS_IN_CELL(JSCallbackFunction); ASSERT_HAS_TRIVIAL_DESTRUCTOR(JSCallbackFunction); const ClassInfo JSCallbackFunction::s_info = { "CallbackFunction", &InternalFunction::s_info, 0, 0, CREATE_METHOD_TABLE(JSCallbackFunction) }; -JSCallbackFunction::JSCallbackFunction(JSGlobalObject* globalObject, JSObjectCallAsFunctionCallback callback) - : InternalFunction(globalObject, globalObject->callbackFunctionStructure()) +JSCallbackFunction::JSCallbackFunction(JSGlobalObject* globalObject, Structure* structure, JSObjectCallAsFunctionCallback callback) + : InternalFunction(globalObject, structure) , m_callback(callback) { } -void JSCallbackFunction::finishCreation(JSGlobalData& globalData, const Identifier& name) +void JSCallbackFunction::finishCreation(VM& vm, const String& name) { - Base::finishCreation(globalData, name); - ASSERT(inherits(&s_info)); + Base::finishCreation(vm, name); + ASSERT(inherits(info())); } -EncodedJSValue JSCallbackFunction::call(ExecState* exec) +JSCallbackFunction* JSCallbackFunction::create(ExecState* exec, JSGlobalObject* globalObject, JSObjectCallAsFunctionCallback callback, const String& name) { - JSContextRef execRef = toRef(exec); - JSObjectRef functionRef = toRef(exec->callee()); - JSObjectRef thisObjRef = toRef(exec->hostThisValue().toThisObject(exec)); - - int argumentCount = static_cast(exec->argumentCount()); - Vector arguments(argumentCount); - for (int i = 0; i < argumentCount; i++) - arguments[i] = toRef(exec, exec->argument(i)); - - JSValueRef exception = 0; - JSValueRef result; - { - APICallbackShim callbackShim(exec); - result = jsCast(toJS(functionRef))->m_callback(execRef, functionRef, thisObjRef, argumentCount, arguments.data(), &exception); - } - if (exception) - throwError(exec, toJS(exec, exception)); - - // result must be a valid JSValue. - if (!result) - return JSValue::encode(jsUndefined()); - - return JSValue::encode(toJS(exec, result)); + JSCallbackFunction* function = new (NotNull, allocateCell(*exec->heap())) JSCallbackFunction(globalObject, globalObject->callbackFunctionStructure(), callback); + function->finishCreation(exec->vm(), name); + return function; } CallType JSCallbackFunction::getCallData(JSCell*, CallData& callData) { - callData.native.function = call; + callData.native.function = APICallbackFunction::call; return CallTypeHost; } diff --git a/JavaScriptCore/API/JSCallbackFunction.h b/JavaScriptCore/API/JSCallbackFunction.h old mode 100644 new mode 100755 index fec4136f..db49511b --- a/JavaScriptCore/API/JSCallbackFunction.h +++ b/JavaScriptCore/API/JSCallbackFunction.h @@ -32,33 +32,26 @@ namespace JSC { class JSCallbackFunction : public InternalFunction { -protected: - JSCallbackFunction(JSGlobalObject*, JSObjectCallAsFunctionCallback); - void finishCreation(JSGlobalData&, const Identifier& name); - + friend struct APICallbackFunction; public: typedef InternalFunction Base; - static JSCallbackFunction* create(ExecState* exec, JSGlobalObject* globalObject, JSObjectCallAsFunctionCallback callback, const Identifier& name) - { - JSCallbackFunction* function = new (NotNull, allocateCell(*exec->heap())) JSCallbackFunction(globalObject, callback); - function->finishCreation(exec->globalData(), name); - return function; - } + static JSCallbackFunction* create(ExecState*, JSGlobalObject*, JSObjectCallAsFunctionCallback, const String& name); - static const ClassInfo s_info; + DECLARE_INFO; // InternalFunction mish-mashes constructor and function behavior -- we should // refactor the code so this override isn't necessary - static Structure* createStructure(JSGlobalData& globalData, JSGlobalObject* globalObject, JSValue proto) + static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue proto) { - return Structure::create(globalData, globalObject, proto, TypeInfo(ObjectType, StructureFlags), &s_info); + return Structure::create(vm, globalObject, proto, TypeInfo(ObjectType, StructureFlags), info()); } private: - static CallType getCallData(JSCell*, CallData&); + JSCallbackFunction(JSGlobalObject*, Structure*, JSObjectCallAsFunctionCallback); + void finishCreation(VM&, const String& name); - static EncodedJSValue JSC_HOST_CALL call(ExecState*); + static CallType getCallData(JSCell*, CallData&); JSObjectCallAsFunctionCallback m_callback; }; diff --git a/JavaScriptCore/API/JSCallbackObject.cpp b/JavaScriptCore/API/JSCallbackObject.cpp old mode 100644 new mode 100755 index 68c26824..d0af925d --- a/JavaScriptCore/API/JSCallbackObject.cpp +++ b/JavaScriptCore/API/JSCallbackObject.cpp @@ -28,39 +28,43 @@ #include "JSCallbackObject.h" #include "Heap.h" +#include "Operations.h" #include namespace JSC { -ASSERT_CLASS_FITS_IN_CELL(JSCallbackObject); -ASSERT_CLASS_FITS_IN_CELL(JSCallbackObject); - // Define the two types of JSCallbackObjects we support. -template <> const ClassInfo JSCallbackObject::s_info = { "CallbackObject", &JSNonFinalObject::s_info, 0, 0, CREATE_METHOD_TABLE(JSCallbackObject) }; -template <> const ClassInfo JSCallbackObject::s_info = { "CallbackGlobalObject", &JSGlobalObject::s_info, 0, 0, CREATE_METHOD_TABLE(JSCallbackObject) }; +template <> const ClassInfo JSCallbackObject::s_info = { "CallbackObject", &Base::s_info, 0, 0, CREATE_METHOD_TABLE(JSCallbackObject) }; +template <> const ClassInfo JSCallbackObject::s_info = { "CallbackGlobalObject", &Base::s_info, 0, 0, CREATE_METHOD_TABLE(JSCallbackObject) }; + +template<> const bool JSCallbackObject::needsDestruction = true; +template<> const bool JSCallbackObject::needsDestruction = false; + +template<> +JSCallbackObject* JSCallbackObject::create(VM& vm, JSClassRef classRef, Structure* structure) +{ + JSCallbackObject* callbackObject = new (NotNull, allocateCell >(vm.heap)) JSCallbackObject(vm, classRef, structure); + callbackObject->finishCreation(vm); + vm.heap.addFinalizer(callbackObject, destroy); + return callbackObject; +} template <> -Structure* JSCallbackObject::createStructure(JSGlobalData& globalData, JSGlobalObject* globalObject, JSValue proto) +Structure* JSCallbackObject::createStructure(VM& vm, JSGlobalObject* globalObject, JSValue proto) { - return Structure::create(globalData, globalObject, proto, TypeInfo(ObjectType, StructureFlags), &s_info); + return Structure::create(vm, globalObject, proto, TypeInfo(ObjectType, StructureFlags), info()); } template <> -Structure* JSCallbackObject::createStructure(JSGlobalData& globalData, JSGlobalObject* globalObject, JSValue proto) +Structure* JSCallbackObject::createStructure(VM& vm, JSGlobalObject* globalObject, JSValue proto) { - return Structure::create(globalData, globalObject, proto, TypeInfo(GlobalObjectType, StructureFlags), &s_info); -} - -template -void JSCallbackObject::destroy(JSCell* cell) -{ - jsCast(cell)->JSCallbackObject::~JSCallbackObject(); + return Structure::create(vm, globalObject, proto, TypeInfo(GlobalObjectType, StructureFlags), info()); } void JSCallbackObjectData::finalize(Handle handle, void* context) { JSClassRef jsClass = static_cast(context); - JSObjectRef thisRef = toRef(asObject(handle.get())); + JSObjectRef thisRef = toRef(static_cast(handle.get().asCell())); for (; jsClass; jsClass = jsClass->parentClass) if (JSObjectFinalizeCallback finalize = jsClass->finalize) diff --git a/JavaScriptCore/API/JSCallbackObject.h b/JavaScriptCore/API/JSCallbackObject.h old mode 100644 new mode 100755 index 9aca0c7e..9d366855 --- a/JavaScriptCore/API/JSCallbackObject.h +++ b/JavaScriptCore/API/JSCallbackObject.h @@ -54,11 +54,11 @@ struct JSCallbackObjectData : WeakHandleOwner { return m_privateProperties->getPrivateProperty(propertyName); } - void setPrivateProperty(JSGlobalData& globalData, JSCell* owner, const Identifier& propertyName, JSValue value) + void setPrivateProperty(VM& vm, JSCell* owner, const Identifier& propertyName, JSValue value) { if (!m_privateProperties) m_privateProperties = adoptPtr(new JSPrivatePropertyMap); - m_privateProperties->setPrivateProperty(globalData, owner, propertyName, value); + m_privateProperties->setPrivateProperty(vm, owner, propertyName, value); } void deletePrivateProperty(const Identifier& propertyName) @@ -83,13 +83,13 @@ struct JSCallbackObjectData : WeakHandleOwner { PrivatePropertyMap::const_iterator location = m_propertyMap.find(propertyName.impl()); if (location == m_propertyMap.end()) return JSValue(); - return location->second.get(); + return location->value.get(); } - void setPrivateProperty(JSGlobalData& globalData, JSCell* owner, const Identifier& propertyName, JSValue value) + void setPrivateProperty(VM& vm, JSCell* owner, const Identifier& propertyName, JSValue value) { WriteBarrier empty; - m_propertyMap.add(propertyName.impl(), empty).iterator->second.set(globalData, owner, value); + m_propertyMap.add(propertyName.impl(), empty).iterator->value.set(vm, owner, value); } void deletePrivateProperty(const Identifier& propertyName) @@ -100,8 +100,8 @@ struct JSCallbackObjectData : WeakHandleOwner { void visitChildren(SlotVisitor& visitor) { for (PrivatePropertyMap::iterator ptr = m_propertyMap.begin(); ptr != m_propertyMap.end(); ++ptr) { - if (ptr->second) - visitor.append(&ptr->second); + if (ptr->value) + visitor.append(&ptr->value); } } @@ -118,10 +118,10 @@ template class JSCallbackObject : public Parent { protected: JSCallbackObject(ExecState*, Structure*, JSClassRef, void* data); - JSCallbackObject(JSGlobalData&, JSClassRef, Structure*); + JSCallbackObject(VM&, JSClassRef, Structure*); void finishCreation(ExecState*); - void finishCreation(JSGlobalData&); + void finishCreation(VM&); public: typedef Parent Base; @@ -133,31 +133,32 @@ class JSCallbackObject : public Parent { callbackObject->finishCreation(exec); return callbackObject; } - static JSCallbackObject* create(JSGlobalData& globalData, JSClassRef classRef, Structure* structure) + static JSCallbackObject* create(VM&, JSClassRef, Structure*); + + static const bool needsDestruction; + static void destroy(JSCell* cell) { - JSCallbackObject* callbackObject = new (NotNull, allocateCell(globalData.heap)) JSCallbackObject(globalData, classRef, structure); - callbackObject->finishCreation(globalData); - return callbackObject; + static_cast(cell)->JSCallbackObject::~JSCallbackObject(); } void setPrivate(void* data); void* getPrivate(); - static const ClassInfo s_info; + DECLARE_INFO; JSClassRef classRef() const { return m_callbackObjectData->jsClass; } bool inherits(JSClassRef) const; - static Structure* createStructure(JSGlobalData&, JSGlobalObject*, JSValue); + static Structure* createStructure(VM&, JSGlobalObject*, JSValue); JSValue getPrivateProperty(const Identifier& propertyName) const { return m_callbackObjectData->getPrivateProperty(propertyName); } - void setPrivateProperty(JSGlobalData& globalData, const Identifier& propertyName, JSValue value) + void setPrivateProperty(VM& vm, const Identifier& propertyName, JSValue value) { - m_callbackObjectData->setPrivateProperty(globalData, this, propertyName, value); + m_callbackObjectData->setPrivateProperty(vm, this, propertyName, value); } void deletePrivateProperty(const Identifier& propertyName) @@ -168,26 +169,25 @@ class JSCallbackObject : public Parent { using Parent::methodTable; protected: - static const unsigned StructureFlags = ProhibitsPropertyCaching | OverridesGetOwnPropertySlot | ImplementsHasInstance | OverridesHasInstance | OverridesVisitChildren | OverridesGetPropertyNames | Parent::StructureFlags; + static const unsigned StructureFlags = ProhibitsPropertyCaching | OverridesGetOwnPropertySlot | InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | ImplementsHasInstance | OverridesHasInstance | OverridesVisitChildren | OverridesGetPropertyNames | Parent::StructureFlags; private: - static UString className(const JSObject*); - - static void destroy(JSCell*); + static String className(const JSObject*); static JSValue defaultValue(const JSObject*, ExecState*, PreferredPrimitiveType); - static bool getOwnPropertySlot(JSCell*, ExecState*, const Identifier&, PropertySlot&); - static bool getOwnPropertyDescriptor(JSObject*, ExecState*, const Identifier&, PropertyDescriptor&); + static bool getOwnPropertySlot(JSObject*, ExecState*, PropertyName, PropertySlot&); + static bool getOwnPropertySlotByIndex(JSObject*, ExecState*, unsigned propertyName, PropertySlot&); - static void put(JSCell*, ExecState*, const Identifier&, JSValue, PutPropertySlot&); + static void put(JSCell*, ExecState*, PropertyName, JSValue, PutPropertySlot&); + static void putByIndex(JSCell*, ExecState*, unsigned, JSValue, bool shouldThrow); - static bool deleteProperty(JSCell*, ExecState*, const Identifier&); + static bool deleteProperty(JSCell*, ExecState*, PropertyName); static bool deletePropertyByIndex(JSCell*, ExecState*, unsigned); - static bool hasInstance(JSObject*, ExecState*, JSValue, JSValue proto); + static bool customHasInstance(JSObject*, ExecState*, JSValue); - static void getOwnPropertyNames(JSObject*, ExecState*, PropertyNameArray&, EnumerationMode); + static void getOwnNonIndexPropertyNames(JSObject*, ExecState*, PropertyNameArray&, EnumerationMode); static ConstructType getConstructData(JSCell*, ConstructData&); static CallType getCallData(JSCell*, CallData&); @@ -195,7 +195,7 @@ class JSCallbackObject : public Parent { static void visitChildren(JSCell* cell, SlotVisitor& visitor) { JSCallbackObject* thisObject = jsCast(cell); - ASSERT_GC_OBJECT_INHERITS((static_cast(thisObject)), &JSCallbackObject::s_info); + ASSERT_GC_OBJECT_INHERITS((static_cast(thisObject)), JSCallbackObject::info()); COMPILE_ASSERT(StructureFlags & OverridesVisitChildren, OverridesVisitChildrenWithoutSettingFlag); ASSERT(thisObject->Parent::structure()->typeInfo().overridesVisitChildren()); Parent::visitChildren(thisObject, visitor); @@ -209,9 +209,9 @@ class JSCallbackObject : public Parent { static EncodedJSValue JSC_HOST_CALL call(ExecState*); static EncodedJSValue JSC_HOST_CALL construct(ExecState*); - JSValue getStaticValue(ExecState*, const Identifier&); - static JSValue staticFunctionGetter(ExecState*, JSValue, const Identifier&); - static JSValue callbackGetter(ExecState*, JSValue, const Identifier&); + JSValue getStaticValue(ExecState*, PropertyName); + static JSValue staticFunctionGetter(ExecState*, JSValue, PropertyName); + static JSValue callbackGetter(ExecState*, JSValue, PropertyName); OwnPtr m_callbackObjectData; }; diff --git a/JavaScriptCore/API/JSCallbackObjectFunctions.h b/JavaScriptCore/API/JSCallbackObjectFunctions.h old mode 100644 new mode 100755 index b909dde7..d1a89fa0 --- a/JavaScriptCore/API/JSCallbackObjectFunctions.h +++ b/JavaScriptCore/API/JSCallbackObjectFunctions.h @@ -45,13 +45,13 @@ namespace JSC { template inline JSCallbackObject* JSCallbackObject::asCallbackObject(JSValue value) { - ASSERT(asObject(value)->inherits(&s_info)); + ASSERT(asObject(value)->inherits(info())); return jsCast(asObject(value)); } template JSCallbackObject::JSCallbackObject(ExecState* exec, Structure* structure, JSClassRef jsClass, void* data) - : Parent(exec->globalData(), structure) + : Parent(exec->vm(), structure) , m_callbackObjectData(adoptPtr(new JSCallbackObjectData(data, jsClass))) { } @@ -59,8 +59,8 @@ JSCallbackObject::JSCallbackObject(ExecState* exec, Structure* structure // Global object constructor. // FIXME: Move this into a separate JSGlobalCallbackObject class derived from this one. template -JSCallbackObject::JSCallbackObject(JSGlobalData& globalData, JSClassRef jsClass, Structure* structure) - : Parent(globalData, structure) +JSCallbackObject::JSCallbackObject(VM& vm, JSClassRef jsClass, Structure* structure) + : Parent(vm, structure) , m_callbackObjectData(adoptPtr(new JSCallbackObjectData(0, jsClass))) { } @@ -68,18 +68,18 @@ JSCallbackObject::JSCallbackObject(JSGlobalData& globalData, JSClassRef template void JSCallbackObject::finishCreation(ExecState* exec) { - Base::finishCreation(exec->globalData()); - ASSERT(Parent::inherits(&s_info)); + Base::finishCreation(exec->vm()); + ASSERT(Parent::inherits(info())); init(exec); } // This is just for Global object, so we can assume that Base::finishCreation is JSGlobalObject::finishCreation. template -void JSCallbackObject::finishCreation(JSGlobalData& globalData) +void JSCallbackObject::finishCreation(VM& vm) { - ASSERT(Parent::inherits(&s_info)); + ASSERT(Parent::inherits(info())); ASSERT(Parent::isGlobalObject()); - Base::finishCreation(globalData); + Base::finishCreation(vm); init(jsCast(this)->globalExec()); } @@ -111,10 +111,10 @@ void JSCallbackObject::init(ExecState* exec) } template -UString JSCallbackObject::className(const JSObject* object) +String JSCallbackObject::className(const JSObject* object) { const JSCallbackObject* thisObject = jsCast(object); - UString thisClassName = thisObject->classRef()->className(); + String thisClassName = thisObject->classRef()->className(); if (!thisClassName.isEmpty()) return thisClassName; @@ -122,64 +122,72 @@ UString JSCallbackObject::className(const JSObject* object) } template -bool JSCallbackObject::getOwnPropertySlot(JSCell* cell, ExecState* exec, const Identifier& propertyName, PropertySlot& slot) +bool JSCallbackObject::getOwnPropertySlot(JSObject* object, ExecState* exec, PropertyName propertyName, PropertySlot& slot) { - JSCallbackObject* thisObject = jsCast(cell); + JSCallbackObject* thisObject = jsCast(object); JSContextRef ctx = toRef(exec); JSObjectRef thisRef = toRef(thisObject); RefPtr propertyNameRef; - for (JSClassRef jsClass = thisObject->classRef(); jsClass; jsClass = jsClass->parentClass) { - // optional optimization to bypass getProperty in cases when we only need to know if the property exists - if (JSObjectHasPropertyCallback hasProperty = jsClass->hasProperty) { - if (!propertyNameRef) - propertyNameRef = OpaqueJSString::create(propertyName.ustring()); - APICallbackShim callbackShim(exec); - if (hasProperty(ctx, thisRef, propertyNameRef.get())) { - slot.setCustom(thisObject, callbackGetter); - return true; - } - } else if (JSObjectGetPropertyCallback getProperty = jsClass->getProperty) { - if (!propertyNameRef) - propertyNameRef = OpaqueJSString::create(propertyName.ustring()); - JSValueRef exception = 0; - JSValueRef value; - { + if (StringImpl* name = propertyName.publicName()) { + for (JSClassRef jsClass = thisObject->classRef(); jsClass; jsClass = jsClass->parentClass) { + // optional optimization to bypass getProperty in cases when we only need to know if the property exists + if (JSObjectHasPropertyCallback hasProperty = jsClass->hasProperty) { + if (!propertyNameRef) + propertyNameRef = OpaqueJSString::create(name); APICallbackShim callbackShim(exec); - value = getProperty(ctx, thisRef, propertyNameRef.get(), &exception); - } - if (exception) { - throwError(exec, toJS(exec, exception)); - slot.setValue(jsUndefined()); - return true; - } - if (value) { - slot.setValue(toJS(exec, value)); - return true; - } - } - - if (OpaqueJSClassStaticValuesTable* staticValues = jsClass->staticValues(exec)) { - if (staticValues->contains(propertyName.impl())) { - JSValue value = thisObject->getStaticValue(exec, propertyName); + if (hasProperty(ctx, thisRef, propertyNameRef.get())) { + slot.setCustom(thisObject, ReadOnly | DontEnum, callbackGetter); + return true; + } + } else if (JSObjectGetPropertyCallback getProperty = jsClass->getProperty) { + if (!propertyNameRef) + propertyNameRef = OpaqueJSString::create(name); + JSValueRef exception = 0; + JSValueRef value; + { + APICallbackShim callbackShim(exec); + value = getProperty(ctx, thisRef, propertyNameRef.get(), &exception); + } + if (exception) { + exec->vm().throwException(exec, toJS(exec, exception)); + slot.setValue(thisObject, ReadOnly | DontEnum, jsUndefined()); + return true; + } if (value) { - slot.setValue(value); + slot.setValue(thisObject, ReadOnly | DontEnum, toJS(exec, value)); return true; } } - } - - if (OpaqueJSClassStaticFunctionsTable* staticFunctions = jsClass->staticFunctions(exec)) { - if (staticFunctions->contains(propertyName.impl())) { - slot.setCustom(thisObject, staticFunctionGetter); - return true; + + if (OpaqueJSClassStaticValuesTable* staticValues = jsClass->staticValues(exec)) { + if (staticValues->contains(name)) { + JSValue value = thisObject->getStaticValue(exec, propertyName); + if (value) { + slot.setValue(thisObject, ReadOnly | DontEnum, value); + return true; + } + } + } + + if (OpaqueJSClassStaticFunctionsTable* staticFunctions = jsClass->staticFunctions(exec)) { + if (staticFunctions->contains(name)) { + slot.setCustom(thisObject, ReadOnly | DontEnum, staticFunctionGetter); + return true; + } } } } - + return Parent::getOwnPropertySlot(thisObject, exec, propertyName, slot); } +template +bool JSCallbackObject::getOwnPropertySlotByIndex(JSObject* object, ExecState* exec, unsigned propertyName, PropertySlot& slot) +{ + return object->methodTable()->getOwnPropertySlot(object, exec, Identifier::from(exec, propertyName), slot); +} + template JSValue JSCallbackObject::defaultValue(const JSObject* object, ExecState* exec, PreferredPrimitiveType hint) { @@ -193,7 +201,7 @@ JSValue JSCallbackObject::defaultValue(const JSObject* object, ExecState JSValueRef exception = 0; JSValueRef result = convertToType(ctx, thisRef, jsHint, &exception); if (exception) { - throwError(exec, toJS(exec, exception)); + exec->vm().throwException(exec, toJS(exec, exception)); return jsUndefined(); } if (result) @@ -205,38 +213,78 @@ JSValue JSCallbackObject::defaultValue(const JSObject* object, ExecState } template -bool JSCallbackObject::getOwnPropertyDescriptor(JSObject* object, ExecState* exec, const Identifier& propertyName, PropertyDescriptor& descriptor) +void JSCallbackObject::put(JSCell* cell, ExecState* exec, PropertyName propertyName, JSValue value, PutPropertySlot& slot) { - JSCallbackObject* thisObject = jsCast(object); - PropertySlot slot; - if (thisObject->methodTable()->getOwnPropertySlot(thisObject, exec, propertyName, slot)) { - // Ideally we should return an access descriptor, but returning a value descriptor is better than nothing. - JSValue value = slot.getValue(exec, propertyName); - if (!exec->hadException()) - descriptor.setValue(value); - // We don't know whether the property is configurable, but assume it is. - descriptor.setConfigurable(true); - // We don't know whether the property is enumerable (we could call getOwnPropertyNames() to find out), but assume it isn't. - descriptor.setEnumerable(false); - return true; + JSCallbackObject* thisObject = jsCast(cell); + JSContextRef ctx = toRef(exec); + JSObjectRef thisRef = toRef(thisObject); + RefPtr propertyNameRef; + JSValueRef valueRef = toRef(exec, value); + + if (StringImpl* name = propertyName.publicName()) { + for (JSClassRef jsClass = thisObject->classRef(); jsClass; jsClass = jsClass->parentClass) { + if (JSObjectSetPropertyCallback setProperty = jsClass->setProperty) { + if (!propertyNameRef) + propertyNameRef = OpaqueJSString::create(name); + JSValueRef exception = 0; + bool result; + { + APICallbackShim callbackShim(exec); + result = setProperty(ctx, thisRef, propertyNameRef.get(), valueRef, &exception); + } + if (exception) + exec->vm().throwException(exec, toJS(exec, exception)); + if (result || exception) + return; + } + + if (OpaqueJSClassStaticValuesTable* staticValues = jsClass->staticValues(exec)) { + if (StaticValueEntry* entry = staticValues->get(name)) { + if (entry->attributes & kJSPropertyAttributeReadOnly) + return; + if (JSObjectSetPropertyCallback setProperty = entry->setProperty) { + JSValueRef exception = 0; + bool result; + { + APICallbackShim callbackShim(exec); + result = setProperty(ctx, thisRef, entry->propertyNameRef.get(), valueRef, &exception); + } + if (exception) + exec->vm().throwException(exec, toJS(exec, exception)); + if (result || exception) + return; + } + } + } + + if (OpaqueJSClassStaticFunctionsTable* staticFunctions = jsClass->staticFunctions(exec)) { + if (StaticFunctionEntry* entry = staticFunctions->get(name)) { + if (entry->attributes & kJSPropertyAttributeReadOnly) + return; + thisObject->JSCallbackObject::putDirect(exec->vm(), propertyName, value); // put as override property + return; + } + } + } } - return Parent::getOwnPropertyDescriptor(thisObject, exec, propertyName, descriptor); + return Parent::put(thisObject, exec, propertyName, value, slot); } template -void JSCallbackObject::put(JSCell* cell, ExecState* exec, const Identifier& propertyName, JSValue value, PutPropertySlot& slot) +void JSCallbackObject::putByIndex(JSCell* cell, ExecState* exec, unsigned propertyIndex, JSValue value, bool shouldThrow) { JSCallbackObject* thisObject = jsCast(cell); JSContextRef ctx = toRef(exec); JSObjectRef thisRef = toRef(thisObject); RefPtr propertyNameRef; JSValueRef valueRef = toRef(exec, value); - + Identifier propertyName = Identifier(exec, String::number(propertyIndex)); + for (JSClassRef jsClass = thisObject->classRef(); jsClass; jsClass = jsClass->parentClass) { if (JSObjectSetPropertyCallback setProperty = jsClass->setProperty) { if (!propertyNameRef) - propertyNameRef = OpaqueJSString::create(propertyName.ustring()); + propertyNameRef = OpaqueJSString::create(propertyName.impl()); JSValueRef exception = 0; bool result; { @@ -244,86 +292,85 @@ void JSCallbackObject::put(JSCell* cell, ExecState* exec, const Identifi result = setProperty(ctx, thisRef, propertyNameRef.get(), valueRef, &exception); } if (exception) - throwError(exec, toJS(exec, exception)); + exec->vm().throwException(exec, toJS(exec, exception)); if (result || exception) return; } - + if (OpaqueJSClassStaticValuesTable* staticValues = jsClass->staticValues(exec)) { if (StaticValueEntry* entry = staticValues->get(propertyName.impl())) { if (entry->attributes & kJSPropertyAttributeReadOnly) return; if (JSObjectSetPropertyCallback setProperty = entry->setProperty) { - if (!propertyNameRef) - propertyNameRef = OpaqueJSString::create(propertyName.ustring()); JSValueRef exception = 0; bool result; { APICallbackShim callbackShim(exec); - result = setProperty(ctx, thisRef, propertyNameRef.get(), valueRef, &exception); + result = setProperty(ctx, thisRef, entry->propertyNameRef.get(), valueRef, &exception); } if (exception) - throwError(exec, toJS(exec, exception)); + exec->vm().throwException(exec, toJS(exec, exception)); if (result || exception) return; } } } - + if (OpaqueJSClassStaticFunctionsTable* staticFunctions = jsClass->staticFunctions(exec)) { if (StaticFunctionEntry* entry = staticFunctions->get(propertyName.impl())) { if (entry->attributes & kJSPropertyAttributeReadOnly) return; - thisObject->JSCallbackObject::putDirect(exec->globalData(), propertyName, value); // put as override property - return; + break; } } } - - return Parent::put(thisObject, exec, propertyName, value, slot); + + return Parent::putByIndex(thisObject, exec, propertyIndex, value, shouldThrow); } template -bool JSCallbackObject::deleteProperty(JSCell* cell, ExecState* exec, const Identifier& propertyName) +bool JSCallbackObject::deleteProperty(JSCell* cell, ExecState* exec, PropertyName propertyName) { JSCallbackObject* thisObject = jsCast(cell); JSContextRef ctx = toRef(exec); JSObjectRef thisRef = toRef(thisObject); RefPtr propertyNameRef; - for (JSClassRef jsClass = thisObject->classRef(); jsClass; jsClass = jsClass->parentClass) { - if (JSObjectDeletePropertyCallback deleteProperty = jsClass->deleteProperty) { - if (!propertyNameRef) - propertyNameRef = OpaqueJSString::create(propertyName.ustring()); - JSValueRef exception = 0; - bool result; - { - APICallbackShim callbackShim(exec); - result = deleteProperty(ctx, thisRef, propertyNameRef.get(), &exception); + if (StringImpl* name = propertyName.publicName()) { + for (JSClassRef jsClass = thisObject->classRef(); jsClass; jsClass = jsClass->parentClass) { + if (JSObjectDeletePropertyCallback deleteProperty = jsClass->deleteProperty) { + if (!propertyNameRef) + propertyNameRef = OpaqueJSString::create(name); + JSValueRef exception = 0; + bool result; + { + APICallbackShim callbackShim(exec); + result = deleteProperty(ctx, thisRef, propertyNameRef.get(), &exception); + } + if (exception) + exec->vm().throwException(exec, toJS(exec, exception)); + if (result || exception) + return true; } - if (exception) - throwError(exec, toJS(exec, exception)); - if (result || exception) - return true; - } - - if (OpaqueJSClassStaticValuesTable* staticValues = jsClass->staticValues(exec)) { - if (StaticValueEntry* entry = staticValues->get(propertyName.impl())) { - if (entry->attributes & kJSPropertyAttributeDontDelete) - return false; - return true; + + if (OpaqueJSClassStaticValuesTable* staticValues = jsClass->staticValues(exec)) { + if (StaticValueEntry* entry = staticValues->get(name)) { + if (entry->attributes & kJSPropertyAttributeDontDelete) + return false; + return true; + } } - } - - if (OpaqueJSClassStaticFunctionsTable* staticFunctions = jsClass->staticFunctions(exec)) { - if (StaticFunctionEntry* entry = staticFunctions->get(propertyName.impl())) { - if (entry->attributes & kJSPropertyAttributeDontDelete) - return false; - return true; + + if (OpaqueJSClassStaticFunctionsTable* staticFunctions = jsClass->staticFunctions(exec)) { + if (StaticFunctionEntry* entry = staticFunctions->get(name)) { + if (entry->attributes & kJSPropertyAttributeDontDelete) + return false; + return true; + } } } } - + return Parent::deleteProperty(thisObject, exec, propertyName); } @@ -356,10 +403,11 @@ EncodedJSValue JSCallbackObject::construct(ExecState* exec) for (JSClassRef jsClass = jsCast*>(constructor)->classRef(); jsClass; jsClass = jsClass->parentClass) { if (JSObjectCallAsConstructorCallback callAsConstructor = jsClass->callAsConstructor) { - int argumentCount = static_cast(exec->argumentCount()); - Vector arguments(argumentCount); - for (int i = 0; i < argumentCount; i++) - arguments[i] = toRef(exec, exec->argument(i)); + size_t argumentCount = exec->argumentCount(); + Vector arguments; + arguments.reserveInitialCapacity(argumentCount); + for (size_t i = 0; i < argumentCount; ++i) + arguments.uncheckedAppend(toRef(exec, exec->argument(i))); JSValueRef exception = 0; JSObject* result; { @@ -367,17 +415,17 @@ EncodedJSValue JSCallbackObject::construct(ExecState* exec) result = toJS(callAsConstructor(execRef, constructorRef, argumentCount, arguments.data(), &exception)); } if (exception) - throwError(exec, toJS(exec, exception)); + exec->vm().throwException(exec, toJS(exec, exception)); return JSValue::encode(result); } } - ASSERT_NOT_REACHED(); // getConstructData should prevent us from reaching here + RELEASE_ASSERT_NOT_REACHED(); // getConstructData should prevent us from reaching here return JSValue::encode(JSValue()); } template -bool JSCallbackObject::hasInstance(JSObject* object, ExecState* exec, JSValue value, JSValue) +bool JSCallbackObject::customHasInstance(JSObject* object, ExecState* exec, JSValue value) { JSCallbackObject* thisObject = jsCast(object); JSContextRef execRef = toRef(exec); @@ -393,7 +441,7 @@ bool JSCallbackObject::hasInstance(JSObject* object, ExecState* exec, JS result = hasInstance(execRef, thisRef, valueRef, &exception); } if (exception) - throwError(exec, toJS(exec, exception)); + exec->vm().throwException(exec, toJS(exec, exception)); return result; } } @@ -418,14 +466,15 @@ EncodedJSValue JSCallbackObject::call(ExecState* exec) { JSContextRef execRef = toRef(exec); JSObjectRef functionRef = toRef(exec->callee()); - JSObjectRef thisObjRef = toRef(exec->hostThisValue().toThisObject(exec)); + JSObjectRef thisObjRef = toRef(jsCast(exec->hostThisValue().toThis(exec, NotStrictMode))); for (JSClassRef jsClass = jsCast*>(toJS(functionRef))->classRef(); jsClass; jsClass = jsClass->parentClass) { if (JSObjectCallAsFunctionCallback callAsFunction = jsClass->callAsFunction) { - int argumentCount = static_cast(exec->argumentCount()); - Vector arguments(argumentCount); - for (int i = 0; i < argumentCount; i++) - arguments[i] = toRef(exec, exec->argument(i)); + size_t argumentCount = exec->argumentCount(); + Vector arguments; + arguments.reserveInitialCapacity(argumentCount); + for (size_t i = 0; i < argumentCount; ++i) + arguments.uncheckedAppend(toRef(exec, exec->argument(i))); JSValueRef exception = 0; JSValue result; { @@ -433,17 +482,17 @@ EncodedJSValue JSCallbackObject::call(ExecState* exec) result = toJS(exec, callAsFunction(execRef, functionRef, thisObjRef, argumentCount, arguments.data(), &exception)); } if (exception) - throwError(exec, toJS(exec, exception)); + exec->vm().throwException(exec, toJS(exec, exception)); return JSValue::encode(result); } } - ASSERT_NOT_REACHED(); // getCallData should prevent us from reaching here + RELEASE_ASSERT_NOT_REACHED(); // getCallData should prevent us from reaching here return JSValue::encode(JSValue()); } template -void JSCallbackObject::getOwnPropertyNames(JSObject* object, ExecState* exec, PropertyNameArray& propertyNames, EnumerationMode mode) +void JSCallbackObject::getOwnNonIndexPropertyNames(JSObject* object, ExecState* exec, PropertyNameArray& propertyNames, EnumerationMode mode) { JSCallbackObject* thisObject = jsCast(object); JSContextRef execRef = toRef(exec); @@ -459,8 +508,8 @@ void JSCallbackObject::getOwnPropertyNames(JSObject* object, ExecState* typedef OpaqueJSClassStaticValuesTable::const_iterator iterator; iterator end = staticValues->end(); for (iterator it = staticValues->begin(); it != end; ++it) { - StringImpl* name = it->first.get(); - StaticValueEntry* entry = it->second.get(); + StringImpl* name = it->key.get(); + StaticValueEntry* entry = it->value.get(); if (entry->getProperty && (!(entry->attributes & kJSPropertyAttributeDontEnum) || (mode == IncludeDontEnumProperties))) propertyNames.add(Identifier(exec, name)); } @@ -470,15 +519,15 @@ void JSCallbackObject::getOwnPropertyNames(JSObject* object, ExecState* typedef OpaqueJSClassStaticFunctionsTable::const_iterator iterator; iterator end = staticFunctions->end(); for (iterator it = staticFunctions->begin(); it != end; ++it) { - StringImpl* name = it->first.get(); - StaticFunctionEntry* entry = it->second.get(); + StringImpl* name = it->key.get(); + StaticFunctionEntry* entry = it->value.get(); if (!(entry->attributes & kJSPropertyAttributeDontEnum) || (mode == IncludeDontEnumProperties)) propertyNames.add(Identifier(exec, name)); } } } - Parent::getOwnPropertyNames(thisObject, exec, propertyNames, mode); + Parent::getOwnNonIndexPropertyNames(thisObject, exec, propertyNames, mode); } template @@ -496,44 +545,46 @@ void* JSCallbackObject::getPrivate() template bool JSCallbackObject::inherits(JSClassRef c) const { - for (JSClassRef jsClass = classRef(); jsClass; jsClass = jsClass->parentClass) + for (JSClassRef jsClass = classRef(); jsClass; jsClass = jsClass->parentClass) { if (jsClass == c) return true; - + } return false; } template -JSValue JSCallbackObject::getStaticValue(ExecState* exec, const Identifier& propertyName) +JSValue JSCallbackObject::getStaticValue(ExecState* exec, PropertyName propertyName) { JSObjectRef thisRef = toRef(this); - RefPtr propertyNameRef; - for (JSClassRef jsClass = classRef(); jsClass; jsClass = jsClass->parentClass) - if (OpaqueJSClassStaticValuesTable* staticValues = jsClass->staticValues(exec)) - if (StaticValueEntry* entry = staticValues->get(propertyName.impl())) - if (JSObjectGetPropertyCallback getProperty = entry->getProperty) { - if (!propertyNameRef) - propertyNameRef = OpaqueJSString::create(propertyName.ustring()); - JSValueRef exception = 0; - JSValueRef value; - { - APICallbackShim callbackShim(exec); - value = getProperty(toRef(exec), thisRef, propertyNameRef.get(), &exception); - } - if (exception) { - throwError(exec, toJS(exec, exception)); - return jsUndefined(); + if (StringImpl* name = propertyName.publicName()) { + for (JSClassRef jsClass = classRef(); jsClass; jsClass = jsClass->parentClass) { + if (OpaqueJSClassStaticValuesTable* staticValues = jsClass->staticValues(exec)) { + if (StaticValueEntry* entry = staticValues->get(name)) { + if (JSObjectGetPropertyCallback getProperty = entry->getProperty) { + JSValueRef exception = 0; + JSValueRef value; + { + APICallbackShim callbackShim(exec); + value = getProperty(toRef(exec), thisRef, entry->propertyNameRef.get(), &exception); + } + if (exception) { + exec->vm().throwException(exec, toJS(exec, exception)); + return jsUndefined(); + } + if (value) + return toJS(exec, value); } - if (value) - return toJS(exec, value); } + } + } + } return JSValue(); } template -JSValue JSCallbackObject::staticFunctionGetter(ExecState* exec, JSValue slotParent, const Identifier& propertyName) +JSValue JSCallbackObject::staticFunctionGetter(ExecState* exec, JSValue slotParent, PropertyName propertyName) { JSCallbackObject* thisObj = asCallbackObject(slotParent); @@ -542,49 +593,54 @@ JSValue JSCallbackObject::staticFunctionGetter(ExecState* exec, JSValue if (Parent::getOwnPropertySlot(thisObj, exec, propertyName, slot2)) return slot2.getValue(exec, propertyName); - for (JSClassRef jsClass = thisObj->classRef(); jsClass; jsClass = jsClass->parentClass) { - if (OpaqueJSClassStaticFunctionsTable* staticFunctions = jsClass->staticFunctions(exec)) { - if (StaticFunctionEntry* entry = staticFunctions->get(propertyName.impl())) { - if (JSObjectCallAsFunctionCallback callAsFunction = entry->callAsFunction) { - - JSObject* o = JSCallbackFunction::create(exec, thisObj->globalObject(), callAsFunction, propertyName); - thisObj->putDirect(exec->globalData(), propertyName, o, entry->attributes); - return o; + if (StringImpl* name = propertyName.publicName()) { + for (JSClassRef jsClass = thisObj->classRef(); jsClass; jsClass = jsClass->parentClass) { + if (OpaqueJSClassStaticFunctionsTable* staticFunctions = jsClass->staticFunctions(exec)) { + if (StaticFunctionEntry* entry = staticFunctions->get(name)) { + if (JSObjectCallAsFunctionCallback callAsFunction = entry->callAsFunction) { + + JSObject* o = JSCallbackFunction::create(exec, thisObj->globalObject(), callAsFunction, name); + thisObj->putDirect(exec->vm(), propertyName, o, entry->attributes); + return o; + } } } } } - - return throwError(exec, createReferenceError(exec, "Static function property defined with NULL callAsFunction callback.")); + + return exec->vm().throwException(exec, createReferenceError(exec, ASCIILiteral("Static function property defined with NULL callAsFunction callback."))); } template -JSValue JSCallbackObject::callbackGetter(ExecState* exec, JSValue slotParent, const Identifier& propertyName) +JSValue JSCallbackObject::callbackGetter(ExecState* exec, JSValue slotParent, PropertyName propertyName) { JSCallbackObject* thisObj = asCallbackObject(slotParent); JSObjectRef thisRef = toRef(thisObj); RefPtr propertyNameRef; - for (JSClassRef jsClass = thisObj->classRef(); jsClass; jsClass = jsClass->parentClass) - if (JSObjectGetPropertyCallback getProperty = jsClass->getProperty) { - if (!propertyNameRef) - propertyNameRef = OpaqueJSString::create(propertyName.ustring()); - JSValueRef exception = 0; - JSValueRef value; - { - APICallbackShim callbackShim(exec); - value = getProperty(toRef(exec), thisRef, propertyNameRef.get(), &exception); - } - if (exception) { - throwError(exec, toJS(exec, exception)); - return jsUndefined(); + if (StringImpl* name = propertyName.publicName()) { + for (JSClassRef jsClass = thisObj->classRef(); jsClass; jsClass = jsClass->parentClass) { + if (JSObjectGetPropertyCallback getProperty = jsClass->getProperty) { + if (!propertyNameRef) + propertyNameRef = OpaqueJSString::create(name); + JSValueRef exception = 0; + JSValueRef value; + { + APICallbackShim callbackShim(exec); + value = getProperty(toRef(exec), thisRef, propertyNameRef.get(), &exception); + } + if (exception) { + exec->vm().throwException(exec, toJS(exec, exception)); + return jsUndefined(); + } + if (value) + return toJS(exec, value); } - if (value) - return toJS(exec, value); } - - return throwError(exec, createReferenceError(exec, "hasProperty callback returned true for a property that doesn't exist.")); + } + + return exec->vm().throwException(exec, createReferenceError(exec, ASCIILiteral("hasProperty callback returned true for a property that doesn't exist."))); } } // namespace JSC diff --git a/JavaScriptCore/API/JSClassRef.cpp b/JavaScriptCore/API/JSClassRef.cpp old mode 100644 new mode 100755 index 08fa5c5e..76d0c5a6 --- a/JavaScriptCore/API/JSClassRef.cpp +++ b/JavaScriptCore/API/JSClassRef.cpp @@ -27,12 +27,13 @@ #include "JSClassRef.h" #include "APICast.h" +#include "Identifier.h" +#include "InitializeThreading.h" #include "JSCallbackObject.h" +#include "JSGlobalObject.h" #include "JSObjectRef.h" -#include -#include -#include -#include +#include "ObjectPrototype.h" +#include "Operations.h" #include #include @@ -42,20 +43,6 @@ using namespace WTF::Unicode; const JSClassDefinition kJSClassDefinitionEmpty = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; -static inline UString tryCreateStringFromUTF8(const char* string) -{ - if (!string) - return UString(); - - size_t length = strlen(string); - Vector buffer(length); - UChar* p = buffer.data(); - if (conversionOK != convertUTF8ToUTF16(&string, string + length, &p, p + length)) - return UString(); - - return UString(buffer.data(), p - buffer.data()); -} - OpaqueJSClass::OpaqueJSClass(const JSClassDefinition* definition, OpaqueJSClass* protoClass) : parentClass(definition->parentClass) , prototypeClass(0) @@ -70,16 +57,16 @@ OpaqueJSClass::OpaqueJSClass(const JSClassDefinition* definition, OpaqueJSClass* , callAsConstructor(definition->callAsConstructor) , hasInstance(definition->hasInstance) , convertToType(definition->convertToType) - , m_className(tryCreateStringFromUTF8(definition->className)) + , m_className(String::fromUTF8(definition->className)) { initializeThreading(); if (const JSStaticValue* staticValue = definition->staticValues) { m_staticValues = adoptPtr(new OpaqueJSClassStaticValuesTable); while (staticValue->name) { - UString valueName = tryCreateStringFromUTF8(staticValue->name); + String valueName = String::fromUTF8(staticValue->name); if (!valueName.isNull()) - m_staticValues->set(valueName.impl(), adoptPtr(new StaticValueEntry(staticValue->getProperty, staticValue->setProperty, staticValue->attributes))); + m_staticValues->set(valueName.impl(), adoptPtr(new StaticValueEntry(staticValue->getProperty, staticValue->setProperty, staticValue->attributes, valueName))); ++staticValue; } } @@ -87,7 +74,7 @@ OpaqueJSClass::OpaqueJSClass(const JSClassDefinition* definition, OpaqueJSClass* if (const JSStaticFunction* staticFunction = definition->staticFunctions) { m_staticFunctions = adoptPtr(new OpaqueJSClassStaticFunctionsTable); while (staticFunction->name) { - UString functionName = tryCreateStringFromUTF8(staticFunction->name); + String functionName = String::fromUTF8(staticFunction->name); if (!functionName.isNull()) m_staticFunctions->set(functionName.impl(), adoptPtr(new StaticFunctionEntry(staticFunction->callAsFunction, staticFunction->attributes))); ++staticFunction; @@ -107,13 +94,13 @@ OpaqueJSClass::~OpaqueJSClass() if (m_staticValues) { OpaqueJSClassStaticValuesTable::const_iterator end = m_staticValues->end(); for (OpaqueJSClassStaticValuesTable::const_iterator it = m_staticValues->begin(); it != end; ++it) - ASSERT(!it->first->isIdentifier()); + ASSERT(!it->key->isIdentifier()); } if (m_staticFunctions) { OpaqueJSClassStaticFunctionsTable::const_iterator end = m_staticFunctions->end(); for (OpaqueJSClassStaticFunctionsTable::const_iterator it = m_staticFunctions->begin(); it != end; ++it) - ASSERT(!it->first->isIdentifier()); + ASSERT(!it->key->isIdentifier()); } #endif @@ -140,15 +127,16 @@ PassRefPtr OpaqueJSClass::create(const JSClassDefinition* clientD return adoptRef(new OpaqueJSClass(&definition, protoClass.get())); } -OpaqueJSClassContextData::OpaqueJSClassContextData(JSC::JSGlobalData&, OpaqueJSClass* jsClass) +OpaqueJSClassContextData::OpaqueJSClassContextData(JSC::VM&, OpaqueJSClass* jsClass) : m_class(jsClass) { if (jsClass->m_staticValues) { staticValues = adoptPtr(new OpaqueJSClassStaticValuesTable); OpaqueJSClassStaticValuesTable::const_iterator end = jsClass->m_staticValues->end(); for (OpaqueJSClassStaticValuesTable::const_iterator it = jsClass->m_staticValues->begin(); it != end; ++it) { - ASSERT(!it->first->isIdentifier()); - staticValues->add(StringImpl::create(it->first->characters(), it->first->length()), adoptPtr(new StaticValueEntry(it->second->getProperty, it->second->setProperty, it->second->attributes))); + ASSERT(!it->key->isIdentifier()); + String valueName = it->key->isolatedCopy(); + staticValues->add(valueName.impl(), adoptPtr(new StaticValueEntry(it->value->getProperty, it->value->setProperty, it->value->attributes, valueName))); } } @@ -156,24 +144,24 @@ OpaqueJSClassContextData::OpaqueJSClassContextData(JSC::JSGlobalData&, OpaqueJSC staticFunctions = adoptPtr(new OpaqueJSClassStaticFunctionsTable); OpaqueJSClassStaticFunctionsTable::const_iterator end = jsClass->m_staticFunctions->end(); for (OpaqueJSClassStaticFunctionsTable::const_iterator it = jsClass->m_staticFunctions->begin(); it != end; ++it) { - ASSERT(!it->first->isIdentifier()); - staticFunctions->add(StringImpl::create(it->first->characters(), it->first->length()), adoptPtr(new StaticFunctionEntry(it->second->callAsFunction, it->second->attributes))); + ASSERT(!it->key->isIdentifier()); + staticFunctions->add(it->key->isolatedCopy(), adoptPtr(new StaticFunctionEntry(it->value->callAsFunction, it->value->attributes))); } } } OpaqueJSClassContextData& OpaqueJSClass::contextData(ExecState* exec) { - OwnPtr& contextData = exec->globalData().opaqueJSClassData.add(this, nullptr).iterator->second; + OwnPtr& contextData = exec->lexicalGlobalObject()->opaqueJSClassData().add(this, nullptr).iterator->value; if (!contextData) - contextData = adoptPtr(new OpaqueJSClassContextData(exec->globalData(), this)); + contextData = adoptPtr(new OpaqueJSClassContextData(exec->vm(), this)); return *contextData; } -UString OpaqueJSClass::className() +String OpaqueJSClass::className() { // Make a deep copy, so that the caller has no chance to put the original into IdentifierTable. - return UString(m_className.characters(), m_className.length()); + return m_className.isolatedCopy(); } OpaqueJSClassStaticValuesTable* OpaqueJSClass::staticValues(JSC::ExecState* exec) @@ -209,13 +197,16 @@ JSObject* OpaqueJSClass::prototype(ExecState* exec) OpaqueJSClassContextData& jsClassData = contextData(exec); - if (!jsClassData.cachedPrototype) { - // Recursive, but should be good enough for our purposes - jsClassData.cachedPrototype = PassWeak(JSCallbackObject::create(exec, exec->lexicalGlobalObject(), exec->lexicalGlobalObject()->callbackObjectStructure(), prototypeClass, &jsClassData), 0); // set jsClassData as the object's private data, so it can clear our reference on destruction - if (parentClass) { - if (JSObject* prototype = parentClass->prototype(exec)) - jsClassData.cachedPrototype->setPrototype(exec->globalData(), prototype); - } + if (JSObject* prototype = jsClassData.cachedPrototype.get()) + return prototype; + + // Recursive, but should be good enough for our purposes + JSObject* prototype = JSCallbackObject::create(exec, exec->lexicalGlobalObject(), exec->lexicalGlobalObject()->callbackObjectStructure(), prototypeClass, &jsClassData); // set jsClassData as the object's private data, so it can clear our reference on destruction + if (parentClass) { + if (JSObject* parentPrototype = parentClass->prototype(exec)) + prototype->setPrototype(exec->vm(), parentPrototype); } - return jsClassData.cachedPrototype.get(); + + jsClassData.cachedPrototype = PassWeak(prototype); + return prototype; } diff --git a/JavaScriptCore/API/JSClassRef.h b/JavaScriptCore/API/JSClassRef.h old mode 100644 new mode 100755 index 82c7ab3f..d1cddfef --- a/JavaScriptCore/API/JSClassRef.h +++ b/JavaScriptCore/API/JSClassRef.h @@ -26,25 +26,25 @@ #ifndef JSClassRef_h #define JSClassRef_h -#include "JSObjectRef.h" - -#include "Weak.h" -#include "JSObject.h" +#include "OpaqueJSString.h" #include "Protect.h" -#include "UString.h" +#include "Weak.h" +#include #include +#include struct StaticValueEntry { WTF_MAKE_FAST_ALLOCATED; public: - StaticValueEntry(JSObjectGetPropertyCallback _getProperty, JSObjectSetPropertyCallback _setProperty, JSPropertyAttributes _attributes) - : getProperty(_getProperty), setProperty(_setProperty), attributes(_attributes) + StaticValueEntry(JSObjectGetPropertyCallback _getProperty, JSObjectSetPropertyCallback _setProperty, JSPropertyAttributes _attributes, String& propertyName) + : getProperty(_getProperty), setProperty(_setProperty), attributes(_attributes), propertyNameRef(OpaqueJSString::create(propertyName)) { } JSObjectGetPropertyCallback getProperty; JSObjectSetPropertyCallback setProperty; JSPropertyAttributes attributes; + RefPtr propertyNameRef; }; struct StaticFunctionEntry { @@ -69,14 +69,14 @@ struct OpaqueJSClass; struct OpaqueJSClassContextData { WTF_MAKE_NONCOPYABLE(OpaqueJSClassContextData); WTF_MAKE_FAST_ALLOCATED; public: - OpaqueJSClassContextData(JSC::JSGlobalData&, OpaqueJSClass*); + OpaqueJSClassContextData(JSC::VM&, OpaqueJSClass*); // It is necessary to keep OpaqueJSClass alive because of the following rare scenario: - // 1. A class is created and used, so its context data is stored in JSGlobalData hash map. + // 1. A class is created and used, so its context data is stored in VM hash map. // 2. The class is released, and when all JS objects that use it are collected, OpaqueJSClass // is deleted (that's the part prevented by this RefPtr). // 3. Another class is created at the same address. - // 4. When it is used, the old context data is found in JSGlobalData and used. + // 4. When it is used, the old context data is found in VM and used. RefPtr m_class; OwnPtr staticValues; @@ -87,9 +87,9 @@ struct OpaqueJSClassContextData { struct OpaqueJSClass : public ThreadSafeRefCounted { static PassRefPtr create(const JSClassDefinition*); static PassRefPtr createNoAutomaticPrototype(const JSClassDefinition*); - ~OpaqueJSClass(); + JS_EXPORT_PRIVATE ~OpaqueJSClass(); - JSC::UString className(); + String className(); OpaqueJSClassStaticValuesTable* staticValues(JSC::ExecState*); OpaqueJSClassStaticFunctionsTable* staticFunctions(JSC::ExecState*); JSC::JSObject* prototype(JSC::ExecState*); @@ -118,8 +118,8 @@ struct OpaqueJSClass : public ThreadSafeRefCounted { OpaqueJSClassContextData& contextData(JSC::ExecState*); - // UStrings in these data members should not be put into any IdentifierTable. - JSC::UString m_className; + // Strings in these data members should not be put into any IdentifierTable. + String m_className; OwnPtr m_staticValues; OwnPtr m_staticFunctions; }; diff --git a/JavaScriptCore/API/JSContext.h b/JavaScriptCore/API/JSContext.h new file mode 100755 index 00000000..0a712f3c --- /dev/null +++ b/JavaScriptCore/API/JSContext.h @@ -0,0 +1,129 @@ +/* + * Copyright (C) 2013 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY + * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef JSContext_h +#define JSContext_h + +#include + +#if JSC_OBJC_API_ENABLED + +@class JSVirtualMachine, JSValue; + +// An instance of JSContext represents a JavaScript execution environment. All +// JavaScript execution takes place within a context. +// JSContext is also used to manage the life-cycle of objects within the +// JavaScript virtual machine. Every instance of JSValue is associated with a +// JSContext via a strong reference. The JSValue will keep the JSContext it +// references alive so long as the JSValue remains alive. When all of the JSValues +// that reference a particular JSContext have been deallocated the JSContext +// will be deallocated unless it has been previously retained. + +//NS_CLASS_AVAILABLE(10_9, NA) +@interface JSContext : NSObject + +// Create a JSContext. +- (id)init; +// Create a JSContext in the specified virtual machine. +- (id)initWithVirtualMachine:(JSVirtualMachine *)virtualMachine; + +// Evaluate a string of JavaScript code. +- (JSValue *)evaluateScript:(NSString *)script; + +// This method retrieves the global object of the JavaScript execution context. +// Instances of JSContext originating from WebKit will return a reference to the +// WindowProxy object. +- (JSValue *)globalObject; + +// This method may be called from within an Objective-C block or method invoked +// as a callback from JavaScript to retrieve the callback's context. Outside of +// a callback from JavaScript this method will return nil. ++ (JSContext *)currentContext; +// This method may be called from within an Objective-C block or method invoked +// as a callback from JavaScript to retrieve the callback's this value. Outside +// of a callback from JavaScript this method will return nil. ++ (JSValue *)currentThis; +// This method may be called from within an Objective-C block or method invoked +// as a callback from JavaScript to retrieve the callback's arguments, objects +// in the returned array are instances of JSValue. Outside of a callback from +// JavaScript this method will return nil. ++ (NSArray *)currentArguments; + +// The "exception" property may be used to throw an exception to JavaScript. +// Before a callback is made from JavaScript to an Objective-C block or method, +// the prior value of the exception property will be preserved and the property +// will be set to nil. After the callback has completed the new value of the +// exception property will be read, and prior value restored. If the new value +// of exception is not nil, the callback will result in that value being thrown. +// This property may also be used to check for uncaught exceptions arising from +// API function calls (since the default behaviour of "exceptionHandler" is to +// assign an uncaught exception to this property). +// If a JSValue originating from a different JSVirtualMachine than this context +// is assigned to this property, an Objective-C exception will be raised. +@property(retain) JSValue *exception; + +// If a call to an API function results in an uncaught JavaScript exception, the +// "exceptionHandler" block will be invoked. The default implementation for the +// exception handler will store the exception to the exception property on +// context. As a consequence the default behaviour is for unhandled exceptions +// occurring within a callback from JavaScript to be rethrown upon return. +// Setting this value to nil will result in all uncaught exceptions thrown from +// the API being silently consumed. +@property(copy) void(^exceptionHandler)(JSContext *context, JSValue *exception); + +// All instances of JSContext are associated with a single JSVirtualMachine. The +// virtual machine provides an "object space" or set of execution resources. +@property(readonly, retain) JSVirtualMachine *virtualMachine; + +@end + +// Instances of JSContext implement the following methods in order to enable +// support for subscript access by key and index, for example: +// +// JSContext *context; +// JSValue *v = context[@"X"]; // Get value for "X" from the global object. +// context[@"Y"] = v; // Assign 'v' to "Y" on the global object. +// +// An object key passed as a subscript will be converted to a JavaScript value, +// and then the value converted to a string used to resolve a property of the +// global object. +@interface JSContext(SubscriptSupport) + +- (JSValue *)objectForKeyedSubscript:(id)key; +- (void)setObject:(id)object forKeyedSubscript:(NSObject *)key; + +@end + +// These functions are for bridging between the C API and the Objective-C API. +@interface JSContext(JSContextRefSupport) +// Creates a JSContext, wrapping its C API counterpart. ++ (JSContext *)contextWithJSGlobalContextRef:(JSGlobalContextRef)jsGlobalContextRef; +// Returns the C API counterpart wrapped by a JSContext. +- (JSGlobalContextRef)JSGlobalContextRef; +@end + +#endif + +#endif // JSContext_h diff --git a/JavaScriptCore/API/JSContext.mm b/JavaScriptCore/API/JSContext.mm new file mode 100755 index 00000000..58754b38 --- /dev/null +++ b/JavaScriptCore/API/JSContext.mm @@ -0,0 +1,289 @@ +/* + * Copyright (C) 2013 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY + * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "config.h" + +#import "APICast.h" +#import "APIShims.h" +#import "JSContextInternal.h" +#import "JSGlobalObject.h" +#import "JSValueInternal.h" +#import "JSVirtualMachineInternal.h" +#import "JSWrapperMap.h" +#import "JavaScriptCore.h" +#import "ObjcRuntimeExtras.h" +#import "Operations.h" +#import "StrongInlines.h" +#import + +#if JSC_OBJC_API_ENABLED + +@implementation JSContext { + JSVirtualMachine *m_virtualMachine; + JSGlobalContextRef m_context; + JSWrapperMap *m_wrapperMap; + JSC::Strong m_exception; +} + +@synthesize exceptionHandler; + +- (JSGlobalContextRef)JSGlobalContextRef +{ + return m_context; +} + +- (id)init +{ + return [self initWithVirtualMachine:[[[JSVirtualMachine alloc] init] autorelease]]; +} + +- (id)initWithVirtualMachine:(JSVirtualMachine *)virtualMachine +{ + self = [super init]; + if (!self) + return nil; + + m_virtualMachine = [virtualMachine retain]; + m_context = JSGlobalContextCreateInGroup(getGroupFromVirtualMachine(virtualMachine), 0); + m_wrapperMap = [[JSWrapperMap alloc] initWithContext:self]; + + self.exceptionHandler = ^(JSContext *context, JSValue *exceptionValue) { + context.exception = exceptionValue; + }; + + [m_virtualMachine addContext:self forGlobalContextRef:m_context]; + + return self; +} + +- (void)dealloc +{ + [m_wrapperMap release]; + JSGlobalContextRelease(m_context); + [m_virtualMachine release]; + [self.exceptionHandler release]; + [super dealloc]; +} + +- (JSValue *)evaluateScript:(NSString *)script +{ + JSValueRef exceptionValue = 0; + JSStringRef scriptJS = JSStringCreateWithCFString((CFStringRef)script); + JSValueRef result = JSEvaluateScript(m_context, scriptJS, 0, 0, 0, &exceptionValue); + JSStringRelease(scriptJS); + + if (exceptionValue) + return [self valueFromNotifyException:exceptionValue]; + + return [JSValue valueWithJSValueRef:result inContext:self]; +} + +- (void)setException:(JSValue *)value +{ + if (value) + m_exception.set(toJS(m_context)->vm(), toJS(JSValueToObject(m_context, valueInternalValue(value), 0))); + else + m_exception.clear(); +} + +- (JSValue *)exception +{ + if (!m_exception) + return nil; + return [JSValue valueWithJSValueRef:toRef(m_exception.get()) inContext:self]; +} + +- (JSWrapperMap *)wrapperMap +{ + return m_wrapperMap; +} + +- (JSValue *)globalObject +{ + return [JSValue valueWithJSValueRef:JSContextGetGlobalObject(m_context) inContext:self]; +} + ++ (JSContext *)currentContext +{ + WTFThreadData& threadData = wtfThreadData(); + CallbackData *entry = (CallbackData *)threadData.m_apiData; + return entry ? entry->context : nil; +} + ++ (JSValue *)currentThis +{ + WTFThreadData& threadData = wtfThreadData(); + CallbackData *entry = (CallbackData *)threadData.m_apiData; + + if (!entry->currentThis) + entry->currentThis = [[JSValue alloc] initWithValue:entry->thisValue inContext:[JSContext currentContext]]; + + return entry->currentThis; +} + ++ (NSArray *)currentArguments +{ + WTFThreadData& threadData = wtfThreadData(); + CallbackData *entry = (CallbackData *)threadData.m_apiData; + + if (!entry->currentArguments) { + JSContext *context = [JSContext currentContext]; + size_t count = entry->argumentCount; + JSValue * argumentArray[count]; + for (size_t i =0; i < count; ++i) + argumentArray[i] = [JSValue valueWithJSValueRef:entry->arguments[i] inContext:context]; + entry->currentArguments = [[NSArray alloc] initWithObjects:argumentArray count:count]; + } + + return entry->currentArguments; +} + +- (JSVirtualMachine *)virtualMachine +{ + return m_virtualMachine; +} + +@end + +@implementation JSContext(SubscriptSupport) + +- (JSValue *)objectForKeyedSubscript:(id)key +{ + return [self globalObject][key]; +} + +- (void)setObject:(id)object forKeyedSubscript:(NSObject *)key +{ + [self globalObject][key] = object; +} + +@end + +@implementation JSContext(Internal) + +- (id)initWithGlobalContextRef:(JSGlobalContextRef)context +{ + self = [super init]; + if (!self) + return nil; + + JSC::JSGlobalObject* globalObject = toJS(context)->lexicalGlobalObject(); + m_virtualMachine = [[JSVirtualMachine virtualMachineWithContextGroupRef:toRef(&globalObject->vm())] retain]; + ASSERT(m_virtualMachine); + m_context = JSGlobalContextRetain(context); + m_wrapperMap = [[JSWrapperMap alloc] initWithContext:self]; + + self.exceptionHandler = ^(JSContext *context, JSValue *exceptionValue) { + context.exception = exceptionValue; + }; + + [m_virtualMachine addContext:self forGlobalContextRef:m_context]; + + return self; +} + +- (void)notifyException:(JSValueRef)exceptionValue +{ + self.exceptionHandler(self, [JSValue valueWithJSValueRef:exceptionValue inContext:self]); +} + +- (JSValue *)valueFromNotifyException:(JSValueRef)exceptionValue +{ + [self notifyException:exceptionValue]; + return [JSValue valueWithUndefinedInContext:self]; +} + +- (BOOL)boolFromNotifyException:(JSValueRef)exceptionValue +{ + [self notifyException:exceptionValue]; + return NO; +} + +- (void)beginCallbackWithData:(CallbackData *)callbackData thisValue:(JSValueRef)thisValue argumentCount:(size_t)argumentCount arguments:(const JSValueRef *)arguments +{ + WTFThreadData& threadData = wtfThreadData(); + [self retain]; + CallbackData *prevStack = (CallbackData *)threadData.m_apiData; + *callbackData = (CallbackData){ prevStack, self, [self.exception retain], thisValue, nil, argumentCount, arguments, nil }; + threadData.m_apiData = callbackData; + self.exception = nil; +} + +- (void)endCallbackWithData:(CallbackData *)callbackData +{ + WTFThreadData& threadData = wtfThreadData(); + self.exception = callbackData->preservedException; + [callbackData->preservedException release]; + [callbackData->currentThis release]; + [callbackData->currentArguments release]; + threadData.m_apiData = callbackData->next; + [self release]; +} + +- (JSValue *)wrapperForObjCObject:(id)object +{ + // Lock access to m_wrapperMap + JSC::JSLockHolder lock(toJS(m_context)); + return [m_wrapperMap jsWrapperForObject:object]; +} + +- (JSValue *)wrapperForJSObject:(JSValueRef)value +{ + JSC::JSLockHolder lock(toJS(m_context)); + return [m_wrapperMap objcWrapperForJSValueRef:value]; +} + ++ (JSContext *)contextWithJSGlobalContextRef:(JSGlobalContextRef)globalContext +{ + JSVirtualMachine *virtualMachine = [JSVirtualMachine virtualMachineWithContextGroupRef:toRef(&toJS(globalContext)->vm())]; + JSContext *context = [virtualMachine contextForGlobalContextRef:globalContext]; + if (!context) + context = [[[JSContext alloc] initWithGlobalContextRef:globalContext] autorelease]; + return context; +} + +@end + +WeakContextRef::WeakContextRef(JSContext *context) +{ + objc_initWeak(&m_weakContext, context); +} + +WeakContextRef::~WeakContextRef() +{ + objc_destroyWeak(&m_weakContext); +} + +JSContext * WeakContextRef::get() +{ + return objc_loadWeak(&m_weakContext); +} + +void WeakContextRef::set(JSContext *context) +{ + objc_storeWeak(&m_weakContext, context); +} + +#endif diff --git a/JavaScriptCore/API/JSContextInternal.h b/JavaScriptCore/API/JSContextInternal.h new file mode 100755 index 00000000..f73067f3 --- /dev/null +++ b/JavaScriptCore/API/JSContextInternal.h @@ -0,0 +1,80 @@ +/* + * Copyright (C) 2013 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY + * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef JSContextInternal_h +#define JSContextInternal_h + +#import + +#if JSC_OBJC_API_ENABLED + +#import "JSContext.h" + +struct CallbackData { + CallbackData *next; + JSContext *context; + JSValue *preservedException; + JSValueRef thisValue; + JSValue *currentThis; + size_t argumentCount; + const JSValueRef *arguments; + NSArray *currentArguments; +}; + +class WeakContextRef { +public: + WeakContextRef(JSContext * = nil); + ~WeakContextRef(); + + JSContext * get(); + void set(JSContext *); + +private: + JSContext *m_weakContext; +}; + +@class JSWrapperMap; + +@interface JSContext(Internal) + +- (id)initWithGlobalContextRef:(JSGlobalContextRef)context; + +- (void)notifyException:(JSValueRef)exception; +- (JSValue *)valueFromNotifyException:(JSValueRef)exception; +- (BOOL)boolFromNotifyException:(JSValueRef)exception; + +- (void)beginCallbackWithData:(CallbackData *)callbackData thisValue:(JSValueRef)thisValue argumentCount:(size_t)argumentCount arguments:(const JSValueRef *)arguments; +- (void)endCallbackWithData:(CallbackData *)callbackData; + +- (JSValue *)wrapperForObjCObject:(id)object; +- (JSValue *)wrapperForJSObject:(JSValueRef)value; + +@property (readonly, retain) JSWrapperMap *wrapperMap; + +@end + +#endif + +#endif // JSContextInternal_h diff --git a/JavaScriptCore/API/JSContextRef.cpp b/JavaScriptCore/API/JSContextRef.cpp old mode 100644 new mode 100755 index 7a57287d..1c1f134a --- a/JavaScriptCore/API/JSContextRef.cpp +++ b/JavaScriptCore/API/JSContextRef.cpp @@ -28,14 +28,17 @@ #include "JSContextRefPrivate.h" #include "APICast.h" +#include "CallFrameInlines.h" #include "InitializeThreading.h" #include -#include #include "JSCallbackObject.h" #include "JSClassRef.h" #include "JSGlobalObject.h" #include "JSObject.h" -#include "UStringBuilder.h" +#include "Operations.h" +#include "SourceProvider.h" +#include "StackIterator.h" +#include #include #if OS(DARWIN) @@ -54,7 +57,7 @@ using namespace JSC; JSContextGroupRef JSContextGroupCreate() { initializeThreading(); - return toRef(JSGlobalData::createContextGroup(ThreadStackTypeSmall).leakRef()); + return toRef(VM::createContextGroup().leakRef()); } JSContextGroupRef JSContextGroupRetain(JSContextGroupRef group) @@ -65,7 +68,44 @@ JSContextGroupRef JSContextGroupRetain(JSContextGroupRef group) void JSContextGroupRelease(JSContextGroupRef group) { - toJS(group)->deref(); + IdentifierTable* savedIdentifierTable; + VM& vm = *toJS(group); + + { + JSLockHolder lock(vm); + savedIdentifierTable = wtfThreadData().setCurrentIdentifierTable(vm.identifierTable); + vm.deref(); + } + + wtfThreadData().setCurrentIdentifierTable(savedIdentifierTable); +} + +static bool internalScriptTimeoutCallback(ExecState* exec, void* callbackPtr, void* callbackData) +{ + JSShouldTerminateCallback callback = reinterpret_cast(callbackPtr); + JSContextRef contextRef = toRef(exec); + ASSERT(callback); + return callback(contextRef, callbackData); +} + +void JSContextGroupSetExecutionTimeLimit(JSContextGroupRef group, double limit, JSShouldTerminateCallback callback, void* callbackData) +{ + VM& vm = *toJS(group); + APIEntryShim entryShim(&vm); + Watchdog& watchdog = vm.watchdog; + if (callback) { + void* callbackPtr = reinterpret_cast(callback); + watchdog.setTimeLimit(vm, limit, internalScriptTimeoutCallback, callbackPtr, callbackData); + } else + watchdog.setTimeLimit(vm, limit); +} + +void JSContextGroupClearExecutionTimeLimit(JSContextGroupRef group) +{ + VM& vm = *toJS(group); + APIEntryShim entryShim(&vm); + Watchdog& watchdog = vm.watchdog; + watchdog.setTimeLimit(vm, std::numeric_limits::infinity()); } // From the API's perspective, a global context remains alive iff it has been JSGlobalContextRetained. @@ -75,10 +115,10 @@ JSGlobalContextRef JSGlobalContextCreate(JSClassRef globalObjectClass) initializeThreading(); #if OS(DARWIN) - // If the application was linked before JSGlobalContextCreate was changed to use a unique JSGlobalData, + // If the application was linked before JSGlobalContextCreate was changed to use a unique VM, // we use a shared one for backwards compatibility. if (NSVersionOfLinkTimeLibrary("JavaScriptCore") <= webkitFirstVersionWithConcurrentGlobalContexts) { - return JSGlobalContextCreateInGroup(toRef(&JSGlobalData::sharedInstance()), globalObjectClass); + return JSGlobalContextCreateInGroup(toRef(&VM::sharedInstance()), globalObjectClass); } #endif // OS(DARWIN) @@ -89,22 +129,23 @@ JSGlobalContextRef JSGlobalContextCreateInGroup(JSContextGroupRef group, JSClass { initializeThreading(); - RefPtr globalData = group ? PassRefPtr(toJS(group)) : JSGlobalData::createContextGroup(ThreadStackTypeSmall); + RefPtr vm = group ? PassRefPtr(toJS(group)) : VM::createContextGroup(); - APIEntryShim entryShim(globalData.get(), false); - globalData->makeUsableFromMultipleThreads(); + APIEntryShim entryShim(vm.get(), false); + vm->makeUsableFromMultipleThreads(); if (!globalObjectClass) { - JSGlobalObject* globalObject = JSGlobalObject::create(*globalData, JSGlobalObject::createStructure(*globalData, jsNull())); + JSGlobalObject* globalObject = JSGlobalObject::create(*vm, JSGlobalObject::createStructure(*vm, jsNull())); + globalObject->setGlobalThis(*vm, JSProxy::create(*vm, JSProxy::createStructure(*vm, globalObject, globalObject->prototype()), globalObject)); return JSGlobalContextRetain(toGlobalRef(globalObject->globalExec())); } - JSGlobalObject* globalObject = JSCallbackObject::create(*globalData, globalObjectClass, JSCallbackObject::createStructure(*globalData, 0, jsNull())); + JSGlobalObject* globalObject = JSCallbackObject::create(*vm, globalObjectClass, JSCallbackObject::createStructure(*vm, 0, jsNull())); ExecState* exec = globalObject->globalExec(); JSValue prototype = globalObjectClass->prototype(exec); if (!prototype) prototype = jsNull(); - globalObject->resetPrototype(*globalData, prototype); + globalObject->resetPrototype(*vm, prototype); return JSGlobalContextRetain(toGlobalRef(exec)); } @@ -113,9 +154,9 @@ JSGlobalContextRef JSGlobalContextRetain(JSGlobalContextRef ctx) ExecState* exec = toJS(ctx); APIEntryShim entryShim(exec); - JSGlobalData& globalData = exec->globalData(); + VM& vm = exec->vm(); gcProtect(exec->dynamicGlobalObject()); - globalData.ref(); + vm.ref(); return ctx; } @@ -126,13 +167,13 @@ void JSGlobalContextRelease(JSGlobalContextRef ctx) { JSLockHolder lock(exec); - JSGlobalData& globalData = exec->globalData(); - savedIdentifierTable = wtfThreadData().setCurrentIdentifierTable(globalData.identifierTable); + VM& vm = exec->vm(); + savedIdentifierTable = wtfThreadData().setCurrentIdentifierTable(vm.identifierTable); bool protectCountIsZero = Heap::heap(exec->dynamicGlobalObject())->unprotect(exec->dynamicGlobalObject()); if (protectCountIsZero) - globalData.heap.reportAbandonedObjectGraph(); - globalData.deref(); + vm.heap.reportAbandonedObjectGraph(); + vm.deref(); } wtfThreadData().setCurrentIdentifierTable(savedIdentifierTable); @@ -140,21 +181,32 @@ void JSGlobalContextRelease(JSGlobalContextRef ctx) JSObjectRef JSContextGetGlobalObject(JSContextRef ctx) { + if (!ctx) { + ASSERT_NOT_REACHED(); + return 0; + } ExecState* exec = toJS(ctx); APIEntryShim entryShim(exec); - // It is necessary to call toThisObject to get the wrapper object when used with WebCore. - return toRef(exec->lexicalGlobalObject()->methodTable()->toThisObject(exec->lexicalGlobalObject(), exec)); + return toRef(jsCast(exec->lexicalGlobalObject()->methodTable()->toThis(exec->lexicalGlobalObject(), exec, NotStrictMode))); } JSContextGroupRef JSContextGetGroup(JSContextRef ctx) { + if (!ctx) { + ASSERT_NOT_REACHED(); + return 0; + } ExecState* exec = toJS(ctx); - return toRef(&exec->globalData()); + return toRef(&exec->vm()); } JSGlobalContextRef JSContextGetGlobalContext(JSContextRef ctx) { + if (!ctx) { + ASSERT_NOT_REACHED(); + return 0; + } ExecState* exec = toJS(ctx); APIEntryShim entryShim(exec); @@ -163,57 +215,44 @@ JSGlobalContextRef JSContextGetGlobalContext(JSContextRef ctx) JSStringRef JSContextCreateBacktrace(JSContextRef ctx, unsigned maxStackSize) { + if (!ctx) { + ASSERT_NOT_REACHED(); + return 0; + } ExecState* exec = toJS(ctx); JSLockHolder lock(exec); + StringBuilder builder; + CallFrame* frame = exec->vm().topCallFrame; + size_t i = 0; + ASSERT(maxStackSize); + for (StackIterator iter = frame->begin(); iter != frame->end() && maxStackSize--; ++iter, ++i) { + JSObject* callee = iter->callee(); + // If callee is unknown, but we've not added any frame yet, we should + // still add the frame, because something called us, and gave us arguments. + if (!callee && i) + break; - unsigned count = 0; - UStringBuilder builder; - CallFrame* callFrame = exec; - UString functionName; - if (exec->callee()) { - if (asObject(exec->callee())->inherits(&InternalFunction::s_info)) { - functionName = asInternalFunction(exec->callee())->name(exec); - builder.append("#0 "); - builder.append(functionName); - builder.append("() "); - count++; - } - } - while (true) { - ASSERT(callFrame); - int signedLineNumber; - intptr_t sourceID; - UString urlString; - JSValue function; - - UString levelStr = UString::number(count); - - exec->interpreter()->retrieveLastCaller(callFrame, signedLineNumber, sourceID, urlString, function); - - if (function) - functionName = jsCast(function)->name(exec); - else { - // Caller is unknown, but if frame is empty we should still add the frame, because - // something called us, and gave us arguments. - if (count) - break; - } - unsigned lineNumber = signedLineNumber >= 0 ? signedLineNumber : 0; if (!builder.isEmpty()) - builder.append("\n"); - builder.append("#"); - builder.append(levelStr); - builder.append(" "); - builder.append(functionName); - builder.append("() at "); - builder.append(urlString); - builder.append(":"); - builder.append(UString::number(lineNumber)); - if (!function || ++count == maxStackSize) + builder.append('\n'); + builder.append('#'); + builder.appendNumber(i); + builder.append(' '); + builder.append(iter->functionName()); + builder.appendLiteral("() at "); + builder.append(iter->sourceURL()); + if (iter->isJSFrame()) { + builder.append(':'); + unsigned lineNumber; + unsigned unusedColumn; + iter->computeLineAndColumn(lineNumber, unusedColumn); + builder.appendNumber(lineNumber); + } + + if (!callee) break; - callFrame = callFrame->callerFrame(); } - return OpaqueJSString::create(builder.toUString()).leakRef(); + + return OpaqueJSString::create(builder.toString()).leakRef(); } diff --git a/JavaScriptCore/API/JSContextRef.h b/JavaScriptCore/API/JSContextRef.h old mode 100644 new mode 100755 diff --git a/JavaScriptCore/API/JSContextRefPrivate.h b/JavaScriptCore/API/JSContextRefPrivate.h old mode 100644 new mode 100755 index 4f77aead..8d7684ac --- a/JavaScriptCore/API/JSContextRefPrivate.h +++ b/JavaScriptCore/API/JSContextRefPrivate.h @@ -55,6 +55,54 @@ JS_EXPORT JSGlobalContextRef JSContextGetGlobalContext(JSContextRef ctx); */ JS_EXPORT JSStringRef JSContextCreateBacktrace(JSContextRef ctx, unsigned maxStackSize) AVAILABLE_IN_WEBKIT_VERSION_4_0; + +/*! +@typedef JSShouldTerminateCallback +@abstract The callback invoked when script execution has exceeded the allowed + time limit previously specified via JSContextGroupSetExecutionTimeLimit. +@param ctx The execution context to use. +@param context User specified context data previously passed to + JSContextGroupSetExecutionTimeLimit. +@discussion If you named your function Callback, you would declare it like this: + + bool Callback(JSContextRef ctx, void* context); + + If you return true, the timed out script will terminate. + If you return false, the script will run for another period of the allowed + time limit specified via JSContextGroupSetExecutionTimeLimit. + + Within this callback function, you may call JSContextGroupSetExecutionTimeLimit + to set a new time limit, or JSContextGroupClearExecutionTimeLimit to cancel the + timeout. +*/ +typedef bool +(*JSShouldTerminateCallback) (JSContextRef ctx, void* context); + +/*! +@function +@abstract Sets the script execution time limit. +@param group The JavaScript context group that this time limit applies to. +@param limit The time limit of allowed script execution time in seconds. +@param callback The callback function that will be invoked when the time limit + has been reached. This will give you a chance to decide if you want to + terminate the script or not. If you pass a NULL callback, the script will be + terminated unconditionally when the time limit has been reached. +@param context User data that you can provide to be passed back to you + in your callback. + + In order to guarantee that the execution time limit will take effect, you will + need to call JSContextGroupSetExecutionTimeLimit before you start executing + any scripts. +*/ +JS_EXPORT void JSContextGroupSetExecutionTimeLimit(JSContextGroupRef, double limit, JSShouldTerminateCallback, void* context) AVAILABLE_IN_WEBKIT_VERSION_4_0; + +/*! +@function +@abstract Clears the script execution time limit. +@param group The JavaScript context group that the time limit is cleared on. +*/ +JS_EXPORT void JSContextGroupClearExecutionTimeLimit(JSContextGroupRef) AVAILABLE_IN_WEBKIT_VERSION_4_0; + #ifdef __cplusplus } #endif diff --git a/JavaScriptCore/API/JSExport.h b/JavaScriptCore/API/JSExport.h new file mode 100755 index 00000000..96e9fec3 --- /dev/null +++ b/JavaScriptCore/API/JSExport.h @@ -0,0 +1,130 @@ +/* + * Copyright (C) 2013 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY + * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#import + +#if JSC_OBJC_API_ENABLED + +// When a JavaScript value is created from an instance of an Objective-C class +// for which no copying conversion is specified a JavaScript wrapper object will +// be created. +// +// In JavaScript inheritance is supported via a chain of prototype objects, and +// for each Objective-C class (and per JSContext) an object appropriate for use +// as a prototype will be provided. For the class NSObject the prototype object +// will be the JavaScript context's Object Prototype. For all other Objective-C +// classes a Prototype object will be created. The Prototype object for a given +// Objective-C class will have its internal [Prototype] property set to point to +// the Prototype object of the Objective-C class's superclass. As such the +// prototype chain for a JavaScript wrapper object will reflect the wrapped +// Objective-C type's inheritance hierarchy. +// +// In addition to the Prototype object a JavaScript Constructor object will also +// be produced for each Objective-C class. The Constructor object has a property +// named 'prototype' that references the Prototype object, and the Prototype +// object has a property named 'constructor' that references the Constructor. +// The Constructor object is not callable. +// +// By default no methods or properties of the Objective-C class will be exposed +// to JavaScript, however methods and properties may explicitly be exported. +// For each protocol that a class conforms to, if the protocol incorporates the +// protocol JSExport, then the protocol will be interpreted as a list of methods +// and properties to be exported to JavaScript. +// +// For each instance method being exported, a corresponding JavaScript function +// will be assigned as a property of the Prototype object, for each Objective-C +// property being exported a JavaScript accessor property will be created on the +// Prototype, and for each class method exported a JavaScript function will be +// created on the Constructor object. For example: +// +// @protocol MyClassJavaScriptMethods +// - (void)foo; +// @end +// +// @interface MyClass : NSObject +// - (void)foo; +// - (void)bar; +// @end +// +// Data properties that are created on the prototype or constructor objects have +// the attributes: writable:true, enumerable:false, configurable:true. Accessor +// properties have the attributes: enumerable:false and configurable:true. +// +// If an instance of MyClass is converted to a JavaScript value, the resulting +// wrapper object will (via its prototype) export the method "foo" to JavaScript, +// since the class conforms to the MyClassJavaScriptMethods protocol, and this +// protocol incorporates JSExport. "bar" will not be exported. +// +// Properties, arguments, and return values of the following types are +// supported: +// +// Primitive numbers: signed values of up to 32-bits are converted in a manner +// consistent with valueWithInt32/toInt32, unsigned values of up to 32-bits +// are converted in a manner consistent with valueWithUInt32/toUInt32, all +// other numeric values are converted consistently with valueWithDouble/ +// toDouble. +// BOOL: values are converted consistently with valueWithBool/toBool. +// id: values are converted consistently with valueWithObject/toObject. +// : - where the type is a pointer to a specified Objective-C +// class, conversion is consistent with valueWithObjectOfClass/toObject. +// struct types: C struct types are supported, where JSValue provides support +// for the given type. Support is built in for CGPoint, NSRange, CGRect, and +// CGSize. +// block types: In addition to support provided by valueWithObject/toObject for +// block types, if a JavaScript Function is passed as an argument, where the +// type required is a block with a void return value (and where the block's +// arguments are all of supported types), then a special adaptor block +// will be created, allowing the JavaScript function to be used in the place +// of a block. +// +// For any interface that conforms to JSExport the normal copying conversion for +// built in types will be inhibited - so, for example, if an instance that +// derives from NSString but conforms to JSExport is passed to valueWithObject: +// then a wrapper object for the Objective-C object will be returned rather than +// a JavaScript string primitive. +@protocol JSExport +@end + +// When a selector that takes one or more arguments is converted to a JavaScript +// property name, by default a property name will be generated by performing the +// following conversion: +// - All colons are removed from the selector +// - Any lowercase letter that had followed a colon will be capitalized. +// Under the default conversion a selector "doFoo:withBar:" will be exported as +// "doFooWithBar". The default conversion may be overriden using the JSExportAs +// macro, for example to export a method "doFoo:withBar:" as "doFoo": +// +// @protocol MyClassJavaScriptMethods +// JSExportAs(doFoo, +// - (void)doFoo:(id)foo withBar:(id)bar +// ); +// @end +// +// Note that the JSExport macro may only be applied to a selector that takes one +// or more argument. +#define JSExportAs(PropertyName, Selector) \ + @optional Selector __JS_EXPORT_AS__##PropertyName:(id)argument; @required Selector + +#endif diff --git a/JavaScriptCore/API/JSManagedValue.h b/JavaScriptCore/API/JSManagedValue.h new file mode 100755 index 00000000..af50194b --- /dev/null +++ b/JavaScriptCore/API/JSManagedValue.h @@ -0,0 +1,66 @@ +/* + * Copyright (C) 2013 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS'' + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, + * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF + * THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef JSManagedValue_h +#define JSManagedValue_h + +#import + +#if JSC_OBJC_API_ENABLED + +@class JSValue; +@class JSContext; + +// JSManagedValue represents a "conditionally retained" JSValue. +// "Conditionally retained" means that as long as either the JSManagedValue +// JavaScript value is reachable through the JavaScript object graph +// or the JSManagedValue object is reachable through the external Objective-C +// object graph as reported to the JSVirtualMachine using +// addManagedReference:withOwner:, the corresponding JavaScript value will +// be retained. However, if neither of these conditions are true, the +// corresponding JSValue will be released and set to nil. +// +// The primary use case for JSManagedValue is for safely referencing JSValues +// from the Objective-C heap. It is incorrect to store a JSValue into an +// Objective-C heap object, as this can very easily create a reference cycle, +// keeping the entire JSContext alive. +//NS_CLASS_AVAILABLE(10_9, NA) +@interface JSManagedValue : NSObject + +// Convenience method for creating JSManagedValues from JSValues. ++ (JSManagedValue *)managedValueWithValue:(JSValue *)value; + +// Create a JSManagedValue. +- (id)initWithValue:(JSValue *)value; + +// Get the JSValue to which this JSManagedValue refers. If the JavaScript value has been collected, +// this method returns nil. +- (JSValue *)value; + +@end + +#endif // JSC_OBJC_API_ENABLED + +#endif // JSManagedValue_h diff --git a/JavaScriptCore/API/JSManagedValue.mm b/JavaScriptCore/API/JSManagedValue.mm new file mode 100755 index 00000000..758082f9 --- /dev/null +++ b/JavaScriptCore/API/JSManagedValue.mm @@ -0,0 +1,117 @@ +/* + * Copyright (C) 2013 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS'' + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, + * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF + * THE POSSIBILITY OF SUCH DAMAGE. + */ + + +#import "config.h" +#import "JSManagedValue.h" + +#if JSC_OBJC_API_ENABLED + +#import "APICast.h" +#import "Heap.h" +#import "JSContextInternal.h" +#import "JSValueInternal.h" +#import "Weak.h" +#import "WeakHandleOwner.h" +#import "ObjcRuntimeExtras.h" +#import "Operations.h" + +class JSManagedValueHandleOwner : public JSC::WeakHandleOwner { +public: + virtual void finalize(JSC::Handle, void* context); + virtual bool isReachableFromOpaqueRoots(JSC::Handle, void* context, JSC::SlotVisitor&); +}; + +static JSManagedValueHandleOwner* managedValueHandleOwner() +{ + DEFINE_STATIC_LOCAL(JSManagedValueHandleOwner, jsManagedValueHandleOwner, ()); + return &jsManagedValueHandleOwner; +} + +@implementation JSManagedValue { + JSC::Weak m_value; +} + ++ (JSManagedValue *)managedValueWithValue:(JSValue *)value +{ + return [[[self alloc] initWithValue:value] autorelease]; +} + +- (id)init +{ + return [self initWithValue:nil]; +} + +- (id)initWithValue:(JSValue *)value +{ + self = [super init]; + if (!self) + return nil; + + if (!value || !JSValueIsObject([value.context JSGlobalContextRef], [value JSValueRef])) { + JSC::Weak weak; + m_value.swap(weak); + } else { + JSC::JSObject* object = toJS(const_cast([value JSValueRef])); + JSC::Weak weak(object, managedValueHandleOwner(), self); + m_value.swap(weak); + } + + return self; +} + +- (JSValue *)value +{ + if (!m_value) + return nil; + JSC::JSObject* object = m_value.get(); + JSContext *context = [JSContext contextWithJSGlobalContextRef:toGlobalRef(object->structure()->globalObject()->globalExec())]; + return [JSValue valueWithJSValueRef:toRef(object) inContext:context]; +} + +- (void)disconnectValue +{ + m_value.clear(); +} + +@end + +@interface JSManagedValue (PrivateMethods) +- (void)disconnectValue; +@end + +bool JSManagedValueHandleOwner::isReachableFromOpaqueRoots(JSC::Handle, void* context, JSC::SlotVisitor& visitor) +{ + JSManagedValue *managedValue = static_cast(context); + return visitor.containsOpaqueRoot(managedValue); +} + +void JSManagedValueHandleOwner::finalize(JSC::Handle, void* context) +{ + JSManagedValue *managedValue = static_cast(context); + [managedValue disconnectValue]; +} + +#endif // JSC_OBJC_API_ENABLED diff --git a/JavaScriptCore/API/JSObjectRef.cpp b/JavaScriptCore/API/JSObjectRef.cpp old mode 100644 new mode 100755 index e01214d5..5e6baa03 --- a/JavaScriptCore/API/JSObjectRef.cpp +++ b/JavaScriptCore/API/JSObjectRef.cpp @@ -29,12 +29,15 @@ #include "JSObjectRefPrivate.h" #include "APICast.h" +#include "ButterflyInlines.h" #include "CodeBlock.h" +#include "CopiedSpaceInlines.h" #include "DateConstructor.h" #include "ErrorConstructor.h" #include "FunctionConstructor.h" #include "Identifier.h" #include "InitializeThreading.h" +#include "JSAPIWrapperObject.h" #include "JSArray.h" #include "JSCallbackConstructor.h" #include "JSCallbackFunction.h" @@ -46,7 +49,9 @@ #include "JSRetainPtr.h" #include "JSString.h" #include "JSValueRef.h" +#include "ObjectConstructor.h" #include "ObjectPrototype.h" +#include "Operations.h" #include "PropertyNameArray.h" #include "RegExpConstructor.h" @@ -75,31 +80,40 @@ void JSClassRelease(JSClassRef jsClass) JSObjectRef JSObjectMake(JSContextRef ctx, JSClassRef jsClass, void* data) { + if (!ctx) { + ASSERT_NOT_REACHED(); + return 0; + } ExecState* exec = toJS(ctx); APIEntryShim entryShim(exec); if (!jsClass) return toRef(constructEmptyObject(exec)); - JSCallbackObject* object = JSCallbackObject::create(exec, exec->lexicalGlobalObject(), exec->lexicalGlobalObject()->callbackObjectStructure(), jsClass, data); + JSCallbackObject* object = JSCallbackObject::create(exec, exec->lexicalGlobalObject(), exec->lexicalGlobalObject()->callbackObjectStructure(), jsClass, data); if (JSObject* prototype = jsClass->prototype(exec)) - object->setPrototype(exec->globalData(), prototype); + object->setPrototype(exec->vm(), prototype); return toRef(object); } JSObjectRef JSObjectMakeFunctionWithCallback(JSContextRef ctx, JSStringRef name, JSObjectCallAsFunctionCallback callAsFunction) { + if (!ctx) { + ASSERT_NOT_REACHED(); + return 0; + } ExecState* exec = toJS(ctx); APIEntryShim entryShim(exec); - - Identifier nameID = name ? name->identifier(&exec->globalData()) : Identifier(exec, "anonymous"); - - return toRef(JSCallbackFunction::create(exec, exec->lexicalGlobalObject(), callAsFunction, nameID)); + return toRef(JSCallbackFunction::create(exec, exec->lexicalGlobalObject(), callAsFunction, name ? name->string() : ASCIILiteral("anonymous"))); } JSObjectRef JSObjectMakeConstructor(JSContextRef ctx, JSClassRef jsClass, JSObjectCallAsConstructorCallback callAsConstructor) { + if (!ctx) { + ASSERT_NOT_REACHED(); + return 0; + } ExecState* exec = toJS(ctx); APIEntryShim entryShim(exec); @@ -108,23 +122,27 @@ JSObjectRef JSObjectMakeConstructor(JSContextRef ctx, JSClassRef jsClass, JSObje jsPrototype = exec->lexicalGlobalObject()->objectPrototype(); JSCallbackConstructor* constructor = JSCallbackConstructor::create(exec, exec->lexicalGlobalObject(), exec->lexicalGlobalObject()->callbackConstructorStructure(), jsClass, callAsConstructor); - constructor->putDirect(exec->globalData(), exec->propertyNames().prototype, jsPrototype, DontEnum | DontDelete | ReadOnly); + constructor->putDirect(exec->vm(), exec->propertyNames().prototype, jsPrototype, DontEnum | DontDelete | ReadOnly); return toRef(constructor); } JSObjectRef JSObjectMakeFunction(JSContextRef ctx, JSStringRef name, unsigned parameterCount, const JSStringRef parameterNames[], JSStringRef body, JSStringRef sourceURL, int startingLineNumber, JSValueRef* exception) { + if (!ctx) { + ASSERT_NOT_REACHED(); + return 0; + } ExecState* exec = toJS(ctx); APIEntryShim entryShim(exec); - Identifier nameID = name ? name->identifier(&exec->globalData()) : Identifier(exec, "anonymous"); + Identifier nameID = name ? name->identifier(&exec->vm()) : Identifier(exec, "anonymous"); MarkedArgumentBuffer args; for (unsigned i = 0; i < parameterCount; i++) - args.append(jsString(exec, parameterNames[i]->ustring())); - args.append(jsString(exec, body->ustring())); + args.append(jsString(exec, parameterNames[i]->string())); + args.append(jsString(exec, body->string())); - JSObject* result = constructFunction(exec, exec->lexicalGlobalObject(), args, nameID, sourceURL->ustring(), TextPosition(OrdinalNumber::fromOneBasedInt(startingLineNumber), OrdinalNumber::first())); + JSObject* result = constructFunction(exec, exec->lexicalGlobalObject(), args, nameID, sourceURL->string(), TextPosition(OrdinalNumber::fromOneBasedInt(startingLineNumber), OrdinalNumber::first())); if (exec->hadException()) { if (exception) *exception = toRef(exec, exec->exception()); @@ -136,6 +154,10 @@ JSObjectRef JSObjectMakeFunction(JSContextRef ctx, JSStringRef name, unsigned pa JSObjectRef JSObjectMakeArray(JSContextRef ctx, size_t argumentCount, const JSValueRef arguments[], JSValueRef* exception) { + if (!ctx) { + ASSERT_NOT_REACHED(); + return 0; + } ExecState* exec = toJS(ctx); APIEntryShim entryShim(exec); @@ -145,9 +167,9 @@ JSObjectRef JSObjectMakeArray(JSContextRef ctx, size_t argumentCount, const JSVa for (size_t i = 0; i < argumentCount; ++i) argList.append(toJS(exec, arguments[i])); - result = constructArray(exec, argList); + result = constructArray(exec, static_cast(0), argList); } else - result = constructEmptyArray(exec); + result = constructEmptyArray(exec, 0); if (exec->hadException()) { if (exception) @@ -161,6 +183,10 @@ JSObjectRef JSObjectMakeArray(JSContextRef ctx, size_t argumentCount, const JSVa JSObjectRef JSObjectMakeDate(JSContextRef ctx, size_t argumentCount, const JSValueRef arguments[], JSValueRef* exception) { + if (!ctx) { + ASSERT_NOT_REACHED(); + return 0; + } ExecState* exec = toJS(ctx); APIEntryShim entryShim(exec); @@ -181,6 +207,10 @@ JSObjectRef JSObjectMakeDate(JSContextRef ctx, size_t argumentCount, const JSVal JSObjectRef JSObjectMakeError(JSContextRef ctx, size_t argumentCount, const JSValueRef arguments[], JSValueRef* exception) { + if (!ctx) { + ASSERT_NOT_REACHED(); + return 0; + } ExecState* exec = toJS(ctx); APIEntryShim entryShim(exec); @@ -200,6 +230,10 @@ JSObjectRef JSObjectMakeError(JSContextRef ctx, size_t argumentCount, const JSVa JSObjectRef JSObjectMakeRegExp(JSContextRef ctx, size_t argumentCount, const JSValueRef arguments[], JSValueRef* exception) { + if (!ctx) { + ASSERT_NOT_REACHED(); + return 0; + } ExecState* exec = toJS(ctx); APIEntryShim entryShim(exec); @@ -220,6 +254,10 @@ JSObjectRef JSObjectMakeRegExp(JSContextRef ctx, size_t argumentCount, const JSV JSValueRef JSObjectGetPrototype(JSContextRef ctx, JSObjectRef object) { + if (!ctx) { + ASSERT_NOT_REACHED(); + return 0; + } ExecState* exec = toJS(ctx); APIEntryShim entryShim(exec); @@ -229,33 +267,45 @@ JSValueRef JSObjectGetPrototype(JSContextRef ctx, JSObjectRef object) void JSObjectSetPrototype(JSContextRef ctx, JSObjectRef object, JSValueRef value) { + if (!ctx) { + ASSERT_NOT_REACHED(); + return; + } ExecState* exec = toJS(ctx); APIEntryShim entryShim(exec); JSObject* jsObject = toJS(object); JSValue jsValue = toJS(exec, value); - jsObject->setPrototypeWithCycleCheck(exec->globalData(), jsValue.isObject() ? jsValue : jsNull()); + jsObject->setPrototypeWithCycleCheck(exec, jsValue.isObject() ? jsValue : jsNull()); } bool JSObjectHasProperty(JSContextRef ctx, JSObjectRef object, JSStringRef propertyName) { + if (!ctx) { + ASSERT_NOT_REACHED(); + return false; + } ExecState* exec = toJS(ctx); APIEntryShim entryShim(exec); JSObject* jsObject = toJS(object); - return jsObject->hasProperty(exec, propertyName->identifier(&exec->globalData())); + return jsObject->hasProperty(exec, propertyName->identifier(&exec->vm())); } JSValueRef JSObjectGetProperty(JSContextRef ctx, JSObjectRef object, JSStringRef propertyName, JSValueRef* exception) { + if (!ctx) { + ASSERT_NOT_REACHED(); + return 0; + } ExecState* exec = toJS(ctx); APIEntryShim entryShim(exec); JSObject* jsObject = toJS(object); - JSValue jsValue = jsObject->get(exec, propertyName->identifier(&exec->globalData())); + JSValue jsValue = jsObject->get(exec, propertyName->identifier(&exec->vm())); if (exec->hadException()) { if (exception) *exception = toRef(exec, exec->exception()); @@ -266,16 +316,21 @@ JSValueRef JSObjectGetProperty(JSContextRef ctx, JSObjectRef object, JSStringRef void JSObjectSetProperty(JSContextRef ctx, JSObjectRef object, JSStringRef propertyName, JSValueRef value, JSPropertyAttributes attributes, JSValueRef* exception) { + if (!ctx) { + ASSERT_NOT_REACHED(); + return; + } ExecState* exec = toJS(ctx); APIEntryShim entryShim(exec); JSObject* jsObject = toJS(object); - Identifier name(propertyName->identifier(&exec->globalData())); + Identifier name(propertyName->identifier(&exec->vm())); JSValue jsValue = toJS(exec, value); - if (attributes && !jsObject->hasProperty(exec, name)) - jsObject->methodTable()->putDirectVirtual(jsObject, exec, name, jsValue, attributes); - else { + if (attributes && !jsObject->hasProperty(exec, name)) { + PropertyDescriptor desc(jsValue, attributes); + jsObject->methodTable()->defineOwnProperty(jsObject, exec, name, desc, false); + } else { PutPropertySlot slot; jsObject->methodTable()->put(jsObject, exec, name, jsValue, slot); } @@ -289,6 +344,10 @@ void JSObjectSetProperty(JSContextRef ctx, JSObjectRef object, JSStringRef prope JSValueRef JSObjectGetPropertyAtIndex(JSContextRef ctx, JSObjectRef object, unsigned propertyIndex, JSValueRef* exception) { + if (!ctx) { + ASSERT_NOT_REACHED(); + return 0; + } ExecState* exec = toJS(ctx); APIEntryShim entryShim(exec); @@ -306,6 +365,10 @@ JSValueRef JSObjectGetPropertyAtIndex(JSContextRef ctx, JSObjectRef object, unsi void JSObjectSetPropertyAtIndex(JSContextRef ctx, JSObjectRef object, unsigned propertyIndex, JSValueRef value, JSValueRef* exception) { + if (!ctx) { + ASSERT_NOT_REACHED(); + return; + } ExecState* exec = toJS(ctx); APIEntryShim entryShim(exec); @@ -322,12 +385,16 @@ void JSObjectSetPropertyAtIndex(JSContextRef ctx, JSObjectRef object, unsigned p bool JSObjectDeleteProperty(JSContextRef ctx, JSObjectRef object, JSStringRef propertyName, JSValueRef* exception) { + if (!ctx) { + ASSERT_NOT_REACHED(); + return false; + } ExecState* exec = toJS(ctx); APIEntryShim entryShim(exec); JSObject* jsObject = toJS(object); - bool result = jsObject->methodTable()->deleteProperty(jsObject, exec, propertyName->identifier(&exec->globalData())); + bool result = jsObject->methodTable()->deleteProperty(jsObject, exec, propertyName->identifier(&exec->vm())); if (exec->hadException()) { if (exception) *exception = toRef(exec, exec->exception()); @@ -338,28 +405,38 @@ bool JSObjectDeleteProperty(JSContextRef ctx, JSObjectRef object, JSStringRef pr void* JSObjectGetPrivate(JSObjectRef object) { - JSObject* jsObject = toJS(object); + JSObject* jsObject = uncheckedToJS(object); - if (jsObject->inherits(&JSCallbackObject::s_info)) + if (jsObject->inherits(JSCallbackObject::info())) return jsCast*>(jsObject)->getPrivate(); - if (jsObject->inherits(&JSCallbackObject::s_info)) - return jsCast*>(jsObject)->getPrivate(); + if (jsObject->inherits(JSCallbackObject::info())) + return jsCast*>(jsObject)->getPrivate(); +#if JSC_OBJC_API_ENABLED + if (jsObject->inherits(JSCallbackObject::info())) + return jsCast*>(jsObject)->getPrivate(); +#endif return 0; } bool JSObjectSetPrivate(JSObjectRef object, void* data) { - JSObject* jsObject = toJS(object); + JSObject* jsObject = uncheckedToJS(object); - if (jsObject->inherits(&JSCallbackObject::s_info)) { + if (jsObject->inherits(JSCallbackObject::info())) { jsCast*>(jsObject)->setPrivate(data); return true; } - if (jsObject->inherits(&JSCallbackObject::s_info)) { - jsCast*>(jsObject)->setPrivate(data); + if (jsObject->inherits(JSCallbackObject::info())) { + jsCast*>(jsObject)->setPrivate(data); + return true; + } +#if JSC_OBJC_API_ENABLED + if (jsObject->inherits(JSCallbackObject::info())) { + jsCast*>(jsObject)->setPrivate(data); return true; } +#endif return false; } @@ -370,11 +447,15 @@ JSValueRef JSObjectGetPrivateProperty(JSContextRef ctx, JSObjectRef object, JSSt APIEntryShim entryShim(exec); JSObject* jsObject = toJS(object); JSValue result; - Identifier name(propertyName->identifier(&exec->globalData())); - if (jsObject->inherits(&JSCallbackObject::s_info)) + Identifier name(propertyName->identifier(&exec->vm())); + if (jsObject->inherits(JSCallbackObject::info())) result = jsCast*>(jsObject)->getPrivateProperty(name); - else if (jsObject->inherits(&JSCallbackObject::s_info)) - result = jsCast*>(jsObject)->getPrivateProperty(name); + else if (jsObject->inherits(JSCallbackObject::info())) + result = jsCast*>(jsObject)->getPrivateProperty(name); +#if JSC_OBJC_API_ENABLED + else if (jsObject->inherits(JSCallbackObject::info())) + result = jsCast*>(jsObject)->getPrivateProperty(name); +#endif return toRef(exec, result); } @@ -384,15 +465,21 @@ bool JSObjectSetPrivateProperty(JSContextRef ctx, JSObjectRef object, JSStringRe APIEntryShim entryShim(exec); JSObject* jsObject = toJS(object); JSValue jsValue = value ? toJS(exec, value) : JSValue(); - Identifier name(propertyName->identifier(&exec->globalData())); - if (jsObject->inherits(&JSCallbackObject::s_info)) { - jsCast*>(jsObject)->setPrivateProperty(exec->globalData(), name, jsValue); + Identifier name(propertyName->identifier(&exec->vm())); + if (jsObject->inherits(JSCallbackObject::info())) { + jsCast*>(jsObject)->setPrivateProperty(exec->vm(), name, jsValue); return true; } - if (jsObject->inherits(&JSCallbackObject::s_info)) { - jsCast*>(jsObject)->setPrivateProperty(exec->globalData(), name, jsValue); + if (jsObject->inherits(JSCallbackObject::info())) { + jsCast*>(jsObject)->setPrivateProperty(exec->vm(), name, jsValue); return true; } +#if JSC_OBJC_API_ENABLED + if (jsObject->inherits(JSCallbackObject::info())) { + jsCast*>(jsObject)->setPrivateProperty(exec->vm(), name, jsValue); + return true; + } +#endif return false; } @@ -401,20 +488,28 @@ bool JSObjectDeletePrivateProperty(JSContextRef ctx, JSObjectRef object, JSStrin ExecState* exec = toJS(ctx); APIEntryShim entryShim(exec); JSObject* jsObject = toJS(object); - Identifier name(propertyName->identifier(&exec->globalData())); - if (jsObject->inherits(&JSCallbackObject::s_info)) { + Identifier name(propertyName->identifier(&exec->vm())); + if (jsObject->inherits(JSCallbackObject::info())) { jsCast*>(jsObject)->deletePrivateProperty(name); return true; } - if (jsObject->inherits(&JSCallbackObject::s_info)) { - jsCast*>(jsObject)->deletePrivateProperty(name); + if (jsObject->inherits(JSCallbackObject::info())) { + jsCast*>(jsObject)->deletePrivateProperty(name); return true; } +#if JSC_OBJC_API_ENABLED + if (jsObject->inherits(JSCallbackObject::info())) { + jsCast*>(jsObject)->deletePrivateProperty(name); + return true; + } +#endif return false; } bool JSObjectIsFunction(JSContextRef, JSObjectRef object) { + if (!object) + return false; CallData callData; JSCell* cell = toJS(object); return cell->methodTable()->getCallData(cell, callData) != CallTypeNone; @@ -425,6 +520,9 @@ JSValueRef JSObjectCallAsFunction(JSContextRef ctx, JSObjectRef object, JSObject ExecState* exec = toJS(ctx); APIEntryShim entryShim(exec); + if (!object) + return 0; + JSObject* jsObject = toJS(object); JSObject* jsThisObject = toJS(thisObject); @@ -452,6 +550,8 @@ JSValueRef JSObjectCallAsFunction(JSContextRef ctx, JSObjectRef object, JSObject bool JSObjectIsConstructor(JSContextRef, JSObjectRef object) { + if (!object) + return false; JSObject* jsObject = toJS(object); ConstructData constructData; return jsObject->methodTable()->getConstructData(jsObject, constructData) != ConstructTypeNone; @@ -462,6 +562,9 @@ JSObjectRef JSObjectCallAsConstructor(JSContextRef ctx, JSObjectRef object, size ExecState* exec = toJS(ctx); APIEntryShim entryShim(exec); + if (!object) + return 0; + JSObject* jsObject = toJS(object); ConstructData constructData; @@ -485,33 +588,37 @@ JSObjectRef JSObjectCallAsConstructor(JSContextRef ctx, JSObjectRef object, size struct OpaqueJSPropertyNameArray { WTF_MAKE_FAST_ALLOCATED; public: - OpaqueJSPropertyNameArray(JSGlobalData* globalData) + OpaqueJSPropertyNameArray(VM* vm) : refCount(0) - , globalData(globalData) + , vm(vm) { } unsigned refCount; - JSGlobalData* globalData; + VM* vm; Vector > array; }; JSPropertyNameArrayRef JSObjectCopyPropertyNames(JSContextRef ctx, JSObjectRef object) { + if (!ctx) { + ASSERT_NOT_REACHED(); + return 0; + } JSObject* jsObject = toJS(object); ExecState* exec = toJS(ctx); APIEntryShim entryShim(exec); - JSGlobalData* globalData = &exec->globalData(); + VM* vm = &exec->vm(); - JSPropertyNameArrayRef propertyNames = new OpaqueJSPropertyNameArray(globalData); - PropertyNameArray array(globalData); + JSPropertyNameArrayRef propertyNames = new OpaqueJSPropertyNameArray(vm); + PropertyNameArray array(vm); jsObject->methodTable()->getPropertyNames(jsObject, exec, array, ExcludeDontEnumProperties); size_t size = array.size(); propertyNames->array.reserveInitialCapacity(size); for (size_t i = 0; i < size; ++i) - propertyNames->array.append(JSRetainPtr(Adopt, OpaqueJSString::create(array[i].ustring()).leakRef())); + propertyNames->array.uncheckedAppend(JSRetainPtr(Adopt, OpaqueJSString::create(array[i].string()).leakRef())); return JSPropertyNameArrayRetain(propertyNames); } @@ -525,7 +632,7 @@ JSPropertyNameArrayRef JSPropertyNameArrayRetain(JSPropertyNameArrayRef array) void JSPropertyNameArrayRelease(JSPropertyNameArrayRef array) { if (--array->refCount == 0) { - APIEntryShim entryShim(array->globalData, false); + APIEntryShim entryShim(array->vm, false); delete array; } } @@ -543,6 +650,6 @@ JSStringRef JSPropertyNameArrayGetNameAtIndex(JSPropertyNameArrayRef array, size void JSPropertyNameAccumulatorAddName(JSPropertyNameAccumulatorRef array, JSStringRef propertyName) { PropertyNameArray* propertyNames = toJS(array); - APIEntryShim entryShim(propertyNames->globalData()); - propertyNames->add(propertyName->identifier(propertyNames->globalData())); + APIEntryShim entryShim(propertyNames->vm()); + propertyNames->add(propertyName->identifier(propertyNames->vm())); } diff --git a/JavaScriptCore/API/JSObjectRef.h b/JavaScriptCore/API/JSObjectRef.h old mode 100644 new mode 100755 diff --git a/JavaScriptCore/API/JSObjectRefPrivate.h b/JavaScriptCore/API/JSObjectRefPrivate.h old mode 100644 new mode 100755 diff --git a/JavaScriptCore/API/JSProfilerPrivate.cpp b/JavaScriptCore/API/JSProfilerPrivate.cpp old mode 100644 new mode 100755 index ea277f05..0405b4b2 --- a/JavaScriptCore/API/JSProfilerPrivate.cpp +++ b/JavaScriptCore/API/JSProfilerPrivate.cpp @@ -27,20 +27,20 @@ #include "JSProfilerPrivate.h" #include "APICast.h" +#include "LegacyProfiler.h" #include "OpaqueJSString.h" -#include "Profiler.h" using namespace JSC; void JSStartProfiling(JSContextRef ctx, JSStringRef title) { - Profiler::profiler()->startProfiling(toJS(ctx), title->ustring()); + LegacyProfiler::profiler()->startProfiling(toJS(ctx), title->string()); } void JSEndProfiling(JSContextRef ctx, JSStringRef title) { ExecState* exec = toJS(ctx); - Profiler* profiler = Profiler::profiler(); - profiler->stopProfiling(exec, title->ustring()); + LegacyProfiler* profiler = LegacyProfiler::profiler(); + profiler->stopProfiling(exec, title->string()); } diff --git a/JavaScriptCore/API/JSProfilerPrivate.h b/JavaScriptCore/API/JSProfilerPrivate.h old mode 100644 new mode 100755 diff --git a/JavaScriptCore/API/JSRetainPtr.h b/JavaScriptCore/API/JSRetainPtr.h old mode 100644 new mode 100755 diff --git a/JavaScriptCore/API/JSScriptRef.cpp b/JavaScriptCore/API/JSScriptRef.cpp new file mode 100755 index 00000000..8a5f3caf --- /dev/null +++ b/JavaScriptCore/API/JSScriptRef.cpp @@ -0,0 +1,151 @@ +/* + * Copyright (C) 2012 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS'' + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, + * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF + * THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "config.h" + +#include "APICast.h" +#include "APIShims.h" +#include "Completion.h" +#include "JSBasePrivate.h" +#include "VM.h" +#include "JSScriptRefPrivate.h" +#include "OpaqueJSString.h" +#include "Operations.h" +#include "Parser.h" +#include "SourceCode.h" +#include "SourceProvider.h" + +using namespace JSC; + +struct OpaqueJSScript : public SourceProvider { +public: + static WTF::PassRefPtr create(VM* vm, const String& url, int startingLineNumber, const String& source) + { + return WTF::adoptRef(new OpaqueJSScript(vm, url, startingLineNumber, source)); + } + + const String& source() const OVERRIDE + { + return m_source; + } + + VM* vm() const { return m_vm; } + +private: + OpaqueJSScript(VM* vm, const String& url, int startingLineNumber, const String& source) + : SourceProvider(url, TextPosition(OrdinalNumber::fromOneBasedInt(startingLineNumber), OrdinalNumber::first())) + , m_vm(vm) + , m_source(source) + { + } + + ~OpaqueJSScript() { } + + VM* m_vm; + String m_source; +}; + +static bool parseScript(VM* vm, const SourceCode& source, ParserError& error) +{ + return JSC::parse(vm, source, 0, Identifier(), JSParseNormal, JSParseProgramCode, error); +} + +extern "C" { + +JSScriptRef JSScriptCreateReferencingImmortalASCIIText(JSContextGroupRef contextGroup, JSStringRef url, int startingLineNumber, const char* source, size_t length, JSStringRef* errorMessage, int* errorLine) +{ + VM* vm = toJS(contextGroup); + APIEntryShim entryShim(vm); + for (size_t i = 0; i < length; i++) { + if (!isASCII(source[i])) + return 0; + } + + RefPtr result = OpaqueJSScript::create(vm, url->string(), startingLineNumber, String(StringImpl::createFromLiteral(source, length))); + + ParserError error; + if (!parseScript(vm, SourceCode(result), error)) { + if (errorMessage) + *errorMessage = OpaqueJSString::create(error.m_message).leakRef(); + if (errorLine) + *errorLine = error.m_line; + return 0; + } + + return result.release().leakRef(); +} + +JSScriptRef JSScriptCreateFromString(JSContextGroupRef contextGroup, JSStringRef url, int startingLineNumber, JSStringRef source, JSStringRef* errorMessage, int* errorLine) +{ + VM* vm = toJS(contextGroup); + APIEntryShim entryShim(vm); + + RefPtr result = OpaqueJSScript::create(vm, url->string(), startingLineNumber, source->string()); + + ParserError error; + if (!parseScript(vm, SourceCode(result), error)) { + if (errorMessage) + *errorMessage = OpaqueJSString::create(error.m_message).leakRef(); + if (errorLine) + *errorLine = error.m_line; + return 0; + } + + return result.release().leakRef(); +} + +void JSScriptRetain(JSScriptRef script) +{ + APIEntryShim entryShim(script->vm()); + script->ref(); +} + +void JSScriptRelease(JSScriptRef script) +{ + APIEntryShim entryShim(script->vm()); + script->deref(); +} + +JSValueRef JSScriptEvaluate(JSContextRef context, JSScriptRef script, JSValueRef thisValueRef, JSValueRef* exception) +{ + ExecState* exec = toJS(context); + APIEntryShim entryShim(exec); + if (script->vm() != &exec->vm()) { + RELEASE_ASSERT_NOT_REACHED(); + return 0; + } + JSValue internalException; + JSValue thisValue = thisValueRef ? toJS(exec, thisValueRef) : jsUndefined(); + JSValue result = evaluate(exec, SourceCode(script), thisValue, &internalException); + if (internalException) { + if (exception) + *exception = toRef(exec, internalException); + return 0; + } + ASSERT(result); + return toRef(exec, result); +} + +} diff --git a/JavaScriptCore/API/JSScriptRefPrivate.h b/JavaScriptCore/API/JSScriptRefPrivate.h new file mode 100755 index 00000000..e1992052 --- /dev/null +++ b/JavaScriptCore/API/JSScriptRefPrivate.h @@ -0,0 +1,99 @@ +/* + * Copyright (C) 2012 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS'' + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, + * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF + * THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef JSScriptRefPrivate_h +#define JSScriptRefPrivate_h + +#include +#include +#include + +/*! @typedef JSScriptRef A JavaScript script reference. */ +typedef struct OpaqueJSScript* JSScriptRef; + +#ifdef __cplusplus +extern "C" { +#endif + +/*! + @function + @abstract Creates a script reference from an ascii string, without copying or taking ownership of the string + @param contextGroup The context group the script is to be used in. + @param url The source url to be reported in errors and exceptions. + @param startingLineNumber An integer value specifying the script's starting line number in the file located at sourceURL. This is only used when reporting exceptions. + @param source The source string. This is required to be pure ASCII and to never be deallocated. + @param length The length of the source string. + @param errorMessage A pointer to a JSStringRef in which to store the parse error message if the source is not valid. Pass NULL if you do not care to store an error message. + @param errorLine A pointer to an int in which to store the line number of a parser error. Pass NULL if you do not care to store an error line. + @result A JSScriptRef for the provided source, or NULL if any non-ASCII character is found in source or if the source is not a valid JavaScript program. Ownership follows the Create Rule. + @discussion Use this function to create a reusable script reference with a constant + buffer as the backing string. The source string must outlive the global context. + */ +JS_EXPORT JSScriptRef JSScriptCreateReferencingImmortalASCIIText(JSContextGroupRef contextGroup, JSStringRef url, int startingLineNumber, const char* source, size_t length, JSStringRef* errorMessage, int* errorLine); + +/*! + @function + @abstract Creates a script reference from a string + @param contextGroup The context group the script is to be used in. + @param url The source url to be reported in errors and exceptions. + @param startingLineNumber An integer value specifying the script's starting line number in the file located at sourceURL. This is only used when reporting exceptions. + @param source The source string. + @param errorMessage A pointer to a JSStringRef in which to store the parse error message if the source is not valid. Pass NULL if you do not care to store an error message. + @param errorLine A pointer to an int in which to store the line number of a parser error. Pass NULL if you do not care to store an error line. + @result A JSScriptRef for the provided source, or NULL is the source is not a valid JavaScript program. Ownership follows the Create Rule. + */ +JS_EXPORT JSScriptRef JSScriptCreateFromString(JSContextGroupRef contextGroup, JSStringRef url, int startingLineNumber, JSStringRef source, JSStringRef* errorMessage, int* errorLine); + +/*! + @function + @abstract Retains a JavaScript script. + @param script The script to retain. + */ +JS_EXPORT void JSScriptRetain(JSScriptRef script); + +/*! + @function + @abstract Releases a JavaScript script. + @param script The script to release. + */ +JS_EXPORT void JSScriptRelease(JSScriptRef script); + +/*! + @function + @abstract Evaluates a JavaScript script. + @param ctx The execution context to use. + @param script The JSScript to evaluate. + @param thisValue The value to use as "this" when evaluating the script. + @param exception A pointer to a JSValueRef in which to store an exception, if any. Pass NULL if you do not care to store an exception. + @result The JSValue that results from evaluating script, or NULL if an exception is thrown. + */ +JS_EXPORT JSValueRef JSScriptEvaluate(JSContextRef ctx, JSScriptRef script, JSValueRef thisValue, JSValueRef* exception); + + +#ifdef __cplusplus +} +#endif + +#endif /* JSScriptRefPrivate_h */ diff --git a/JavaScriptCore/API/JSStringRef.cpp b/JavaScriptCore/API/JSStringRef.cpp old mode 100644 new mode 100755 index ea31da66..a03afed5 --- a/JavaScriptCore/API/JSStringRef.cpp +++ b/JavaScriptCore/API/JSStringRef.cpp @@ -25,6 +25,7 @@ #include "config.h" #include "JSStringRef.h" +#include "JSStringRefPrivate.h" #include "InitializeThreading.h" #include "OpaqueJSString.h" @@ -46,14 +47,24 @@ JSStringRef JSStringCreateWithUTF8CString(const char* string) size_t length = strlen(string); Vector buffer(length); UChar* p = buffer.data(); - if (conversionOK == convertUTF8ToUTF16(&string, string + length, &p, p + length)) + bool sourceIsAllASCII; + const LChar* stringStart = reinterpret_cast(string); + if (conversionOK == convertUTF8ToUTF16(&string, string + length, &p, p + length, &sourceIsAllASCII)) { + if (sourceIsAllASCII) + return OpaqueJSString::create(stringStart, length).leakRef(); return OpaqueJSString::create(buffer.data(), p - buffer.data()).leakRef(); + } } - // Null string. return OpaqueJSString::create().leakRef(); } +JSStringRef JSStringCreateWithCharactersNoCopy(const JSChar* chars, size_t numChars) +{ + initializeThreading(); + return OpaqueJSString::create(StringImpl::createWithoutCopying(chars, numChars)).leakRef(); +} + JSStringRef JSStringRetain(JSStringRef string) { string->ref(); diff --git a/JavaScriptCore/API/JSStringRef.h b/JavaScriptCore/API/JSStringRef.h old mode 100644 new mode 100755 diff --git a/JavaScriptCore/API/JSStringRefBSTR.cpp b/JavaScriptCore/API/JSStringRefBSTR.cpp old mode 100644 new mode 100755 diff --git a/JavaScriptCore/API/JSStringRefBSTR.h b/JavaScriptCore/API/JSStringRefBSTR.h old mode 100644 new mode 100755 diff --git a/JavaScriptCore/API/JSStringRefCF.cpp b/JavaScriptCore/API/JSStringRefCF.cpp old mode 100644 new mode 100755 index 0877a13e..64d2d625 --- a/JavaScriptCore/API/JSStringRefCF.cpp +++ b/JavaScriptCore/API/JSStringRefCF.cpp @@ -30,8 +30,7 @@ #include "InitializeThreading.h" #include "JSStringRef.h" #include "OpaqueJSString.h" -#include -#include +#include #include JSStringRef JSStringCreateWithCFString(CFStringRef string) @@ -42,13 +41,19 @@ JSStringRef JSStringCreateWithCFString(CFStringRef string) // it can hold. () size_t length = CFStringGetLength(string); if (length) { + Vector lcharBuffer(length); + CFIndex usedBufferLength; + CFIndex convertedSize = CFStringGetBytes(string, CFRangeMake(0, length), kCFStringEncodingISOLatin1, 0, false, lcharBuffer.data(), length, &usedBufferLength); + if (static_cast(convertedSize) == length && static_cast(usedBufferLength) == length) + return OpaqueJSString::create(lcharBuffer.data(), length).leakRef(); + OwnArrayPtr buffer = adoptArrayPtr(new UniChar[length]); CFStringGetCharacters(string, CFRangeMake(0, length), buffer.get()); COMPILE_ASSERT(sizeof(UniChar) == sizeof(UChar), unichar_and_uchar_must_be_same_size); return OpaqueJSString::create(reinterpret_cast(buffer.get()), length).leakRef(); - } else { - return OpaqueJSString::create(0, 0).leakRef(); } + + return OpaqueJSString::create(reinterpret_cast(""), 0).leakRef(); } CFStringRef JSStringCopyCFString(CFAllocatorRef alloc, JSStringRef string) diff --git a/JavaScriptCore/API/JSStringRefCF.h b/JavaScriptCore/API/JSStringRefCF.h old mode 100644 new mode 100755 diff --git a/JavaScriptCore/API/JSStringRefPrivate.h b/JavaScriptCore/API/JSStringRefPrivate.h new file mode 100755 index 00000000..f1db806e --- /dev/null +++ b/JavaScriptCore/API/JSStringRefPrivate.h @@ -0,0 +1,41 @@ +/* + * Copyright (C) 2013 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY + * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef JSStringRefPrivate_h +#define JSStringRefPrivate_h + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +JS_EXPORT JSStringRef JSStringCreateWithCharactersNoCopy(const JSChar* chars, size_t numChars); + +#ifdef __cplusplus +} +#endif + +#endif /* JSStringRefPrivate_h */ diff --git a/JavaScriptCore/API/JSStringRefQt.cpp b/JavaScriptCore/API/JSStringRefQt.cpp new file mode 100755 index 00000000..259bad8e --- /dev/null +++ b/JavaScriptCore/API/JSStringRefQt.cpp @@ -0,0 +1,50 @@ +/* + * Copyright (C) 2006, 2007 Apple Computer, Inc. All rights reserved. + * Copyright (C) 2013 Digia Plc and/or its subsidiary(-ies). + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE COMPUTER, INC. OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY + * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "config.h" +#include "JSStringRefQt.h" + +#include "APICast.h" +#include "InitializeThreading.h" +#include "JSStringRef.h" +#include "OpaqueJSString.h" +#include +#include + +QString JSStringCopyQString(JSStringRef string) +{ + return string->qString(); +} + +JSRetainPtr JSStringCreateWithQString(const QString& qString) +{ + RefPtr jsString = OpaqueJSString::create(qString); + + if (jsString) + return JSRetainPtr(Adopt, jsString.release().leakRef()); + + return JSRetainPtr(Adopt, OpaqueJSString::create().leakRef()); +} diff --git a/JavaScriptCore/API/JSStringRefQt.h b/JavaScriptCore/API/JSStringRefQt.h new file mode 100755 index 00000000..63a059fd --- /dev/null +++ b/JavaScriptCore/API/JSStringRefQt.h @@ -0,0 +1,45 @@ +/* + * Copyright (C) 2006, 2007 Apple Computer, Inc. All rights reserved. + * Copyright (C) 2013 Digia Plc and/or its subsidiary(-ies). + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE COMPUTER, INC. OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY + * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef JSStringRefQt_h +#define JSStringRefQt_h + +#include "JSBase.h" +#include "JSRetainPtr.h" +#include + +/* QString convenience methods */ + +/*! +@function +@abstract Creates a QString from a JavaScript string. +@param string The JSString to copy into the new QString. +@result A QString containing string. +*/ +JS_EXPORT QString JSStringCopyQString(JSStringRef string); +JS_EXPORT JSRetainPtr JSStringCreateWithQString(const QString&); + +#endif /* JSStringRefQt_h */ diff --git a/JavaScriptCore/API/JSValue.h b/JavaScriptCore/API/JSValue.h new file mode 100755 index 00000000..48e1d637 --- /dev/null +++ b/JavaScriptCore/API/JSValue.h @@ -0,0 +1,308 @@ +/* + * Copyright (C) 2013 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY + * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef JSValue_h +#define JSValue_h + +#if JSC_OBJC_API_ENABLED + +#import + +@class JSContext; + +// A JSValue is a reference to a value within the JavaScript object space of a +// JSVirtualMachine. All instances of JSValue originate from a JSContext and +// hold a strong reference to this JSContext. As long as any value associated with +// a particular JSContext is retained, that JSContext will remain alive. +// Where an instance method is invoked upon a JSValue, and this returns another +// JSValue, the returned JSValue will originate from the same JSContext as the +// JSValue on which the method was invoked. +// +// For all methods taking arguments of type id, arguments will be converted +// into a JavaScript value according to the conversion specified below. +// All JavaScript values are associated with a particular JSVirtualMachine +// (the associated JSVirtualMachine is available indirectly via the context +// property). An instance of JSValue may only be passed as an argument to +// methods on instances of JSValue and JSContext that belong to the same +// JSVirtualMachine - passing a JSValue to a method on an object originating +// from a different JSVirtualMachine will result in an Objective-C exception +// being raised. +// +// Conversion between Objective-C and JavaScript types. +// +// When converting between JavaScript values and Objective-C objects a copy is +// performed. Values of types listed below are copied to the corresponding +// types on conversion in each direction. For NSDictionaries, entries in the +// dictionary that are keyed by strings are copied onto a JavaScript object. +// For dictionaries and arrays, conversion is recursive, with the same object +// conversion being applied to all entries in the collection. +// +// Objective-C type | JavaScript type +// --------------------+--------------------- +// nil | undefined +// NSNull | null +// NSString | string +// NSNumber | number, boolean +// NSDictionary | Object object +// NSArray | Array object +// NSDate | Date object +// NSBlock * | Function object * +// id ** | Wrapper object ** +// Class *** | Constructor object *** +// +// * Instances of NSBlock with supported arguments types will be presented to +// JavaScript as a callable Function object. For more information on supported +// argument types see JSExport.h. If a JavaScript Function originating from an +// Objective-C block is converted back to an Objective-C object the block will +// be returned. All other JavaScript functions will be converted in the same +// manner as a JavaScript object of type Object. +// +// ** For Objective-C instances that do not derive from the set of types listed +// above, a wrapper object to provide a retaining handle to the Objective-C +// instance from JavaScript. For more information on these wrapper objects, see +// JSExport.h. When a JavaScript wrapper object is converted back to Objective-C +// the Objective-C instance being retained by the wrapper is returned. +// +// *** For Objective-C Class objects a constructor object containing exported +// class methods will be returned. See JSExport.h for more information on +// constructor objects. + +//NS_CLASS_AVAILABLE(10_9, NA) +@interface JSValue : NSObject + +// Create a JSValue by converting an Objective-C object. ++ (JSValue *)valueWithObject:(id)value inContext:(JSContext *)context; +// Create a JavaScript value from an Objective-C primitive type. ++ (JSValue *)valueWithBool:(BOOL)value inContext:(JSContext *)context; ++ (JSValue *)valueWithDouble:(double)value inContext:(JSContext *)context; ++ (JSValue *)valueWithInt32:(int32_t)value inContext:(JSContext *)context; ++ (JSValue *)valueWithUInt32:(uint32_t)value inContext:(JSContext *)context; +// Create a JavaScript value in this context. ++ (JSValue *)valueWithNewObjectInContext:(JSContext *)context; ++ (JSValue *)valueWithNewArrayInContext:(JSContext *)context; ++ (JSValue *)valueWithNewRegularExpressionFromPattern:(NSString *)pattern flags:(NSString *)flags inContext:(JSContext *)context; ++ (JSValue *)valueWithNewErrorFromMessage:(NSString *)message inContext:(JSContext *)context; ++ (JSValue *)valueWithNullInContext:(JSContext *)context; ++ (JSValue *)valueWithUndefinedInContext:(JSContext *)context; + +// Convert this value to a corresponding Objective-C object, according to the +// conversion specified above. +- (id)toObject; +// Convert this value to a corresponding Objective-C object, if the result is +// not of the specified class then nil will be returned. +- (id)toObjectOfClass:(Class)expectedClass; +// The value is copied to a boolean according to the conversion specified by the +// JavaScript language. +- (BOOL)toBool; +// The value is copied to a number according to the conversion specified by the +// JavaScript language. +- (double)toDouble; +// The value is copied to an integer according to the conversion specified by +// the JavaScript language. +- (int32_t)toInt32; +// The value is copied to an integer according to the conversion specified by +// the JavaScript language. +- (uint32_t)toUInt32; +// If the value is a boolean, a NSNumber value of @YES or @NO will be returned. +// For all other types the value will be copied to a number according to the +// conversion specified by the JavaScript language. +- (NSNumber *)toNumber; +// The value is copied to a string according to the conversion specified by the +// JavaScript language. +- (NSString *)toString; +// The value is converted to a number representing a time interval since 1970, +// and a new NSDate instance is returned. +- (NSDate *)toDate; +// If the value is null or undefined then nil is returned. +// If the value is not an object then a JavaScript TypeError will be thrown. +// The property "length" is read from the object, converted to an unsigned +// integer, and an NSArray of this size is allocated. Properties corresponding +// to indicies within the array bounds will be copied to the array, with +// Objective-C objects converted to equivalent JSValues as specified. +- (NSArray *)toArray; +// If the value is null or undefined then nil is returned. +// If the value is not an object then a JavaScript TypeError will be thrown. +// All enumerable properties of the object are copied to the dictionary, with +// Objective-C objects converted to equivalent JSValues as specified. +- (NSDictionary *)toDictionary; + +// Access a property from the value. This method will return the JavaScript value +// 'undefined' if the property does not exist. +- (JSValue *)valueForProperty:(NSString *)property; +// Set a property on the value. +- (void)setValue:(id)value forProperty:(NSString *)property; +// Delete a property from the value, returns YES if deletion is successful. +- (BOOL)deleteProperty:(NSString *)property; +// Returns YES if property is present on the value. +// This method has the same function as the JavaScript operator "in". +- (BOOL)hasProperty:(NSString *)property; +// This method may be used to create a data or accessor property on an object; +// this method operates in accordance with the Object.defineProperty method in +// the JavaScript language. +- (void)defineProperty:(NSString *)property descriptor:(id)descriptor; + +// Access an indexed property from the value. This method will return the +// JavaScript value 'undefined' if no property exists at that index. +- (JSValue *)valueAtIndex:(NSUInteger)index; +// Set an indexed property on the value. For JSValues that are JavaScript arrays, +// indices greater than UINT_MAX - 1 will not affect the length of the array. +- (void)setValue:(id)value atIndex:(NSUInteger)index; + +// All JavaScript values are precisely one of these types. +- (BOOL)isUndefined; +- (BOOL)isNull; +- (BOOL)isBoolean; +- (BOOL)isNumber; +- (BOOL)isString; +- (BOOL)isObject; + +// This method has the same function as the JavaScript operator "===". +- (BOOL)isEqualToObject:(id)value; +// This method has the same function as the JavaScript operator "==". +- (BOOL)isEqualWithTypeCoercionToObject:(id)value; +// This method has the same function as the JavaScript operator "instanceof". +- (BOOL)isInstanceOf:(id)value; + +// Call this value as a function passing the specified arguments. +- (JSValue *)callWithArguments:(NSArray *)arguments; +// Call this value as a constructor passing the specified arguments. +- (JSValue *)constructWithArguments:(NSArray *)arguments; +// Access the property named "method" from this value; call the value resulting +// from the property access as a function, passing this value as the "this" +// value, and the specified arguments. +- (JSValue *)invokeMethod:(NSString *)method withArguments:(NSArray *)arguments; + +// The JSContext that this value originates from. +@property(readonly, retain) JSContext *context; + +@end + +// Objective-C methods exported to JavaScript may have argument and/or return +// values of struct types, provided that conversion to and from the struct is +// supported by JSValue. Support is provided for any types where JSValue +// contains both a class method "valueWith:inContext:", and and instance +// method "to" - where the string "" in these selector names match, +// with the first argument to the former being of the same struct type as the +// return type of the latter. +// Support is provided for structs of type CGPoint, NSRange, CGRect and CGSize. +@interface JSValue(StructSupport) + +// This method returns a newly allocated JavaScript object containing properties +// named "x" and "y", with values from the CGPoint. ++ (JSValue *)valueWithPoint:(CGPoint)point inContext:(JSContext *)context; +// This method returns a newly allocated JavaScript object containing properties +// named "location" and "length", with values from the NSRange. ++ (JSValue *)valueWithRange:(NSRange)range inContext:(JSContext *)context; +// This method returns a newly allocated JavaScript object containing properties +// named "x", "y", "width", and "height", with values from the CGRect. ++ (JSValue *)valueWithRect:(CGRect)rect inContext:(JSContext *)context; +// This method returns a newly allocated JavaScript object containing properties +// named "width" and "height", with values from the CGSize. ++ (JSValue *)valueWithSize:(CGSize)size inContext:(JSContext *)context; + +// Convert a value to type CGPoint by reading properties named "x" and "y" from +// this value, and converting the results to double. +- (CGPoint)toPoint; +// Convert a value to type NSRange by accessing properties named "location" and +// "length" from this value converting the results to double. +- (NSRange)toRange; +// Convert a value to type CGRect by reading properties named "x", "y", "width", +// and "height" from this value, and converting the results to double. +- (CGRect)toRect; +// Convert a value to type CGSize by accessing properties named "width" and +// "height" from this value converting the results to double. +- (CGSize)toSize; + +@end + +// Instances of JSValue implement the following methods in order to enable +// support for subscript access by key and index, for example: +// +// JSValue *objectA, *objectB; +// JSValue *v1 = object[@"X"]; // Get value for property "X" from 'object'. +// JSValue *v2 = object[42]; // Get value for index 42 from 'object'. +// object[@"Y"] = v1; // Assign 'v1' to property "Y" of 'object'. +// object[101] = v2; // Assign 'v2' to index 101 of 'object'. +// +// An object key passed as a subscript will be converted to a JavaScript value, +// and then the value converted to a string used as a property name. +@interface JSValue(SubscriptSupport) + +- (JSValue *)objectForKeyedSubscript:(id)key; +- (JSValue *)objectAtIndexedSubscript:(NSUInteger)index; +- (void)setObject:(id)object forKeyedSubscript:(NSObject *)key; +- (void)setObject:(id)object atIndexedSubscript:(NSUInteger)index; + +@end + +// These functions are for bridging between the C API and the Objective-C API. +@interface JSValue(JSValueRefSupport) +// Creates a JSValue, wrapping its C API counterpart. ++ (JSValue *)valueWithJSValueRef:(JSValueRef)value inContext:(JSContext *)context; +// Returns the C API counterpart wrapped by a JSContext. +- (JSValueRef)JSValueRef; +@end + +#ifdef __cplusplus +extern "C" { +#endif + +// These keys may assist in creating a property descriptor for use with the +// defineProperty method on JSValue. +// Property descriptors must fit one of three descriptions: +// Data Descriptor: +// - A descriptor containing one or both of the keys "value" and "writable", +// and optionally containing one or both of the keys "enumerable" and +// "configurable". A data descriptor may not contain either the "get" or +// "set" key. +// A data descriptor may be used to create or modify the attributes of a +// data property on an object (replacing any existing accessor property). +// Accessor Descriptor: +// - A descriptor containing one or both of the keys "get" and "set", and +// optionally containing one or both of the keys "enumerable" and +// "configurable". An accessor descriptor may not contain either the "value" +// or "writable" key. +// An accessor descriptor may be used to create or modify the attributes of +// an accessor property on an object (replacing any existing data property). +// Generic Descriptor: +// - A descriptor containing one or both of the keys "enumerable" and +// "configurable". A generic descriptor may not contain any of the keys +// "value", " writable", "get", or "set". +// A generic descriptor may be used to modify the attributes of an existing +// data or accessor property, or to create a new data property. +JS_EXPORT extern NSString * const JSPropertyDescriptorWritableKey; +JS_EXPORT extern NSString * const JSPropertyDescriptorEnumerableKey; +JS_EXPORT extern NSString * const JSPropertyDescriptorConfigurableKey; +JS_EXPORT extern NSString * const JSPropertyDescriptorValueKey; +JS_EXPORT extern NSString * const JSPropertyDescriptorGetKey; +JS_EXPORT extern NSString * const JSPropertyDescriptorSetKey; + +#ifdef __cplusplus +} // extern "C" +#endif + +#endif + +#endif // JSValue_h diff --git a/JavaScriptCore/API/JSValue.mm b/JavaScriptCore/API/JSValue.mm new file mode 100755 index 00000000..bf6cdd50 --- /dev/null +++ b/JavaScriptCore/API/JSValue.mm @@ -0,0 +1,1126 @@ +/* + * Copyright (C) 2013 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY + * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "config.h" + +#import "APICast.h" +#import "APIShims.h" +#import "DateInstance.h" +#import "Error.h" +#import "JavaScriptCore.h" +#import "JSContextInternal.h" +#import "JSVirtualMachineInternal.h" +#import "JSValueInternal.h" +#import "JSWrapperMap.h" +#import "ObjcRuntimeExtras.h" +#import "Operations.h" +#import "JSCJSValue.h" +#import +#import +#import +#import +#import +#import +#import + +#if JSC_OBJC_API_ENABLED + +NSString * const JSPropertyDescriptorWritableKey = @"writable"; +NSString * const JSPropertyDescriptorEnumerableKey = @"enumerable"; +NSString * const JSPropertyDescriptorConfigurableKey = @"configurable"; +NSString * const JSPropertyDescriptorValueKey = @"value"; +NSString * const JSPropertyDescriptorGetKey = @"get"; +NSString * const JSPropertyDescriptorSetKey = @"set"; + +@implementation JSValue { + JSValueRef m_value; +} + +- (JSValueRef)JSValueRef +{ + return m_value; +} + ++ (JSValue *)valueWithObject:(id)value inContext:(JSContext *)context +{ + return [JSValue valueWithJSValueRef:objectToValue(context, value) inContext:context]; +} + ++ (JSValue *)valueWithBool:(BOOL)value inContext:(JSContext *)context +{ + return [JSValue valueWithJSValueRef:JSValueMakeBoolean([context JSGlobalContextRef], value) inContext:context]; +} + ++ (JSValue *)valueWithDouble:(double)value inContext:(JSContext *)context +{ + return [JSValue valueWithJSValueRef:JSValueMakeNumber([context JSGlobalContextRef], value) inContext:context]; +} + ++ (JSValue *)valueWithInt32:(int32_t)value inContext:(JSContext *)context +{ + return [JSValue valueWithJSValueRef:JSValueMakeNumber([context JSGlobalContextRef], value) inContext:context]; +} + ++ (JSValue *)valueWithUInt32:(uint32_t)value inContext:(JSContext *)context +{ + return [JSValue valueWithJSValueRef:JSValueMakeNumber([context JSGlobalContextRef], value) inContext:context]; +} + ++ (JSValue *)valueWithNewObjectInContext:(JSContext *)context +{ + return [JSValue valueWithJSValueRef:JSObjectMake([context JSGlobalContextRef], 0, 0) inContext:context]; +} + ++ (JSValue *)valueWithNewArrayInContext:(JSContext *)context +{ + return [JSValue valueWithJSValueRef:JSObjectMakeArray([context JSGlobalContextRef], 0, NULL, 0) inContext:context]; +} + ++ (JSValue *)valueWithNewRegularExpressionFromPattern:(NSString *)pattern flags:(NSString *)flags inContext:(JSContext *)context +{ + JSStringRef patternString = JSStringCreateWithCFString((CFStringRef)pattern); + JSStringRef flagsString = JSStringCreateWithCFString((CFStringRef)flags); + JSValueRef arguments[2] = { JSValueMakeString([context JSGlobalContextRef], patternString), JSValueMakeString([context JSGlobalContextRef], flagsString) }; + JSStringRelease(patternString); + JSStringRelease(flagsString); + + return [JSValue valueWithJSValueRef:JSObjectMakeRegExp([context JSGlobalContextRef], 2, arguments, 0) inContext:context]; +} + ++ (JSValue *)valueWithNewErrorFromMessage:(NSString *)message inContext:(JSContext *)context +{ + JSStringRef string = JSStringCreateWithCFString((CFStringRef)message); + JSValueRef argument = JSValueMakeString([context JSGlobalContextRef], string); + JSStringRelease(string); + + return [JSValue valueWithJSValueRef:JSObjectMakeError([context JSGlobalContextRef], 1, &argument, 0) inContext:context]; +} + ++ (JSValue *)valueWithNullInContext:(JSContext *)context +{ + return [JSValue valueWithJSValueRef:JSValueMakeNull([context JSGlobalContextRef]) inContext:context]; +} + ++ (JSValue *)valueWithUndefinedInContext:(JSContext *)context +{ + return [JSValue valueWithJSValueRef:JSValueMakeUndefined([context JSGlobalContextRef]) inContext:context]; +} + +- (id)toObject +{ + return valueToObject(_context, m_value); +} + +- (id)toObjectOfClass:(Class)expectedClass +{ + id result = [self toObject]; + return [result isKindOfClass:expectedClass] ? result : nil; +} + +- (BOOL)toBool +{ + return JSValueToBoolean([_context JSGlobalContextRef], m_value); +} + +- (double)toDouble +{ + JSValueRef exception = 0; + double result = JSValueToNumber([_context JSGlobalContextRef], m_value, &exception); + if (exception) { + [_context notifyException:exception]; + return std::numeric_limits::quiet_NaN(); + } + + return result; +} + +- (int32_t)toInt32 +{ + return JSC::toInt32([self toDouble]); +} + +- (uint32_t)toUInt32 +{ + return JSC::toUInt32([self toDouble]); +} + +- (NSNumber *)toNumber +{ + JSValueRef exception = 0; + id result = valueToNumber([_context JSGlobalContextRef], m_value, &exception); + if (exception) + [_context notifyException:exception]; + return result; +} + +- (NSString *)toString +{ + JSValueRef exception = 0; + id result = valueToString([_context JSGlobalContextRef], m_value, &exception); + if (exception) + [_context notifyException:exception]; + return result; +} + +- (NSDate *)toDate +{ + JSValueRef exception = 0; + id result = valueToDate([_context JSGlobalContextRef], m_value, &exception); + if (exception) + [_context notifyException:exception]; + return result; +} + +- (NSArray *)toArray +{ + JSValueRef exception = 0; + id result = valueToArray([_context JSGlobalContextRef], m_value, &exception); + if (exception) + [_context notifyException:exception]; + return result; +} + +- (NSDictionary *)toDictionary +{ + JSValueRef exception = 0; + id result = valueToDictionary([_context JSGlobalContextRef], m_value, &exception); + if (exception) + [_context notifyException:exception]; + return result; +} + +- (JSValue *)valueForProperty:(NSString *)propertyName +{ + JSValueRef exception = 0; + JSObjectRef object = JSValueToObject([_context JSGlobalContextRef], m_value, &exception); + if (exception) + return [_context valueFromNotifyException:exception]; + + JSStringRef name = JSStringCreateWithCFString((CFStringRef)propertyName); + JSValueRef result = JSObjectGetProperty([_context JSGlobalContextRef], object, name, &exception); + JSStringRelease(name); + if (exception) + return [_context valueFromNotifyException:exception]; + + return [JSValue valueWithJSValueRef:result inContext:_context]; +} + +- (void)setValue:(id)value forProperty:(NSString *)propertyName +{ + JSValueRef exception = 0; + JSObjectRef object = JSValueToObject([_context JSGlobalContextRef], m_value, &exception); + if (exception) { + [_context notifyException:exception]; + return; + } + + JSStringRef name = JSStringCreateWithCFString((CFStringRef)propertyName); + JSObjectSetProperty([_context JSGlobalContextRef], object, name, objectToValue(_context, value), 0, &exception); + JSStringRelease(name); + if (exception) { + [_context notifyException:exception]; + return; + } +} + +- (BOOL)deleteProperty:(NSString *)propertyName +{ + JSValueRef exception = 0; + JSObjectRef object = JSValueToObject([_context JSGlobalContextRef], m_value, &exception); + if (exception) + return [_context boolFromNotifyException:exception]; + + JSStringRef name = JSStringCreateWithCFString((CFStringRef)propertyName); + BOOL result = JSObjectDeleteProperty([_context JSGlobalContextRef], object, name, &exception); + JSStringRelease(name); + if (exception) + return [_context boolFromNotifyException:exception]; + + return result; +} + +- (BOOL)hasProperty:(NSString *)propertyName +{ + JSValueRef exception = 0; + JSObjectRef object = JSValueToObject([_context JSGlobalContextRef], m_value, &exception); + if (exception) + return [_context boolFromNotifyException:exception]; + + JSStringRef name = JSStringCreateWithCFString((CFStringRef)propertyName); + BOOL result = JSObjectHasProperty([_context JSGlobalContextRef], object, name); + JSStringRelease(name); + return result; +} + +- (void)defineProperty:(NSString *)property descriptor:(id)descriptor +{ + [[_context globalObject][@"Object"] invokeMethod:@"defineProperty" withArguments:@[ self, property, descriptor ]]; +} + +- (JSValue *)valueAtIndex:(NSUInteger)index +{ + // Properties that are higher than an unsigned value can hold are converted to a double then inserted as a normal property. + // Indices that are bigger than the max allowed index size (UINT_MAX - 1) will be handled internally in get(). + if (index != (unsigned)index) + return [self valueForProperty:[[JSValue valueWithDouble:index inContext:_context] toString]]; + + JSValueRef exception = 0; + JSObjectRef object = JSValueToObject([_context JSGlobalContextRef], m_value, &exception); + if (exception) + return [_context valueFromNotifyException:exception]; + + JSValueRef result = JSObjectGetPropertyAtIndex([_context JSGlobalContextRef], object, (unsigned)index, &exception); + if (exception) + return [_context valueFromNotifyException:exception]; + + return [JSValue valueWithJSValueRef:result inContext:_context]; +} + +- (void)setValue:(id)value atIndex:(NSUInteger)index +{ + // Properties that are higher than an unsigned value can hold are converted to a double, then inserted as a normal property. + // Indices that are bigger than the max allowed index size (UINT_MAX - 1) will be handled internally in putByIndex(). + if (index != (unsigned)index) + return [self setValue:value forProperty:[[JSValue valueWithDouble:index inContext:_context] toString]]; + + JSValueRef exception = 0; + JSObjectRef object = JSValueToObject([_context JSGlobalContextRef], m_value, &exception); + if (exception) { + [_context notifyException:exception]; + return; + } + + JSObjectSetPropertyAtIndex([_context JSGlobalContextRef], object, (unsigned)index, objectToValue(_context, value), &exception); + if (exception) { + [_context notifyException:exception]; + return; + } +} + +- (BOOL)isUndefined +{ + return JSValueIsUndefined([_context JSGlobalContextRef], m_value); +} + +- (BOOL)isNull +{ + return JSValueIsNull([_context JSGlobalContextRef], m_value); +} + +- (BOOL)isBoolean +{ + return JSValueIsBoolean([_context JSGlobalContextRef], m_value); +} + +- (BOOL)isNumber +{ + return JSValueIsNumber([_context JSGlobalContextRef], m_value); +} + +- (BOOL)isString +{ + return JSValueIsString([_context JSGlobalContextRef], m_value); +} + +- (BOOL)isObject +{ + return JSValueIsObject([_context JSGlobalContextRef], m_value); +} + +- (BOOL)isEqualToObject:(id)value +{ + return JSValueIsStrictEqual([_context JSGlobalContextRef], m_value, objectToValue(_context, value)); +} + +- (BOOL)isEqualWithTypeCoercionToObject:(id)value +{ + JSValueRef exception = 0; + BOOL result = JSValueIsEqual([_context JSGlobalContextRef], m_value, objectToValue(_context, value), &exception); + if (exception) + return [_context boolFromNotifyException:exception]; + + return result; +} + +- (BOOL)isInstanceOf:(id)value +{ + JSValueRef exception = 0; + JSObjectRef constructor = JSValueToObject([_context JSGlobalContextRef], objectToValue(_context, value), &exception); + if (exception) + return [_context boolFromNotifyException:exception]; + + BOOL result = JSValueIsInstanceOfConstructor([_context JSGlobalContextRef], m_value, constructor, &exception); + if (exception) + return [_context boolFromNotifyException:exception]; + + return result; +} + +- (JSValue *)callWithArguments:(NSArray *)argumentArray +{ + NSUInteger argumentCount = [argumentArray count]; + JSValueRef arguments[argumentCount]; + for (unsigned i = 0; i < argumentCount; ++i) + arguments[i] = objectToValue(_context, [argumentArray objectAtIndex:i]); + + JSValueRef exception = 0; + JSObjectRef object = JSValueToObject([_context JSGlobalContextRef], m_value, &exception); + if (exception) + return [_context valueFromNotifyException:exception]; + + JSValueRef result = JSObjectCallAsFunction([_context JSGlobalContextRef], object, 0, argumentCount, arguments, &exception); + if (exception) + return [_context valueFromNotifyException:exception]; + + return [JSValue valueWithJSValueRef:result inContext:_context]; +} + +- (JSValue *)constructWithArguments:(NSArray *)argumentArray +{ + NSUInteger argumentCount = [argumentArray count]; + JSValueRef arguments[argumentCount]; + for (unsigned i = 0; i < argumentCount; ++i) + arguments[i] = objectToValue(_context, [argumentArray objectAtIndex:i]); + + JSValueRef exception = 0; + JSObjectRef object = JSValueToObject([_context JSGlobalContextRef], m_value, &exception); + if (exception) + return [_context valueFromNotifyException:exception]; + + JSObjectRef result = JSObjectCallAsConstructor([_context JSGlobalContextRef], object, argumentCount, arguments, &exception); + if (exception) + return [_context valueFromNotifyException:exception]; + + return [JSValue valueWithJSValueRef:result inContext:_context]; +} + +- (JSValue *)invokeMethod:(NSString *)method withArguments:(NSArray *)arguments +{ + NSUInteger argumentCount = [arguments count]; + JSValueRef argumentArray[argumentCount]; + for (unsigned i = 0; i < argumentCount; ++i) + argumentArray[i] = objectToValue(_context, [arguments objectAtIndex:i]); + + JSValueRef exception = 0; + JSObjectRef thisObject = JSValueToObject([_context JSGlobalContextRef], m_value, &exception); + if (exception) + return [_context valueFromNotifyException:exception]; + + JSStringRef name = JSStringCreateWithCFString((CFStringRef)method); + JSValueRef function = JSObjectGetProperty([_context JSGlobalContextRef], thisObject, name, &exception); + JSStringRelease(name); + if (exception) + return [_context valueFromNotifyException:exception]; + + JSObjectRef object = JSValueToObject([_context JSGlobalContextRef], function, &exception); + if (exception) + return [_context valueFromNotifyException:exception]; + + JSValueRef result = JSObjectCallAsFunction([_context JSGlobalContextRef], object, thisObject, argumentCount, argumentArray, &exception); + if (exception) + return [_context valueFromNotifyException:exception]; + + return [JSValue valueWithJSValueRef:result inContext:_context]; +} + +@end + +@implementation JSValue(StructSupport) + +- (CGPoint)toPoint +{ + return CGPointMake([self[@"x"] toDouble], [self[@"y"] toDouble]); +} + +- (NSRange)toRange +{ + return (NSRange){ + [[self[@"location"] toNumber] unsignedIntegerValue], + [[self[@"length"] toNumber] unsignedIntegerValue] + }; +} + +- (CGRect)toRect +{ + return (CGRect){ + [self toPoint], + [self toSize] + }; +} + +- (CGSize)toSize +{ + return CGSizeMake([self[@"width"] toDouble], [self[@"height"] toDouble]); +} + ++ (JSValue *)valueWithPoint:(CGPoint)point inContext:(JSContext *)context +{ + return [JSValue valueWithObject:@{ + @"x":@(point.x), + @"y":@(point.y) + } inContext:context]; +} + ++ (JSValue *)valueWithRange:(NSRange)range inContext:(JSContext *)context +{ + return [JSValue valueWithObject:@{ + @"location":@(range.location), + @"length":@(range.length) + } inContext:context]; +} + ++ (JSValue *)valueWithRect:(CGRect)rect inContext:(JSContext *)context +{ + return [JSValue valueWithObject:@{ + @"x":@(rect.origin.x), + @"y":@(rect.origin.y), + @"width":@(rect.size.width), + @"height":@(rect.size.height) + } inContext:context]; +} + ++ (JSValue *)valueWithSize:(CGSize)size inContext:(JSContext *)context +{ + return [JSValue valueWithObject:@{ + @"width":@(size.width), + @"height":@(size.height) + } inContext:context]; +} + +@end + +@implementation JSValue(SubscriptSupport) + +- (JSValue *)objectForKeyedSubscript:(id)key +{ + if (![key isKindOfClass:[NSString class]]) { + key = [[JSValue valueWithObject:key inContext:_context] toString]; + if (!key) + return [JSValue valueWithUndefinedInContext:_context]; + } + + return [self valueForProperty:(NSString *)key]; +} + +- (JSValue *)objectAtIndexedSubscript:(NSUInteger)index +{ + return [self valueAtIndex:index]; +} + +- (void)setObject:(id)object forKeyedSubscript:(NSObject *)key +{ + if (![key isKindOfClass:[NSString class]]) { + key = [[JSValue valueWithObject:key inContext:_context] toString]; + if (!key) + return; + } + + [self setValue:object forProperty:(NSString *)key]; +} + +- (void)setObject:(id)object atIndexedSubscript:(NSUInteger)index +{ + [self setValue:object atIndex:index]; +} + +@end + +inline bool isDate(JSObjectRef object, JSGlobalContextRef context) +{ + JSC::APIEntryShim entryShim(toJS(context)); + return toJS(object)->inherits(JSC::DateInstance::info()); +} + +inline bool isArray(JSObjectRef object, JSGlobalContextRef context) +{ + JSC::APIEntryShim entryShim(toJS(context)); + return toJS(object)->inherits(JSC::JSArray::info()); +} + +@implementation JSValue(Internal) + +enum ConversionType { + ContainerNone, + ContainerArray, + ContainerDictionary +}; + +class JSContainerConvertor { +public: + struct Task { + JSValueRef js; + id objc; + ConversionType type; + }; + + JSContainerConvertor(JSGlobalContextRef context) + : m_context(context) + { + } + + id convert(JSValueRef property); + void add(Task); + Task take(); + bool isWorkListEmpty() const { return !m_worklist.size(); } + +private: + JSGlobalContextRef m_context; + HashMap m_objectMap; + Vector m_worklist; +}; + +inline id JSContainerConvertor::convert(JSValueRef value) +{ + HashMap::iterator iter = m_objectMap.find(value); + if (iter != m_objectMap.end()) + return iter->value; + + Task result = valueToObjectWithoutCopy(m_context, value); + if (result.js) + add(result); + return result.objc; +} + +void JSContainerConvertor::add(Task task) +{ + m_objectMap.add(task.js, task.objc); + if (task.type != ContainerNone) + m_worklist.append(task); +} + +JSContainerConvertor::Task JSContainerConvertor::take() +{ + ASSERT(!isWorkListEmpty()); + Task last = m_worklist.last(); + m_worklist.removeLast(); + return last; +} + +static JSContainerConvertor::Task valueToObjectWithoutCopy(JSGlobalContextRef context, JSValueRef value) +{ + if (!JSValueIsObject(context, value)) { + id primitive; + if (JSValueIsBoolean(context, value)) + primitive = JSValueToBoolean(context, value) ? @YES : @NO; + else if (JSValueIsNumber(context, value)) { + // Normalize the number, so it will unique correctly in the hash map - + // it's nicer not to leak this internal implementation detail! + value = JSValueMakeNumber(context, JSValueToNumber(context, value, 0)); + primitive = [NSNumber numberWithDouble:JSValueToNumber(context, value, 0)]; + } else if (JSValueIsString(context, value)) { + // Would be nice to unique strings, too. + JSStringRef jsstring = JSValueToStringCopy(context, value, 0); + NSString * stringNS = (NSString *)JSStringCopyCFString(kCFAllocatorDefault, jsstring); + JSStringRelease(jsstring); + primitive = [stringNS autorelease]; + } else if (JSValueIsNull(context, value)) + primitive = [NSNull null]; + else { + ASSERT(JSValueIsUndefined(context, value)); + primitive = nil; + } + return (JSContainerConvertor::Task){ value, primitive, ContainerNone }; + } + + JSObjectRef object = JSValueToObject(context, value, 0); + + if (id wrapped = tryUnwrapObjcObject(context, object)) + return (JSContainerConvertor::Task){ object, wrapped, ContainerNone }; + + if (isDate(object, context)) + return (JSContainerConvertor::Task){ object, [NSDate dateWithTimeIntervalSince1970:JSValueToNumber(context, object, 0)], ContainerNone }; + + if (isArray(object, context)) + return (JSContainerConvertor::Task){ object, [NSMutableArray array], ContainerArray }; + + return (JSContainerConvertor::Task){ object, [NSMutableDictionary dictionary], ContainerDictionary }; +} + +static id containerValueToObject(JSGlobalContextRef context, JSContainerConvertor::Task task) +{ + ASSERT(task.type != ContainerNone); + JSContainerConvertor convertor(context); + convertor.add(task); + ASSERT(!convertor.isWorkListEmpty()); + + do { + JSContainerConvertor::Task current = convertor.take(); + ASSERT(JSValueIsObject(context, current.js)); + JSObjectRef js = JSValueToObject(context, current.js, 0); + + if (current.type == ContainerArray) { + ASSERT([current.objc isKindOfClass:[NSMutableArray class]]); + NSMutableArray *array = (NSMutableArray *)current.objc; + + JSStringRef lengthString = JSStringCreateWithUTF8CString("length"); + unsigned length = JSC::toUInt32(JSValueToNumber(context, JSObjectGetProperty(context, js, lengthString, 0), 0)); + JSStringRelease(lengthString); + + for (unsigned i = 0; i < length; ++i) { + id objc = convertor.convert(JSObjectGetPropertyAtIndex(context, js, i, 0)); + [array addObject:objc ? objc : [NSNull null]]; + } + } else { + ASSERT([current.objc isKindOfClass:[NSMutableDictionary class]]); + NSMutableDictionary *dictionary = (NSMutableDictionary *)current.objc; + + JSPropertyNameArrayRef propertyNameArray = JSObjectCopyPropertyNames(context, js); + size_t length = JSPropertyNameArrayGetCount(propertyNameArray); + + for (size_t i = 0; i < length; ++i) { + JSStringRef propertyName = JSPropertyNameArrayGetNameAtIndex(propertyNameArray, i); + if (id objc = convertor.convert(JSObjectGetProperty(context, js, propertyName, 0))) + dictionary[[(NSString *)JSStringCopyCFString(kCFAllocatorDefault, propertyName) autorelease]] = objc; + } + + JSPropertyNameArrayRelease(propertyNameArray); + } + + } while (!convertor.isWorkListEmpty()); + + return task.objc; +} + +id valueToObject(JSContext *context, JSValueRef value) +{ + JSContainerConvertor::Task result = valueToObjectWithoutCopy([context JSGlobalContextRef], value); + if (result.type == ContainerNone) + return result.objc; + return containerValueToObject([context JSGlobalContextRef], result); +} + +id valueToNumber(JSGlobalContextRef context, JSValueRef value, JSValueRef* exception) +{ + ASSERT(!*exception); + if (id wrapped = tryUnwrapObjcObject(context, value)) { + if ([wrapped isKindOfClass:[NSNumber class]]) + return wrapped; + } + + if (JSValueIsBoolean(context, value)) + return JSValueToBoolean(context, value) ? @YES : @NO; + + double result = JSValueToNumber(context, value, exception); + return [NSNumber numberWithDouble:*exception ? std::numeric_limits::quiet_NaN() : result]; +} + +id valueToString(JSGlobalContextRef context, JSValueRef value, JSValueRef* exception) +{ + ASSERT(!*exception); + if (id wrapped = tryUnwrapObjcObject(context, value)) { + if ([wrapped isKindOfClass:[NSString class]]) + return wrapped; + } + + JSStringRef jsstring = JSValueToStringCopy(context, value, exception); + if (*exception) { + ASSERT(!jsstring); + return nil; + } + + NSString *stringNS = HardAutorelease(JSStringCopyCFString(kCFAllocatorDefault, jsstring)); + JSStringRelease(jsstring); + return stringNS; +} + +id valueToDate(JSGlobalContextRef context, JSValueRef value, JSValueRef* exception) +{ + ASSERT(!*exception); + if (id wrapped = tryUnwrapObjcObject(context, value)) { + if ([wrapped isKindOfClass:[NSDate class]]) + return wrapped; + } + + double result = JSValueToNumber(context, value, exception); + return *exception ? nil : [NSDate dateWithTimeIntervalSince1970:result]; +} + +id valueToArray(JSGlobalContextRef context, JSValueRef value, JSValueRef* exception) +{ + ASSERT(!*exception); + if (id wrapped = tryUnwrapObjcObject(context, value)) { + if ([wrapped isKindOfClass:[NSArray class]]) + return wrapped; + } + + if (JSValueIsObject(context, value)) + return containerValueToObject(context, (JSContainerConvertor::Task){ value, [NSMutableArray array], ContainerArray}); + + if (!(JSValueIsNull(context, value) || JSValueIsUndefined(context, value))) + *exception = toRef(JSC::createTypeError(toJS(context), "Cannot convert primitive to NSArray")); + return nil; +} + +id valueToDictionary(JSGlobalContextRef context, JSValueRef value, JSValueRef* exception) +{ + ASSERT(!*exception); + if (id wrapped = tryUnwrapObjcObject(context, value)) { + if ([wrapped isKindOfClass:[NSDictionary class]]) + return wrapped; + } + + if (JSValueIsObject(context, value)) + return containerValueToObject(context, (JSContainerConvertor::Task){ value, [NSMutableDictionary dictionary], ContainerDictionary}); + + if (!(JSValueIsNull(context, value) || JSValueIsUndefined(context, value))) + *exception = toRef(JSC::createTypeError(toJS(context), "Cannot convert primitive to NSDictionary")); + return nil; +} + +class ObjcContainerConvertor { +public: + struct Task { + id objc; + JSValueRef js; + ConversionType type; + }; + + ObjcContainerConvertor(JSContext *context) + : m_context(context) + { + } + + JSValueRef convert(id object); + void add(Task); + Task take(); + bool isWorkListEmpty() const { return !m_worklist.size(); } + +private: + JSContext *m_context; + HashMap m_objectMap; + Vector m_worklist; +}; + +JSValueRef ObjcContainerConvertor::convert(id object) +{ + ASSERT(object); + + auto it = m_objectMap.find(object); + if (it != m_objectMap.end()) + return it->value; + + ObjcContainerConvertor::Task task = objectToValueWithoutCopy(m_context, object); + add(task); + return task.js; +} + +void ObjcContainerConvertor::add(ObjcContainerConvertor::Task task) +{ + m_objectMap.add(task.objc, task.js); + if (task.type != ContainerNone) + m_worklist.append(task); +} + +ObjcContainerConvertor::Task ObjcContainerConvertor::take() +{ + ASSERT(!isWorkListEmpty()); + Task last = m_worklist.last(); + m_worklist.removeLast(); + return last; +} + +inline bool isNSBoolean(id object) +{ + ASSERT([@YES class] == [@NO class]); + ASSERT([@YES class] != [NSNumber class]); + ASSERT([[@YES class] isSubclassOfClass:[NSNumber class]]); + return [object isKindOfClass:[@YES class]]; +} + +static ObjcContainerConvertor::Task objectToValueWithoutCopy(JSContext *context, id object) +{ + JSGlobalContextRef contextRef = [context JSGlobalContextRef]; + + if (!object) + return (ObjcContainerConvertor::Task){ object, JSValueMakeUndefined(contextRef), ContainerNone }; + + if (!class_conformsToProtocol(object_getClass(object), getJSExportProtocol())) { + if ([object isKindOfClass:[NSArray class]]) + return (ObjcContainerConvertor::Task){ object, JSObjectMakeArray(contextRef, 0, NULL, 0), ContainerArray }; + + if ([object isKindOfClass:[NSDictionary class]]) + return (ObjcContainerConvertor::Task){ object, JSObjectMake(contextRef, 0, 0), ContainerDictionary }; + + if ([object isKindOfClass:[NSNull class]]) + return (ObjcContainerConvertor::Task){ object, JSValueMakeNull(contextRef), ContainerNone }; + + if ([object isKindOfClass:[JSValue class]]) + return (ObjcContainerConvertor::Task){ object, ((JSValue *)object)->m_value, ContainerNone }; + + if ([object isKindOfClass:[NSString class]]) { + JSStringRef string = JSStringCreateWithCFString((CFStringRef)object); + JSValueRef js = JSValueMakeString(contextRef, string); + JSStringRelease(string); + return (ObjcContainerConvertor::Task){ object, js, ContainerNone }; + } + + if ([object isKindOfClass:[NSNumber class]]) { + if (isNSBoolean(object)) + return (ObjcContainerConvertor::Task){ object, JSValueMakeBoolean(contextRef, [object boolValue]), ContainerNone }; + return (ObjcContainerConvertor::Task){ object, JSValueMakeNumber(contextRef, [object doubleValue]), ContainerNone }; + } + + if ([object isKindOfClass:[NSDate class]]) { + JSValueRef argument = JSValueMakeNumber(contextRef, [object timeIntervalSince1970]); + JSObjectRef result = JSObjectMakeDate(contextRef, 1, &argument, 0); + return (ObjcContainerConvertor::Task){ object, result, ContainerNone }; + } + + if ([object isKindOfClass:[JSManagedValue class]]) { + JSValue *value = [static_cast(object) value]; + if (!value) + return (ObjcContainerConvertor::Task) { object, JSValueMakeUndefined(contextRef), ContainerNone }; + return (ObjcContainerConvertor::Task){ object, value->m_value, ContainerNone }; + } + } + + return (ObjcContainerConvertor::Task){ object, valueInternalValue([context wrapperForObjCObject:object]), ContainerNone }; +} + +JSValueRef objectToValue(JSContext *context, id object) +{ + JSGlobalContextRef contextRef = [context JSGlobalContextRef]; + + ObjcContainerConvertor::Task task = objectToValueWithoutCopy(context, object); + if (task.type == ContainerNone) + return task.js; + + ObjcContainerConvertor convertor(context); + convertor.add(task); + ASSERT(!convertor.isWorkListEmpty()); + + do { + ObjcContainerConvertor::Task current = convertor.take(); + ASSERT(JSValueIsObject(contextRef, current.js)); + JSObjectRef js = JSValueToObject(contextRef, current.js, 0); + + if (current.type == ContainerArray) { + ASSERT([current.objc isKindOfClass:[NSArray class]]); + NSArray *array = (NSArray *)current.objc; + NSUInteger count = [array count]; + for (NSUInteger index = 0; index < count; ++index) + JSObjectSetPropertyAtIndex(contextRef, js, index, convertor.convert([array objectAtIndex:index]), 0); + } else { + ASSERT(current.type == ContainerDictionary); + ASSERT([current.objc isKindOfClass:[NSDictionary class]]); + NSDictionary *dictionary = (NSDictionary *)current.objc; + for (id key in [dictionary keyEnumerator]) { + if ([key isKindOfClass:[NSString class]]) { + JSStringRef propertyName = JSStringCreateWithCFString((CFStringRef)key); + JSObjectSetProperty(contextRef, js, propertyName, convertor.convert([dictionary objectForKey:key]), 0, 0); + JSStringRelease(propertyName); + } + } + } + + } while (!convertor.isWorkListEmpty()); + + return task.js; +} + +JSValueRef valueInternalValue(JSValue * value) +{ + return value->m_value; +} + ++ (JSValue *)valueWithJSValueRef:(JSValueRef)value inContext:(JSContext *)context +{ + return [context wrapperForJSObject:value]; +} + +- (JSValue *)init +{ + return nil; +} + +- (JSValue *)initWithValue:(JSValueRef)value inContext:(JSContext *)context +{ + if (!value || !context) + return nil; + + self = [super init]; + if (!self) + return nil; + + _context = [context retain]; + m_value = value; + JSValueProtect([_context JSGlobalContextRef], m_value); + return self; +} + +struct StructTagHandler { + SEL typeToValueSEL; + SEL valueToTypeSEL; +}; +typedef HashMap StructHandlers; + +static StructHandlers* createStructHandlerMap() +{ + StructHandlers* structHandlers = new StructHandlers(); + + size_t valueWithXinContextLength = strlen("valueWithX:inContext:"); + size_t toXLength = strlen("toX"); + + // Step 1: find all valueWith:inContext: class methods in JSValue. + forEachMethodInClass(object_getClass([JSValue class]), ^(Method method){ + SEL selector = method_getName(method); + const char* name = sel_getName(selector); + size_t nameLength = strlen(name); + // Check for valueWith:context: + if (nameLength < valueWithXinContextLength || memcmp(name, "valueWith", 9) || memcmp(name + nameLength - 11, ":inContext:", 11)) + return; + // Check for [ id, SEL, , ] + if (method_getNumberOfArguments(method) != 4) + return; + char idType[3]; + // Check 2nd argument type is "@" + char* secondType = method_copyArgumentType(method, 3); + if (strcmp(secondType, "@") != 0) { + free(secondType); + return; + } + free(secondType); + // Check result type is also "@" + method_getReturnType(method, idType, 3); + if (strcmp(idType, "@") != 0) + return; + char* type = method_copyArgumentType(method, 2); + structHandlers->add(StringImpl::create(type), (StructTagHandler){ selector, 0 }); + free(type); + }); + + // Step 2: find all to instance methods in JSValue. + forEachMethodInClass([JSValue class], ^(Method method){ + SEL selector = method_getName(method); + const char* name = sel_getName(selector); + size_t nameLength = strlen(name); + // Check for to + if (nameLength < toXLength || memcmp(name, "to", 2)) + return; + // Check for [ id, SEL ] + if (method_getNumberOfArguments(method) != 2) + return; + // Try to find a matching valueWith:context: method. + char* type = method_copyReturnType(method); + + StructHandlers::iterator iter = structHandlers->find(type); + free(type); + if (iter == structHandlers->end()) + return; + StructTagHandler& handler = iter->value; + + // check that strlen() == strlen() + const char* valueWithName = sel_getName(handler.typeToValueSEL); + size_t valueWithLength = strlen(valueWithName); + if (valueWithLength - valueWithXinContextLength != nameLength - toXLength) + return; + // Check that == + if (memcmp(valueWithName + 9, name + 2, nameLength - toXLength - 1)) + return; + handler.valueToTypeSEL = selector; + }); + + // Step 3: clean up - remove entries where we found prospective valueWith:inContext: conversions, but no matching to methods. + typedef HashSet RemoveSet; + RemoveSet removeSet; + for (StructHandlers::iterator iter = structHandlers->begin(); iter != structHandlers->end(); ++iter) { + StructTagHandler& handler = iter->value; + if (!handler.valueToTypeSEL) + removeSet.add(iter->key); + } + + for (RemoveSet::iterator iter = removeSet.begin(); iter != removeSet.end(); ++iter) + structHandlers->remove(*iter); + + return structHandlers; +} + +static StructTagHandler* handerForStructTag(const char* encodedType) +{ + static SpinLock handerForStructTagLock = SPINLOCK_INITIALIZER; + SpinLockHolder lockHolder(&handerForStructTagLock); + + static StructHandlers* structHandlers = createStructHandlerMap(); + + StructHandlers::iterator iter = structHandlers->find(encodedType); + if (iter == structHandlers->end()) + return 0; + return &iter->value; +} + ++ (SEL)selectorForStructToValue:(const char *)structTag +{ + StructTagHandler* handler = handerForStructTag(structTag); + return handler ? handler->typeToValueSEL : nil; +} + ++ (SEL)selectorForValueToStruct:(const char *)structTag +{ + StructTagHandler* handler = handerForStructTag(structTag); + return handler ? handler->valueToTypeSEL : nil; +} + +- (void)dealloc +{ + JSValueUnprotect([_context JSGlobalContextRef], m_value); + [_context release]; + _context = nil; + [super dealloc]; +} + +- (NSString *)description +{ + if (id wrapped = tryUnwrapObjcObject([_context JSGlobalContextRef], m_value)) + return [wrapped description]; + return [self toString]; +} + +NSInvocation *typeToValueInvocationFor(const char* encodedType) +{ + SEL selector = [JSValue selectorForStructToValue:encodedType]; + if (!selector) + return 0; + + const char* methodTypes = method_getTypeEncoding(class_getClassMethod([JSValue class], selector)); + NSInvocation *invocation = [NSInvocation invocationWithMethodSignature:[NSMethodSignature signatureWithObjCTypes:methodTypes]]; + [invocation setSelector:selector]; + return invocation; +} + +NSInvocation *valueToTypeInvocationFor(const char* encodedType) +{ + SEL selector = [JSValue selectorForValueToStruct:encodedType]; + if (!selector) + return 0; + + const char* methodTypes = method_getTypeEncoding(class_getInstanceMethod([JSValue class], selector)); + NSInvocation *invocation = [NSInvocation invocationWithMethodSignature:[NSMethodSignature signatureWithObjCTypes:methodTypes]]; + [invocation setSelector:selector]; + return invocation; +} + +@end + +#endif diff --git a/JavaScriptCore/API/JSValueInternal.h b/JavaScriptCore/API/JSValueInternal.h new file mode 100755 index 00000000..1ef6f048 --- /dev/null +++ b/JavaScriptCore/API/JSValueInternal.h @@ -0,0 +1,58 @@ +/* + * Copyright (C) 2013 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY + * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef JSValueInternal_h +#define JSValueInternal_h + +#import +#import "JSValue.h" + +#if JSC_OBJC_API_ENABLED + +@interface JSValue(Internal) + +JSValueRef valueInternalValue(JSValue *); + +- (JSValue *)initWithValue:(JSValueRef)value inContext:(JSContext *)context; + +JSValueRef objectToValue(JSContext *, id); +id valueToObject(JSContext *, JSValueRef); +id valueToNumber(JSGlobalContextRef, JSValueRef, JSValueRef* exception); +id valueToString(JSGlobalContextRef, JSValueRef, JSValueRef* exception); +id valueToDate(JSGlobalContextRef, JSValueRef, JSValueRef* exception); +id valueToArray(JSGlobalContextRef, JSValueRef, JSValueRef* exception); +id valueToDictionary(JSGlobalContextRef, JSValueRef, JSValueRef* exception); + ++ (SEL)selectorForStructToValue:(const char *)structTag; ++ (SEL)selectorForValueToStruct:(const char *)structTag; + +@end + +NSInvocation *typeToValueInvocationFor(const char* encodedType); +NSInvocation *valueToTypeInvocationFor(const char* encodedType); + +#endif + +#endif // JSValueInternal_h diff --git a/JavaScriptCore/API/JSValueRef.cpp b/JavaScriptCore/API/JSValueRef.cpp old mode 100644 new mode 100755 index 9b7268a2..8601ea8a --- a/JavaScriptCore/API/JSValueRef.cpp +++ b/JavaScriptCore/API/JSValueRef.cpp @@ -28,26 +28,46 @@ #include "APICast.h" #include "APIShims.h" +#include "JSAPIWrapperObject.h" #include "JSCallbackObject.h" +#include #include #include #include #include #include #include -#include -#include #include #include +#include #include // for std::min +#if PLATFORM(MAC) +#include +#endif + using namespace JSC; +#if PLATFORM(MAC) +static bool evernoteHackNeeded() +{ + static const int32_t webkitLastVersionWithEvernoteHack = 35133959; + static bool hackNeeded = CFEqual(CFBundleGetIdentifier(CFBundleGetMainBundle()), CFSTR("com.evernote.Evernote")) + && NSVersionOfLinkTimeLibrary("JavaScriptCore") <= webkitLastVersionWithEvernoteHack; + + return hackNeeded; +} +#endif + ::JSType JSValueGetType(JSContextRef ctx, JSValueRef value) { + if (!ctx) { + ASSERT_NOT_REACHED(); + return kJSTypeUndefined; + } ExecState* exec = toJS(ctx); APIEntryShim entryShim(exec); @@ -69,6 +89,10 @@ ::JSType JSValueGetType(JSContextRef ctx, JSValueRef value) bool JSValueIsUndefined(JSContextRef ctx, JSValueRef value) { + if (!ctx) { + ASSERT_NOT_REACHED(); + return false; + } ExecState* exec = toJS(ctx); APIEntryShim entryShim(exec); @@ -78,6 +102,10 @@ bool JSValueIsUndefined(JSContextRef ctx, JSValueRef value) bool JSValueIsNull(JSContextRef ctx, JSValueRef value) { + if (!ctx) { + ASSERT_NOT_REACHED(); + return false; + } ExecState* exec = toJS(ctx); APIEntryShim entryShim(exec); @@ -87,6 +115,10 @@ bool JSValueIsNull(JSContextRef ctx, JSValueRef value) bool JSValueIsBoolean(JSContextRef ctx, JSValueRef value) { + if (!ctx) { + ASSERT_NOT_REACHED(); + return false; + } ExecState* exec = toJS(ctx); APIEntryShim entryShim(exec); @@ -96,6 +128,10 @@ bool JSValueIsBoolean(JSContextRef ctx, JSValueRef value) bool JSValueIsNumber(JSContextRef ctx, JSValueRef value) { + if (!ctx) { + ASSERT_NOT_REACHED(); + return false; + } ExecState* exec = toJS(ctx); APIEntryShim entryShim(exec); @@ -105,6 +141,10 @@ bool JSValueIsNumber(JSContextRef ctx, JSValueRef value) bool JSValueIsString(JSContextRef ctx, JSValueRef value) { + if (!ctx) { + ASSERT_NOT_REACHED(); + return false; + } ExecState* exec = toJS(ctx); APIEntryShim entryShim(exec); @@ -114,6 +154,10 @@ bool JSValueIsString(JSContextRef ctx, JSValueRef value) bool JSValueIsObject(JSContextRef ctx, JSValueRef value) { + if (!ctx) { + ASSERT_NOT_REACHED(); + return false; + } ExecState* exec = toJS(ctx); APIEntryShim entryShim(exec); @@ -123,22 +167,34 @@ bool JSValueIsObject(JSContextRef ctx, JSValueRef value) bool JSValueIsObjectOfClass(JSContextRef ctx, JSValueRef value, JSClassRef jsClass) { + if (!ctx || !jsClass) { + ASSERT_NOT_REACHED(); + return false; + } ExecState* exec = toJS(ctx); APIEntryShim entryShim(exec); JSValue jsValue = toJS(exec, value); if (JSObject* o = jsValue.getObject()) { - if (o->inherits(&JSCallbackObject::s_info)) + if (o->inherits(JSCallbackObject::info())) return jsCast*>(o)->inherits(jsClass); - if (o->inherits(&JSCallbackObject::s_info)) - return jsCast*>(o)->inherits(jsClass); + if (o->inherits(JSCallbackObject::info())) + return jsCast*>(o)->inherits(jsClass); +#if JSC_OBJC_API_ENABLED + if (o->inherits(JSCallbackObject::info())) + return jsCast*>(o)->inherits(jsClass); +#endif } return false; } bool JSValueIsEqual(JSContextRef ctx, JSValueRef a, JSValueRef b, JSValueRef* exception) { + if (!ctx) { + ASSERT_NOT_REACHED(); + return false; + } ExecState* exec = toJS(ctx); APIEntryShim entryShim(exec); @@ -156,6 +212,10 @@ bool JSValueIsEqual(JSContextRef ctx, JSValueRef a, JSValueRef b, JSValueRef* ex bool JSValueIsStrictEqual(JSContextRef ctx, JSValueRef a, JSValueRef b) { + if (!ctx) { + ASSERT_NOT_REACHED(); + return false; + } ExecState* exec = toJS(ctx); APIEntryShim entryShim(exec); @@ -167,6 +227,10 @@ bool JSValueIsStrictEqual(JSContextRef ctx, JSValueRef a, JSValueRef b) bool JSValueIsInstanceOfConstructor(JSContextRef ctx, JSValueRef value, JSObjectRef constructor, JSValueRef* exception) { + if (!ctx) { + ASSERT_NOT_REACHED(); + return false; + } ExecState* exec = toJS(ctx); APIEntryShim entryShim(exec); @@ -175,7 +239,7 @@ bool JSValueIsInstanceOfConstructor(JSContextRef ctx, JSValueRef value, JSObject JSObject* jsConstructor = toJS(constructor); if (!jsConstructor->structure()->typeInfo().implementsHasInstance()) return false; - bool result = jsConstructor->methodTable()->hasInstance(jsConstructor, exec, jsValue, jsConstructor->get(exec, exec->propertyNames().prototype)); // false if an exception is thrown + bool result = jsConstructor->hasInstance(exec, jsValue); // false if an exception is thrown if (exec->hadException()) { if (exception) *exception = toRef(exec, exec->exception()); @@ -186,6 +250,10 @@ bool JSValueIsInstanceOfConstructor(JSContextRef ctx, JSValueRef value, JSObject JSValueRef JSValueMakeUndefined(JSContextRef ctx) { + if (!ctx) { + ASSERT_NOT_REACHED(); + return 0; + } ExecState* exec = toJS(ctx); APIEntryShim entryShim(exec); @@ -194,6 +262,10 @@ JSValueRef JSValueMakeUndefined(JSContextRef ctx) JSValueRef JSValueMakeNull(JSContextRef ctx) { + if (!ctx) { + ASSERT_NOT_REACHED(); + return 0; + } ExecState* exec = toJS(ctx); APIEntryShim entryShim(exec); @@ -202,6 +274,10 @@ JSValueRef JSValueMakeNull(JSContextRef ctx) JSValueRef JSValueMakeBoolean(JSContextRef ctx, bool value) { + if (!ctx) { + ASSERT_NOT_REACHED(); + return 0; + } ExecState* exec = toJS(ctx); APIEntryShim entryShim(exec); @@ -210,45 +286,62 @@ JSValueRef JSValueMakeBoolean(JSContextRef ctx, bool value) JSValueRef JSValueMakeNumber(JSContextRef ctx, double value) { + if (!ctx) { + ASSERT_NOT_REACHED(); + return 0; + } ExecState* exec = toJS(ctx); APIEntryShim entryShim(exec); // Our JSValue representation relies on a standard bit pattern for NaN. NaNs // generated internally to JavaScriptCore naturally have that representation, // but an external NaN might not. - if (isnan(value)) - value = std::numeric_limits::quiet_NaN(); + if (std::isnan(value)) + value = QNaN; return toRef(exec, jsNumber(value)); } JSValueRef JSValueMakeString(JSContextRef ctx, JSStringRef string) { + if (!ctx) { + ASSERT_NOT_REACHED(); + return 0; + } ExecState* exec = toJS(ctx); APIEntryShim entryShim(exec); - return toRef(exec, jsString(exec, string->ustring())); + return toRef(exec, jsString(exec, string->string())); } JSValueRef JSValueMakeFromJSONString(JSContextRef ctx, JSStringRef string) { + if (!ctx) { + ASSERT_NOT_REACHED(); + return 0; + } ExecState* exec = toJS(ctx); APIEntryShim entryShim(exec); - UString str = string->ustring(); - if (str.is8Bit()) { - LiteralParser parser(exec, str.characters8(), str.length(), StrictJSON); + String str = string->string(); + unsigned length = str.length(); + if (length && str.is8Bit()) { + LiteralParser parser(exec, str.characters8(), length, StrictJSON); return toRef(exec, parser.tryLiteralParse()); } - LiteralParser parser(exec, str.characters16(), str.length(), StrictJSON); + LiteralParser parser(exec, str.characters(), length, StrictJSON); return toRef(exec, parser.tryLiteralParse()); } JSStringRef JSValueCreateJSONString(JSContextRef ctx, JSValueRef apiValue, unsigned indent, JSValueRef* exception) { + if (!ctx) { + ASSERT_NOT_REACHED(); + return 0; + } ExecState* exec = toJS(ctx); APIEntryShim entryShim(exec); JSValue value = toJS(exec, apiValue); - UString result = JSONStringify(exec, value, indent); + String result = JSONStringify(exec, value, indent); if (exception) *exception = 0; if (exec->hadException()) { @@ -262,6 +355,10 @@ JSStringRef JSValueCreateJSONString(JSContextRef ctx, JSValueRef apiValue, unsig bool JSValueToBoolean(JSContextRef ctx, JSValueRef value) { + if (!ctx) { + ASSERT_NOT_REACHED(); + return false; + } ExecState* exec = toJS(ctx); APIEntryShim entryShim(exec); @@ -271,6 +368,10 @@ bool JSValueToBoolean(JSContextRef ctx, JSValueRef value) double JSValueToNumber(JSContextRef ctx, JSValueRef value, JSValueRef* exception) { + if (!ctx) { + ASSERT_NOT_REACHED(); + return QNaN; + } ExecState* exec = toJS(ctx); APIEntryShim entryShim(exec); @@ -281,13 +382,17 @@ double JSValueToNumber(JSContextRef ctx, JSValueRef value, JSValueRef* exception if (exception) *exception = toRef(exec, exec->exception()); exec->clearException(); - number = std::numeric_limits::quiet_NaN(); + number = QNaN; } return number; } JSStringRef JSValueToStringCopy(JSContextRef ctx, JSValueRef value, JSValueRef* exception) { + if (!ctx) { + ASSERT_NOT_REACHED(); + return 0; + } ExecState* exec = toJS(ctx); APIEntryShim entryShim(exec); @@ -305,6 +410,10 @@ JSStringRef JSValueToStringCopy(JSContextRef ctx, JSValueRef value, JSValueRef* JSObjectRef JSValueToObject(JSContextRef ctx, JSValueRef value, JSValueRef* exception) { + if (!ctx) { + ASSERT_NOT_REACHED(); + return 0; + } ExecState* exec = toJS(ctx); APIEntryShim entryShim(exec); @@ -322,6 +431,10 @@ JSObjectRef JSValueToObject(JSContextRef ctx, JSValueRef value, JSValueRef* exce void JSValueProtect(JSContextRef ctx, JSValueRef value) { + if (!ctx) { + ASSERT_NOT_REACHED(); + return; + } ExecState* exec = toJS(ctx); APIEntryShim entryShim(exec); @@ -331,6 +444,11 @@ void JSValueProtect(JSContextRef ctx, JSValueRef value) void JSValueUnprotect(JSContextRef ctx, JSValueRef value) { +#if PLATFORM(MAC) + if ((!value || !ctx) && evernoteHackNeeded()) + return; +#endif + ExecState* exec = toJS(ctx); APIEntryShim entryShim(exec); diff --git a/JavaScriptCore/API/JSValueRef.h b/JavaScriptCore/API/JSValueRef.h old mode 100644 new mode 100755 index 4186db82..125e4028 --- a/JavaScriptCore/API/JSValueRef.h +++ b/JavaScriptCore/API/JSValueRef.h @@ -63,7 +63,7 @@ extern "C" { @param value The JSValue whose type you want to obtain. @result A value of type JSType that identifies value's type. */ -JS_EXPORT JSType JSValueGetType(JSContextRef ctx, JSValueRef value); +JS_EXPORT JSType JSValueGetType(JSContextRef ctx, JSValueRef); /*! @function diff --git a/JavaScriptCore/API/JSVirtualMachine.h b/JavaScriptCore/API/JSVirtualMachine.h new file mode 100755 index 00000000..47a69d60 --- /dev/null +++ b/JavaScriptCore/API/JSVirtualMachine.h @@ -0,0 +1,58 @@ +/* + * Copyright (C) 2013 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY + * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#import + +#if JSC_OBJC_API_ENABLED + +// An instance of JSVirtualMachine represents a single JavaScript "object space" +// or set of execution resources. Thread safety is supported by locking the +// virtual machine, with concurrent JavaScript execution supported by allocating +// separate instances of JSVirtualMachine. + +//NS_CLASS_AVAILABLE(10_9, NA) +@interface JSVirtualMachine : NSObject + +// Create a new JSVirtualMachine. +- (id)init; + +// addManagedReference:withOwner and removeManagedReference:withOwner allow +// clients of JSVirtualMachine to make the JavaScript runtime aware of +// arbitrary external Objective-C object graphs. The runtime can then use +// this information to retain any JavaScript values that are referenced +// from somewhere in said object graph. +// +// For correct behavior clients must make their external object graphs +// reachable from within the JavaScript runtime. If an Objective-C object is +// reachable from within the JavaScript runtime, all managed references +// transitively reachable from it as recorded with +// addManagedReference:withOwner: will be scanned by the garbage collector. +// +- (void)addManagedReference:(id)object withOwner:(id)owner; +- (void)removeManagedReference:(id)object withOwner:(id)owner; + +@end + +#endif diff --git a/JavaScriptCore/API/JSVirtualMachine.mm b/JavaScriptCore/API/JSVirtualMachine.mm new file mode 100755 index 00000000..f51b4335 --- /dev/null +++ b/JavaScriptCore/API/JSVirtualMachine.mm @@ -0,0 +1,273 @@ +/* + * Copyright (C) 2013 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY + * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "config.h" + +#import "JavaScriptCore.h" + +#if JSC_OBJC_API_ENABLED + +#import "APICast.h" +#import "APIShims.h" +#import "JSVirtualMachine.h" +#import "JSVirtualMachineInternal.h" +#import "JSWrapperMap.h" +#import "SlotVisitorInlines.h" + +static NSMapTable *globalWrapperCache = 0; + +static Mutex& wrapperCacheLock() +{ + DEFINE_STATIC_LOCAL(Mutex, mutex, ()); + return mutex; +} + +static void initWrapperCache() +{ + ASSERT(!globalWrapperCache); + NSPointerFunctionsOptions keyOptions = NSPointerFunctionsOpaqueMemory | NSPointerFunctionsOpaquePersonality; + NSPointerFunctionsOptions valueOptions = NSPointerFunctionsWeakMemory | NSPointerFunctionsObjectPersonality; + globalWrapperCache = [[NSMapTable alloc] initWithKeyOptions:keyOptions valueOptions:valueOptions capacity:0]; +} + +static NSMapTable *wrapperCache() +{ + if (!globalWrapperCache) + initWrapperCache(); + return globalWrapperCache; +} + +@interface JSVMWrapperCache : NSObject ++ (void)addWrapper:(JSVirtualMachine *)wrapper forJSContextGroupRef:(JSContextGroupRef)group; ++ (JSVirtualMachine *)wrapperForJSContextGroupRef:(JSContextGroupRef)group; +@end + +@implementation JSVMWrapperCache + ++ (void)addWrapper:(JSVirtualMachine *)wrapper forJSContextGroupRef:(JSContextGroupRef)group +{ + MutexLocker locker(wrapperCacheLock()); + NSMapTable *map = wrapperCache(); + [map setObject:wrapper forKey:(id)group]; +// NSMapInsert(wrapperCache(), group, wrapper); +} + ++ (JSVirtualMachine *)wrapperForJSContextGroupRef:(JSContextGroupRef)group +{ + MutexLocker locker(wrapperCacheLock()); + NSMapTable *map = wrapperCache(); + return static_cast([map objectForKey:(id)group]); +// return static_cast(NSMapGet(wrapperCache(), group)); +} + +@end + +@implementation JSVirtualMachine { + JSContextGroupRef m_group; + NSMapTable *m_contextCache; + NSMapTable *m_externalObjectGraph; +} + +- (id)init +{ + JSContextGroupRef group = JSContextGroupCreate(); + self = [self initWithContextGroupRef:group]; + // The extra JSContextGroupRetain is balanced here. + JSContextGroupRelease(group); + return self; +} + +- (id)initWithContextGroupRef:(JSContextGroupRef)group +{ + self = [super init]; + if (!self) + return nil; + + m_group = JSContextGroupRetain(group); + + NSPointerFunctionsOptions keyOptions = NSPointerFunctionsOpaqueMemory | NSPointerFunctionsOpaquePersonality; + NSPointerFunctionsOptions valueOptions = NSPointerFunctionsWeakMemory | NSPointerFunctionsObjectPersonality; + m_contextCache = [[NSMapTable alloc] initWithKeyOptions:keyOptions valueOptions:valueOptions capacity:0]; + + NSPointerFunctionsOptions weakIDOptions = NSPointerFunctionsWeakMemory | NSPointerFunctionsObjectPersonality; + NSPointerFunctionsOptions strongIDOptions = NSPointerFunctionsStrongMemory | NSPointerFunctionsObjectPersonality; + m_externalObjectGraph = [[NSMapTable alloc] initWithKeyOptions:weakIDOptions valueOptions:strongIDOptions capacity:0]; + + [JSVMWrapperCache addWrapper:self forJSContextGroupRef:group]; + + return self; +} + +- (void)dealloc +{ + JSContextGroupRelease(m_group); + [m_contextCache release]; + [m_externalObjectGraph release]; + [super dealloc]; +} + +static id getInternalObjcObject(id object) +{ + if ([object isKindOfClass:[JSManagedValue class]]) { + JSValue* value = [static_cast(object) value]; + id temp = tryUnwrapObjcObject([value.context JSGlobalContextRef], [value JSValueRef]); + if (temp) + return temp; + return object; + } + + if ([object isKindOfClass:[JSValue class]]) { + JSValue *value = static_cast(object); + object = tryUnwrapObjcObject([value.context JSGlobalContextRef], [value JSValueRef]); + } + + return object; +} + +- (void)addManagedReference:(id)object withOwner:(id)owner +{ + object = getInternalObjcObject(object); + owner = getInternalObjcObject(owner); + + if (!object || !owner) + return; + + JSC::APIEntryShim shim(toJS(m_group)); + + NSMapTable *ownedObjects = [m_externalObjectGraph objectForKey:owner]; + if (!ownedObjects) { + NSPointerFunctionsOptions weakIDOptions = NSPointerFunctionsWeakMemory | NSPointerFunctionsObjectPersonality; + NSPointerFunctionsOptions integerOptions = NSPointerFunctionsOpaqueMemory | NSPointerFunctionsIntegerPersonality; + ownedObjects = [[NSMapTable alloc] initWithKeyOptions:weakIDOptions valueOptions:integerOptions capacity:1]; + + [m_externalObjectGraph setObject:ownedObjects forKey:owner]; + [ownedObjects release]; + } + + + id value = (id)reinterpret_cast(reinterpret_cast([ownedObjects objectForKey:object]) + 1); + [ownedObjects setObject:value forKey:object]; +// NSMapInsert(ownedObjects, object, reinterpret_cast(reinterpret_cast(NSMapGet(ownedObjects, object)) + 1)); +} + +- (void)removeManagedReference:(id)object withOwner:(id)owner +{ + object = getInternalObjcObject(object); + owner = getInternalObjcObject(owner); + + if (!object || !owner) + return; + + JSC::APIEntryShim shim(toJS(m_group)); + + NSMapTable *ownedObjects = [m_externalObjectGraph objectForKey:owner]; + if (!ownedObjects) + return; + + size_t count = reinterpret_cast([ownedObjects objectForKey:object]); +// size_t count = reinterpret_cast(NSMapGet(ownedObjects, object)); + if (count > 1) + { + id value = (id)reinterpret_cast(count - 1); + [ownedObjects setObject:value forKey:object]; +// NSMapInsert(ownedObjects, object, reinterpret_cast(count - 1)); + return; + } + + if (count == 1) + { + [ownedObjects removeObjectForKey:object]; +// NSMapRemove(ownedObjects, object); + } + + if (![ownedObjects count]) + [m_externalObjectGraph removeObjectForKey:owner]; +} + +@end + +@implementation JSVirtualMachine(Internal) + +JSContextGroupRef getGroupFromVirtualMachine(JSVirtualMachine *virtualMachine) +{ + return virtualMachine->m_group; +} + ++ (JSVirtualMachine *)virtualMachineWithContextGroupRef:(JSContextGroupRef)group +{ + JSVirtualMachine *virtualMachine = [JSVMWrapperCache wrapperForJSContextGroupRef:group]; + if (!virtualMachine) + virtualMachine = [[[JSVirtualMachine alloc] initWithContextGroupRef:group] autorelease]; + return virtualMachine; +} + +- (JSContext *)contextForGlobalContextRef:(JSGlobalContextRef)globalContext +{ + return static_cast([m_contextCache objectForKey:(id)globalContext]); +// return static_cast(NSMapGet(m_contextCache, globalContext)); +} + +- (void)addContext:(JSContext *)wrapper forGlobalContextRef:(JSGlobalContextRef)globalContext +{ + [m_contextCache setObject:wrapper forKey:(id)globalContext]; +// NSMapInsert(m_contextCache, globalContext, wrapper); +} + +- (NSMapTable *)externalObjectGraph +{ + return m_externalObjectGraph; +} + +@end + +void scanExternalObjectGraph(JSC::VM& vm, JSC::SlotVisitor& visitor, void* root) +{ + @autoreleasepool { + JSVirtualMachine *virtualMachine = [JSVMWrapperCache wrapperForJSContextGroupRef:toRef(&vm)]; + if (!virtualMachine) + return; + NSMapTable *externalObjectGraph = [virtualMachine externalObjectGraph]; + Vector stack; + stack.append(root); + while (!stack.isEmpty()) { + void* nextRoot = stack.last(); + stack.removeLast(); + if (visitor.containsOpaqueRootTriState(nextRoot) == TrueTriState) + continue; + visitor.addOpaqueRoot(nextRoot); + + NSMapTable *ownedObjects = [externalObjectGraph objectForKey:static_cast(nextRoot)]; + id ownedObject; + NSEnumerator *enumerator = [ownedObjects keyEnumerator]; + while ((ownedObject = [enumerator nextObject])) { + ASSERT(reinterpret_cast(NSMapGet(ownedObjects, ownedObject)) == 1); + stack.append(static_cast(ownedObject)); + } + } + } +} + +#endif + diff --git a/JavaScriptCore/API/JSVirtualMachineInternal.h b/JavaScriptCore/API/JSVirtualMachineInternal.h new file mode 100755 index 00000000..72922656 --- /dev/null +++ b/JavaScriptCore/API/JSVirtualMachineInternal.h @@ -0,0 +1,57 @@ +/* + * Copyright (C) 2013 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY + * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef JSVirtualMachineInternal_h +#define JSVirtualMachineInternal_h + +#import + +#if JSC_OBJC_API_ENABLED + +namespace JSC { +class VM; +class SlotVisitor; +} + +#if defined(__OBJC__) +@interface JSVirtualMachine(Internal) + +JSContextGroupRef getGroupFromVirtualMachine(JSVirtualMachine *); + ++ (JSVirtualMachine *)virtualMachineWithContextGroupRef:(JSContextGroupRef)group; + +- (JSContext *)contextForGlobalContextRef:(JSGlobalContextRef)globalContext; +- (void)addContext:(JSContext *)wrapper forGlobalContextRef:(JSGlobalContextRef)globalContext; + +- (NSMapTable *)externalObjectGraph; + +@end +#endif // defined(__OBJC__) + +void scanExternalObjectGraph(JSC::VM&, JSC::SlotVisitor&, void* root); + +#endif + +#endif // JSVirtualMachineInternal_h diff --git a/JavaScriptCore/API/JSWeakObjectMapRefInternal.h b/JavaScriptCore/API/JSWeakObjectMapRefInternal.h old mode 100644 new mode 100755 diff --git a/JavaScriptCore/API/JSWeakObjectMapRefPrivate.cpp b/JavaScriptCore/API/JSWeakObjectMapRefPrivate.cpp old mode 100644 new mode 100755 index bdd56f60..6f9e457e --- a/JavaScriptCore/API/JSWeakObjectMapRefPrivate.cpp +++ b/JavaScriptCore/API/JSWeakObjectMapRefPrivate.cpp @@ -28,9 +28,11 @@ #include "APICast.h" #include "APIShims.h" +#include "JSCJSValue.h" #include "JSCallbackObject.h" -#include "JSValue.h" #include "JSWeakObjectMapRefInternal.h" +#include "Operations.h" +#include "Weak.h" #include #include @@ -52,17 +54,25 @@ JSWeakObjectMapRef JSWeakObjectMapCreate(JSContextRef context, void* privateData void JSWeakObjectMapSet(JSContextRef ctx, JSWeakObjectMapRef map, void* key, JSObjectRef object) { + if (!ctx) { + ASSERT_NOT_REACHED(); + return; + } ExecState* exec = toJS(ctx); APIEntryShim entryShim(exec); JSObject* obj = toJS(object); if (!obj) return; - ASSERT(obj->inherits(&JSCallbackObject::s_info) || obj->inherits(&JSCallbackObject::s_info)); - map->map().set(exec->globalData(), key, obj); + ASSERT(obj->inherits(JSCallbackObject::info()) || obj->inherits(JSCallbackObject::info())); + map->map().set(key, obj); } JSObjectRef JSWeakObjectMapGet(JSContextRef ctx, JSWeakObjectMapRef map, void* key) { + if (!ctx) { + ASSERT_NOT_REACHED(); + return 0; + } ExecState* exec = toJS(ctx); APIEntryShim entryShim(exec); return toRef(jsCast(map->map().get(key))); @@ -70,9 +80,13 @@ JSObjectRef JSWeakObjectMapGet(JSContextRef ctx, JSWeakObjectMapRef map, void* k void JSWeakObjectMapRemove(JSContextRef ctx, JSWeakObjectMapRef map, void* key) { + if (!ctx) { + ASSERT_NOT_REACHED(); + return; + } ExecState* exec = toJS(ctx); APIEntryShim entryShim(exec); - map->map().take(key); + map->map().remove(key); } // We need to keep this function in the build to keep the nightlies running. diff --git a/JavaScriptCore/API/JSWeakObjectMapRefPrivate.h b/JavaScriptCore/API/JSWeakObjectMapRefPrivate.h old mode 100644 new mode 100755 diff --git a/JavaScriptCore/API/JSWrapperMap.h b/JavaScriptCore/API/JSWrapperMap.h new file mode 100755 index 00000000..09572ab6 --- /dev/null +++ b/JavaScriptCore/API/JSWrapperMap.h @@ -0,0 +1,47 @@ +/* + * Copyright (C) 2013 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY + * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#import +#import +#import + +#if JSC_OBJC_API_ENABLED + +@interface JSWrapperMap : NSObject + +- (id)initWithContext:(JSContext *)context; + +- (JSValue *)jsWrapperForObject:(id)object; + +- (JSValue *)objcWrapperForJSValueRef:(JSValueRef)value; + +@end + +id tryUnwrapObjcObject(JSGlobalContextRef, JSValueRef); + +Protocol *getJSExportProtocol(); +Class getNSBlockClass(); + +#endif diff --git a/JavaScriptCore/API/JSWrapperMap.mm b/JavaScriptCore/API/JSWrapperMap.mm new file mode 100755 index 00000000..b9a95eb9 --- /dev/null +++ b/JavaScriptCore/API/JSWrapperMap.mm @@ -0,0 +1,523 @@ +/* + * Copyright (C) 2013 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY + * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "config.h" +#import "JavaScriptCore.h" + +#if JSC_OBJC_API_ENABLED + +#import "APICast.h" +#import "APIShims.h" +#import "JSAPIWrapperObject.h" +#import "JSCallbackObject.h" +#import "JSContextInternal.h" +#import "JSWrapperMap.h" +#import "ObjCCallbackFunction.h" +#import "ObjcRuntimeExtras.h" +#import "Operations.h" +#import "WeakGCMap.h" +#import +#import + +@class JSObjCClassInfo; + +@interface JSWrapperMap () + +- (JSObjCClassInfo*)classInfoForClass:(Class)cls; + +@end + +// Default conversion of selectors to property names. +// All semicolons are removed, lowercase letters following a semicolon are capitalized. +static NSString *selectorToPropertyName(const char* start) +{ + // Use 'index' to check for colons, if there are none, this is easy! + const char* firstColon = index(start, ':'); + if (!firstColon) + return [NSString stringWithUTF8String:start]; + + // 'header' is the length of string up to the first colon. + size_t header = firstColon - start; + // The new string needs to be long enough to hold 'header', plus the remainder of the string, excluding + // at least one ':', but including a '\0'. (This is conservative if there are more than one ':'). + char* buffer = static_cast(malloc(header + strlen(firstColon + 1) + 1)); + // Copy 'header' characters, set output to point to the end of this & input to point past the first ':'. + memcpy(buffer, start, header); + char* output = buffer + header; + const char* input = start + header + 1; + + // On entry to the loop, we have already skipped over a ':' from the input. + while (true) { + char c; + // Skip over any additional ':'s. We'll leave c holding the next character after the + // last ':', and input pointing past c. + while ((c = *(input++)) == ':'); + // Copy the character, converting to upper case if necessary. + // If the character we copy is '\0', then we're done! + if (!(*(output++) = toupper(c))) + goto done; + // Loop over characters other than ':'. + while ((c = *(input++)) != ':') { + // Copy the character. + // If the character we copy is '\0', then we're done! + if (!(*(output++) = c)) + goto done; + } + // If we get here, we've consumed a ':' - wash, rinse, repeat. + } +done: + NSString *result = [NSString stringWithUTF8String:buffer]; + free(buffer); + return result; +} + +static JSObjectRef makeWrapper(JSContextRef ctx, JSClassRef jsClass, id wrappedObject) +{ + JSC::ExecState* exec = toJS(ctx); + JSC::APIEntryShim entryShim(exec); + + ASSERT(jsClass); + JSC::JSCallbackObject* object = JSC::JSCallbackObject::create(exec, exec->lexicalGlobalObject(), exec->lexicalGlobalObject()->objcWrapperObjectStructure(), jsClass, 0); + object->setWrappedObject(wrappedObject); + if (JSC::JSObject* prototype = jsClass->prototype(exec)) + object->setPrototype(exec->vm(), prototype); + + return toRef(object); +} + +// Make an object that is in all ways a completely vanilla JavaScript object, +// other than that it has a native brand set that will be displayed by the default +// Object.prototype.toString conversion. +static JSValue *objectWithCustomBrand(JSContext *context, NSString *brand, Class cls = 0) +{ + JSClassDefinition definition; + definition = kJSClassDefinitionEmpty; + definition.className = [brand UTF8String]; + JSClassRef classRef = JSClassCreate(&definition); + JSObjectRef result = makeWrapper([context JSGlobalContextRef], classRef, cls); + JSClassRelease(classRef); + return [JSValue valueWithJSValueRef:result inContext:context]; +} + +// Look for @optional properties in the prototype containing a selector to property +// name mapping, separated by a __JS_EXPORT_AS__ delimiter. +static NSMutableDictionary *createRenameMap(Protocol *protocol, BOOL isInstanceMethod) +{ + NSMutableDictionary *renameMap = [[NSMutableDictionary alloc] init]; + + forEachMethodInProtocol(protocol, NO, isInstanceMethod, ^(SEL sel, const char*){ + NSString *rename = @(sel_getName(sel)); + NSRange range = [rename rangeOfString:@"__JS_EXPORT_AS__"]; + if (range.location == NSNotFound) + return; + NSString *selector = [rename substringToIndex:range.location]; + NSUInteger begin = range.location + range.length; + NSUInteger length = [rename length] - begin - 1; + NSString *name = [rename substringWithRange:(NSRange){ begin, length }]; + renameMap[selector] = name; + }); + + return renameMap; +} + +inline void putNonEnumerable(JSValue *base, NSString *propertyName, JSValue *value) +{ + [base defineProperty:propertyName descriptor:@{ + JSPropertyDescriptorValueKey: value, + JSPropertyDescriptorWritableKey: @YES, + JSPropertyDescriptorEnumerableKey: @NO, + JSPropertyDescriptorConfigurableKey: @YES + }]; +} + +// This method will iterate over the set of required methods in the protocol, and: +// * Determine a property name (either via a renameMap or default conversion). +// * If an accessorMap is provided, and contains this name, store the method in the map. +// * Otherwise, if the object doesn't already contain a property with name, create it. +static void copyMethodsToObject(JSContext *context, Class objcClass, Protocol *protocol, BOOL isInstanceMethod, JSValue *object, NSMutableDictionary *accessorMethods = nil) +{ + NSMutableDictionary *renameMap = createRenameMap(protocol, isInstanceMethod); + + forEachMethodInProtocol(protocol, YES, isInstanceMethod, ^(SEL sel, const char* types){ + const char* nameCStr = sel_getName(sel); + NSString *name = @(nameCStr); + if (accessorMethods && accessorMethods[name]) { + JSObjectRef method = objCCallbackFunctionForMethod(context, objcClass, protocol, isInstanceMethod, sel, types); + if (!method) + return; + accessorMethods[name] = [JSValue valueWithJSValueRef:method inContext:context]; + } else { + name = renameMap[name]; + if (!name) + name = selectorToPropertyName(nameCStr); + if ([object hasProperty:name]) + return; + JSObjectRef method = objCCallbackFunctionForMethod(context, objcClass, protocol, isInstanceMethod, sel, types); + if (method) + putNonEnumerable(object, name, [JSValue valueWithJSValueRef:method inContext:context]); + } + }); + + [renameMap release]; +} + +static bool parsePropertyAttributes(objc_property_t property, char*& getterName, char*& setterName) +{ + bool readonly = false; + unsigned attributeCount; + objc_property_attribute_t* attributes = property_copyAttributeList(property, &attributeCount); + if (attributeCount) { + for (unsigned i = 0; i < attributeCount; ++i) { + switch (*(attributes[i].name)) { + case 'G': + getterName = strdup(attributes[i].value); + break; + case 'S': + setterName = strdup(attributes[i].value); + break; + case 'R': + readonly = true; + break; + default: + break; + } + } + free(attributes); + } + return readonly; +} + +static char* makeSetterName(const char* name) +{ + size_t nameLength = strlen(name); + char* setterName = (char*)malloc(nameLength + 5); // "set" Name ":\0" + setterName[0] = 's'; + setterName[1] = 'e'; + setterName[2] = 't'; + setterName[3] = toupper(*name); + memcpy(setterName + 4, name + 1, nameLength - 1); + setterName[nameLength + 3] = ':'; + setterName[nameLength + 4] = '\0'; + return setterName; +} + +static void copyPrototypeProperties(JSContext *context, Class objcClass, Protocol *protocol, JSValue *prototypeValue) +{ + // First gather propreties into this list, then handle the methods (capturing the accessor methods). + struct Property { + const char* name; + char* getterName; + char* setterName; + }; + __block Vector propertyList; + + // Map recording the methods used as getters/setters. + NSMutableDictionary *accessorMethods = [NSMutableDictionary dictionary]; + + // Useful value. + JSValue *undefined = [JSValue valueWithUndefinedInContext:context]; + + forEachPropertyInProtocol(protocol, ^(objc_property_t property){ + char* getterName = 0; + char* setterName = 0; + bool readonly = parsePropertyAttributes(property, getterName, setterName); + const char* name = property_getName(property); + + // Add the names of the getter & setter methods to + if (!getterName) + getterName = strdup(name); + accessorMethods[@(getterName)] = undefined; + if (!readonly) { + if (!setterName) + setterName = makeSetterName(name); + accessorMethods[@(setterName)] = undefined; + } + + // Add the properties to a list. + propertyList.append((Property){ name, getterName, setterName }); + }); + + // Copy methods to the prototype, capturing accessors in the accessorMethods map. + copyMethodsToObject(context, objcClass, protocol, YES, prototypeValue, accessorMethods); + + // Iterate the propertyList & generate accessor properties. + for (size_t i = 0; i < propertyList.size(); ++i) { + Property& property = propertyList[i]; + + JSValue *getter = accessorMethods[@(property.getterName)]; + free(property.getterName); + ASSERT(![getter isUndefined]); + + JSValue *setter = undefined; + if (property.setterName) { + setter = accessorMethods[@(property.setterName)]; + free(property.setterName); + ASSERT(![setter isUndefined]); + } + + [prototypeValue defineProperty:@(property.name) descriptor:@{ + JSPropertyDescriptorGetKey: getter, + JSPropertyDescriptorSetKey: setter, + JSPropertyDescriptorEnumerableKey: @NO, + JSPropertyDescriptorConfigurableKey: @YES + }]; + } +} + +@interface JSObjCClassInfo : NSObject { + JSContext *m_context; + Class m_class; + bool m_block; + JSClassRef m_classRef; + JSC::Weak m_prototype; + JSC::Weak m_constructor; +} + +- (id)initWithContext:(JSContext *)context forClass:(Class)cls superClassInfo:(JSObjCClassInfo*)superClassInfo; +- (JSValue *)wrapperForObject:(id)object; +- (JSValue *)constructor; + +@end + +@implementation JSObjCClassInfo + +- (id)initWithContext:(JSContext *)context forClass:(Class)cls superClassInfo:(JSObjCClassInfo*)superClassInfo +{ + self = [super init]; + if (!self) + return nil; + + const char* className = class_getName(cls); + m_context = context; + m_class = cls; + m_block = [cls isSubclassOfClass:getNSBlockClass()]; + JSClassDefinition definition; + definition = kJSClassDefinitionEmpty; + definition.className = className; + m_classRef = JSClassCreate(&definition); + + [self allocateConstructorAndPrototypeWithSuperClassInfo:superClassInfo]; + + return self; +} + +- (void)dealloc +{ + JSClassRelease(m_classRef); + [super dealloc]; +} + +- (void)allocateConstructorAndPrototypeWithSuperClassInfo:(JSObjCClassInfo*)superClassInfo +{ + ASSERT(!m_constructor || !m_prototype); + ASSERT((m_class == [NSObject class]) == !superClassInfo); + if (!superClassInfo) { + JSContextRef cContext = [m_context JSGlobalContextRef]; + JSValue *constructor = m_context[@"Object"]; + if (!m_constructor) + m_constructor = toJS(JSValueToObject(cContext, valueInternalValue(constructor), 0)); + + if (!m_prototype) { + JSValue *prototype = constructor[@"prototype"]; + m_prototype = toJS(JSValueToObject(cContext, valueInternalValue(prototype), 0)); + } + } else { + const char* className = class_getName(m_class); + + // Create or grab the prototype/constructor pair. + JSValue *prototype; + JSValue *constructor; + if (m_prototype) + prototype = [JSValue valueWithJSValueRef:toRef(m_prototype.get()) inContext:m_context]; + else + prototype = objectWithCustomBrand(m_context, [NSString stringWithFormat:@"%sPrototype", className]); + + if (m_constructor) + constructor = [JSValue valueWithJSValueRef:toRef(m_constructor.get()) inContext:m_context]; + else + constructor = objectWithCustomBrand(m_context, [NSString stringWithFormat:@"%sConstructor", className], m_class); + + JSContextRef cContext = [m_context JSGlobalContextRef]; + m_prototype = toJS(JSValueToObject(cContext, valueInternalValue(prototype), 0)); + m_constructor = toJS(JSValueToObject(cContext, valueInternalValue(constructor), 0)); + + putNonEnumerable(prototype, @"constructor", constructor); + putNonEnumerable(constructor, @"prototype", prototype); + + Protocol *exportProtocol = getJSExportProtocol(); + forEachProtocolImplementingProtocol(m_class, exportProtocol, ^(Protocol *protocol){ + copyPrototypeProperties(m_context, m_class, protocol, prototype); + copyMethodsToObject(m_context, m_class, protocol, NO, constructor); + }); + + // Set [Prototype]. + JSObjectSetPrototype([m_context JSGlobalContextRef], toRef(m_prototype.get()), toRef(superClassInfo->m_prototype.get())); + } +} + +- (void)reallocateConstructorAndOrPrototype +{ + [self allocateConstructorAndPrototypeWithSuperClassInfo:[m_context.wrapperMap classInfoForClass:class_getSuperclass(m_class)]]; +} + +- (JSValue *)wrapperForObject:(id)object +{ + ASSERT([object isKindOfClass:m_class]); + ASSERT(m_block == [object isKindOfClass:getNSBlockClass()]); + if (m_block) { + if (JSObjectRef method = objCCallbackFunctionForBlock(m_context, object)) + return [JSValue valueWithJSValueRef:method inContext:m_context]; + } + + if (!m_prototype) + [self reallocateConstructorAndOrPrototype]; + ASSERT(!!m_prototype); + + JSObjectRef wrapper = makeWrapper([m_context JSGlobalContextRef], m_classRef, object); + JSObjectSetPrototype([m_context JSGlobalContextRef], wrapper, toRef(m_prototype.get())); + return [JSValue valueWithJSValueRef:wrapper inContext:m_context]; +} + +- (JSValue *)constructor +{ + if (!m_constructor) + [self reallocateConstructorAndOrPrototype]; + ASSERT(!!m_constructor); + return [JSValue valueWithJSValueRef:toRef(m_constructor.get()) inContext:m_context]; +} + +@end + +@implementation JSWrapperMap { + JSContext *m_context; + NSMutableDictionary *m_classMap; + JSC::WeakGCMap m_cachedJSWrappers; + NSMapTable *m_cachedObjCWrappers; +} + +- (id)initWithContext:(JSContext *)context +{ + self = [super init]; + if (!self) + return nil; + + NSPointerFunctionsOptions keyOptions = NSPointerFunctionsOpaqueMemory | NSPointerFunctionsOpaquePersonality; + NSPointerFunctionsOptions valueOptions = NSPointerFunctionsWeakMemory | NSPointerFunctionsObjectPersonality; + m_cachedObjCWrappers = [[NSMapTable alloc] initWithKeyOptions:keyOptions valueOptions:valueOptions capacity:0]; + + m_context = context; + m_classMap = [[NSMutableDictionary alloc] init]; + return self; +} + +- (void)dealloc +{ + [m_cachedObjCWrappers release]; + [m_classMap release]; + [super dealloc]; +} + +- (JSObjCClassInfo*)classInfoForClass:(Class)cls +{ + if (!cls) + return nil; + + // Check if we've already created a JSObjCClassInfo for this Class. + if (JSObjCClassInfo* classInfo = (JSObjCClassInfo*)m_classMap[cls]) + return classInfo; + + // Skip internal classes beginning with '_' - just copy link to the parent class's info. + if ('_' == *class_getName(cls)) + return m_classMap[cls] = [self classInfoForClass:class_getSuperclass(cls)]; + + return m_classMap[cls] = [[[JSObjCClassInfo alloc] initWithContext:m_context forClass:cls superClassInfo:[self classInfoForClass:class_getSuperclass(cls)]] autorelease]; +} + +- (JSValue *)jsWrapperForObject:(id)object +{ + JSC::JSObject* jsWrapper = m_cachedJSWrappers.get(object); + if (jsWrapper) + return [JSValue valueWithJSValueRef:toRef(jsWrapper) inContext:m_context]; + + JSValue *wrapper; + if (class_isMetaClass(object_getClass(object))) + wrapper = [[self classInfoForClass:(Class)object] constructor]; + else { + JSObjCClassInfo* classInfo = [self classInfoForClass:[object class]]; + wrapper = [classInfo wrapperForObject:object]; + } + + // FIXME: https://bugs.webkit.org/show_bug.cgi?id=105891 + // This general approach to wrapper caching is pretty effective, but there are a couple of problems: + // (1) For immortal objects JSValues will effectively leak and this results in error output being logged - we should avoid adding associated objects to immortal objects. + // (2) A long lived object may rack up many JSValues. When the contexts are released these will unprotect the associated JavaScript objects, + // but still, would probably nicer if we made it so that only one associated object was required, broadcasting object dealloc. + JSC::ExecState* exec = toJS([m_context JSGlobalContextRef]); + jsWrapper = toJS(exec, valueInternalValue(wrapper)).toObject(exec); + m_cachedJSWrappers.set(object, jsWrapper); + return wrapper; +} + +- (JSValue *)objcWrapperForJSValueRef:(JSValueRef)value +{ + JSValue *wrapper = static_cast([m_cachedObjCWrappers objectForKey:(id)value]); +// JSValue *wrapper = static_cast(NSMapGet(m_cachedObjCWrappers, value)); + if (!wrapper) { + wrapper = [[[JSValue alloc] initWithValue:value inContext:m_context] autorelease]; + [m_cachedObjCWrappers setObject:wrapper forKey:(id)value]; +// NSMapInsert(m_cachedObjCWrappers, value, wrapper); + } + return wrapper; +} + +@end + +id tryUnwrapObjcObject(JSGlobalContextRef context, JSValueRef value) +{ + if (!JSValueIsObject(context, value)) + return nil; + JSValueRef exception = 0; + JSObjectRef object = JSValueToObject(context, value, &exception); + ASSERT(!exception); + if (toJS(object)->inherits(JSC::JSCallbackObject::info())) + return (id)JSC::jsCast(toJS(object))->wrappedObject(); + if (id target = tryUnwrapBlock(object)) + return target; + return nil; +} + +Protocol *getJSExportProtocol() +{ + static Protocol *protocol = objc_getProtocol("JSExport"); + return protocol; +} + +Class getNSBlockClass() +{ + static Class cls = objc_getClass("NSBlock"); + return cls; +} + +#endif diff --git a/JavaScriptCore/API/JavaScript.h b/JavaScriptCore/API/JavaScript.h old mode 100644 new mode 100755 diff --git a/JavaScriptCore/API/JavaScriptCore.h b/JavaScriptCore/API/JavaScriptCore.h old mode 100644 new mode 100755 index 87d60185..40bea9c3 --- a/JavaScriptCore/API/JavaScriptCore.h +++ b/JavaScriptCore/API/JavaScriptCore.h @@ -29,4 +29,14 @@ #include #include +#if defined(__OBJC__) && JSC_OBJC_API_ENABLED + +#import "JSContext.h" +#import "JSValue.h" +#import "JSManagedValue.h" +#import "JSVirtualMachine.h" +#import "JSExport.h" + +#endif + #endif /* JavaScriptCore_h */ diff --git a/JavaScriptCore/API/ObjCCallbackFunction.h b/JavaScriptCore/API/ObjCCallbackFunction.h new file mode 100755 index 00000000..2f2cb974 --- /dev/null +++ b/JavaScriptCore/API/ObjCCallbackFunction.h @@ -0,0 +1,77 @@ +/* + * Copyright (C) 2013 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY + * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#ifndef ObjCCallbackFunction_h +#define ObjCCallbackFunction_h + +#include + +#if JSC_OBJC_API_ENABLED + +#import + +#if defined(__OBJC__) +JSObjectRef objCCallbackFunctionForMethod(JSContext *, Class, Protocol *, BOOL isInstanceMethod, SEL, const char* types); +JSObjectRef objCCallbackFunctionForBlock(JSContext *, id); + +id tryUnwrapBlock(JSObjectRef); +#endif + +namespace JSC { + +class ObjCCallbackFunctionImpl; + +class ObjCCallbackFunction : public InternalFunction { + friend struct APICallbackFunction; +public: + typedef InternalFunction Base; + + static ObjCCallbackFunction* create(ExecState*, JSGlobalObject*, const String& name, PassOwnPtr); + static void destroy(JSCell*); + + static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype) + { + ASSERT(globalObject); + return Structure::create(vm, globalObject, prototype, TypeInfo(ObjectType, StructureFlags), info()); + } + + DECLARE_EXPORT_INFO; + + ObjCCallbackFunctionImpl* impl() { return m_impl.get(); } + +protected: + ObjCCallbackFunction(JSGlobalObject*, JSObjectCallAsFunctionCallback, PassOwnPtr); + +private: + static CallType getCallData(JSCell*, CallData&); + + JSObjectCallAsFunctionCallback m_callback; + OwnPtr m_impl; +}; + +} // namespace JSC + +#endif + +#endif // ObjCCallbackFunction_h diff --git a/JavaScriptCore/API/ObjCCallbackFunction.mm b/JavaScriptCore/API/ObjCCallbackFunction.mm new file mode 100755 index 00000000..e61874df --- /dev/null +++ b/JavaScriptCore/API/ObjCCallbackFunction.mm @@ -0,0 +1,624 @@ +/* + * Copyright (C) 2013 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY + * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "config.h" +#import "JavaScriptCore.h" + +#if JSC_OBJC_API_ENABLED + +#import "APICallbackFunction.h" +#import "APICast.h" +#import "APIShims.h" +#import "Error.h" +#import "JSCJSValueInlines.h" +#import "JSCell.h" +#import "JSCellInlines.h" +#import "JSContextInternal.h" +#import "JSWrapperMap.h" +#import "JSValueInternal.h" +#import "ObjCCallbackFunction.h" +#import "ObjcRuntimeExtras.h" +#import +#import + +class CallbackArgument { +public: + virtual ~CallbackArgument(); + virtual void set(NSInvocation *, NSInteger, JSContext *, JSValueRef, JSValueRef*) = 0; + + OwnPtr m_next; +}; + +CallbackArgument::~CallbackArgument() +{ +} + +class CallbackArgumentBoolean : public CallbackArgument { + virtual void set(NSInvocation *invocation, NSInteger argumentNumber, JSContext *context, JSValueRef argument, JSValueRef*) override + { + bool value = JSValueToBoolean([context JSGlobalContextRef], argument); + [invocation setArgument:&value atIndex:argumentNumber]; + } +}; + +template +class CallbackArgumentInteger : public CallbackArgument { + virtual void set(NSInvocation *invocation, NSInteger argumentNumber, JSContext *context, JSValueRef argument, JSValueRef* exception) override + { + T value = (T)JSC::toInt32(JSValueToNumber([context JSGlobalContextRef], argument, exception)); + [invocation setArgument:&value atIndex:argumentNumber]; + } +}; + +template +class CallbackArgumentDouble : public CallbackArgument { + virtual void set(NSInvocation *invocation, NSInteger argumentNumber, JSContext *context, JSValueRef argument, JSValueRef* exception) override + { + T value = (T)JSValueToNumber([context JSGlobalContextRef], argument, exception); + [invocation setArgument:&value atIndex:argumentNumber]; + } +}; + +class CallbackArgumentJSValue : public CallbackArgument { + virtual void set(NSInvocation *invocation, NSInteger argumentNumber, JSContext *context, JSValueRef argument, JSValueRef*) override + { + JSValue *value = [JSValue valueWithJSValueRef:argument inContext:context]; + [invocation setArgument:&value atIndex:argumentNumber]; + } +}; + +class CallbackArgumentId : public CallbackArgument { + virtual void set(NSInvocation *invocation, NSInteger argumentNumber, JSContext *context, JSValueRef argument, JSValueRef*) override + { + id value = valueToObject(context, argument); + [invocation setArgument:&value atIndex:argumentNumber]; + } +}; + +class CallbackArgumentOfClass : public CallbackArgument { +public: + CallbackArgumentOfClass(Class cls) + : CallbackArgument() + , m_class(cls) + { + [m_class retain]; + } + +private: + virtual ~CallbackArgumentOfClass() + { + [m_class release]; + } + + virtual void set(NSInvocation *invocation, NSInteger argumentNumber, JSContext *context, JSValueRef argument, JSValueRef* exception) override + { + JSGlobalContextRef contextRef = [context JSGlobalContextRef]; + + id object = tryUnwrapObjcObject(contextRef, argument); + if (object && [object isKindOfClass:m_class]) { + [invocation setArgument:&object atIndex:argumentNumber]; + return; + } + + if (JSValueIsNull(contextRef, argument) || JSValueIsUndefined(contextRef, argument)) { + object = nil; + [invocation setArgument:&object atIndex:argumentNumber]; + return; + } + + *exception = toRef(JSC::createTypeError(toJS(contextRef), "Argument does not match Objective-C Class")); + } + + Class m_class; +}; + +class CallbackArgumentNSNumber : public CallbackArgument { + virtual void set(NSInvocation *invocation, NSInteger argumentNumber, JSContext *context, JSValueRef argument, JSValueRef* exception) override + { + id value = valueToNumber([context JSGlobalContextRef], argument, exception); + [invocation setArgument:&value atIndex:argumentNumber]; + } +}; + +class CallbackArgumentNSString : public CallbackArgument { + virtual void set(NSInvocation *invocation, NSInteger argumentNumber, JSContext *context, JSValueRef argument, JSValueRef* exception) override + { + id value = valueToString([context JSGlobalContextRef], argument, exception); + [invocation setArgument:&value atIndex:argumentNumber]; + } +}; + +class CallbackArgumentNSDate : public CallbackArgument { + virtual void set(NSInvocation *invocation, NSInteger argumentNumber, JSContext *context, JSValueRef argument, JSValueRef* exception) override + { + id value = valueToDate([context JSGlobalContextRef], argument, exception); + [invocation setArgument:&value atIndex:argumentNumber]; + } +}; + +class CallbackArgumentNSArray : public CallbackArgument { + virtual void set(NSInvocation *invocation, NSInteger argumentNumber, JSContext *context, JSValueRef argument, JSValueRef* exception) override + { + id value = valueToArray([context JSGlobalContextRef], argument, exception); + [invocation setArgument:&value atIndex:argumentNumber]; + } +}; + +class CallbackArgumentNSDictionary : public CallbackArgument { + virtual void set(NSInvocation *invocation, NSInteger argumentNumber, JSContext *context, JSValueRef argument, JSValueRef* exception) override + { + id value = valueToDictionary([context JSGlobalContextRef], argument, exception); + [invocation setArgument:&value atIndex:argumentNumber]; + } +}; + +class CallbackArgumentStruct : public CallbackArgument { +public: + CallbackArgumentStruct(NSInvocation *conversionInvocation, const char* encodedType) + : m_conversionInvocation(conversionInvocation) + , m_buffer(encodedType) + { + } + +private: + virtual void set(NSInvocation *invocation, NSInteger argumentNumber, JSContext *context, JSValueRef argument, JSValueRef*) override + { + JSValue *value = [JSValue valueWithJSValueRef:argument inContext:context]; + [m_conversionInvocation invokeWithTarget:value]; + [m_conversionInvocation getReturnValue:m_buffer]; + [invocation setArgument:m_buffer atIndex:argumentNumber]; + } + + RetainPtr m_conversionInvocation; + StructBuffer m_buffer; +}; + +class ArgumentTypeDelegate { +public: + typedef CallbackArgument* ResultType; + + template + static ResultType typeInteger() + { + return new CallbackArgumentInteger; + } + + template + static ResultType typeDouble() + { + return new CallbackArgumentDouble; + } + + static ResultType typeBool() + { + return new CallbackArgumentBoolean; + } + + static ResultType typeVoid() + { + RELEASE_ASSERT_NOT_REACHED(); + return 0; + } + + static ResultType typeId() + { + return new CallbackArgumentId; + } + + static ResultType typeOfClass(const char* begin, const char* end) + { + StringRange copy(begin, end); + Class cls = objc_getClass(copy); + if (!cls) + return 0; + + if (cls == [JSValue class]) + return new CallbackArgumentJSValue; + if (cls == [NSString class]) + return new CallbackArgumentNSString; + if (cls == [NSNumber class]) + return new CallbackArgumentNSNumber; + if (cls == [NSDate class]) + return new CallbackArgumentNSDate; + if (cls == [NSArray class]) + return new CallbackArgumentNSArray; + if (cls == [NSDictionary class]) + return new CallbackArgumentNSDictionary; + + return new CallbackArgumentOfClass(cls); + } + + static ResultType typeBlock(const char*, const char*) + { + return nil; + } + + static ResultType typeStruct(const char* begin, const char* end) + { + StringRange copy(begin, end); + if (NSInvocation *invocation = valueToTypeInvocationFor(copy)) + return new CallbackArgumentStruct(invocation, copy); + return 0; + } +}; + +class CallbackResult { +public: + virtual ~CallbackResult() + { + } + + virtual JSValueRef get(NSInvocation *, JSContext *, JSValueRef*) = 0; +}; + +class CallbackResultVoid : public CallbackResult { + virtual JSValueRef get(NSInvocation *, JSContext *context, JSValueRef*) override + { + return JSValueMakeUndefined([context JSGlobalContextRef]); + } +}; + +class CallbackResultId : public CallbackResult { + virtual JSValueRef get(NSInvocation *invocation, JSContext *context, JSValueRef*) override + { + id value; + [invocation getReturnValue:&value]; + return objectToValue(context, value); + } +}; + +template +class CallbackResultNumeric : public CallbackResult { + virtual JSValueRef get(NSInvocation *invocation, JSContext *context, JSValueRef*) override + { + T value; + [invocation getReturnValue:&value]; + return JSValueMakeNumber([context JSGlobalContextRef], value); + } +}; + +class CallbackResultBoolean : public CallbackResult { + virtual JSValueRef get(NSInvocation *invocation, JSContext *context, JSValueRef*) override + { + bool value; + [invocation getReturnValue:&value]; + return JSValueMakeBoolean([context JSGlobalContextRef], value); + } +}; + +class CallbackResultStruct : public CallbackResult { +public: + CallbackResultStruct(NSInvocation *conversionInvocation, const char* encodedType) + : m_conversionInvocation(conversionInvocation) + , m_buffer(encodedType) + { + } + +private: + virtual JSValueRef get(NSInvocation *invocation, JSContext *context, JSValueRef*) override + { + [invocation getReturnValue:m_buffer]; + + [m_conversionInvocation setArgument:m_buffer atIndex:2]; + [m_conversionInvocation setArgument:&context atIndex:3]; + [m_conversionInvocation invokeWithTarget:[JSValue class]]; + + JSValue *value; + [m_conversionInvocation getReturnValue:&value]; + return valueInternalValue(value); + } + + RetainPtr m_conversionInvocation; + StructBuffer m_buffer; +}; + +class ResultTypeDelegate { +public: + typedef CallbackResult* ResultType; + + template + static ResultType typeInteger() + { + return new CallbackResultNumeric; + } + + template + static ResultType typeDouble() + { + return new CallbackResultNumeric; + } + + static ResultType typeBool() + { + return new CallbackResultBoolean; + } + + static ResultType typeVoid() + { + return new CallbackResultVoid; + } + + static ResultType typeId() + { + return new CallbackResultId(); + } + + static ResultType typeOfClass(const char*, const char*) + { + return new CallbackResultId(); + } + + static ResultType typeBlock(const char*, const char*) + { + return new CallbackResultId(); + } + + static ResultType typeStruct(const char* begin, const char* end) + { + StringRange copy(begin, end); + if (NSInvocation *invocation = typeToValueInvocationFor(copy)) + return new CallbackResultStruct(invocation, copy); + return 0; + } +}; + +enum CallbackType { + CallbackInstanceMethod, + CallbackClassMethod, + CallbackBlock +}; + +namespace JSC { + +class ObjCCallbackFunctionImpl { +public: + ObjCCallbackFunctionImpl(JSContext *context, NSInvocation *invocation, CallbackType type, Class instanceClass, PassOwnPtr arguments, PassOwnPtr result) + : m_context(context) + , m_type(type) + , m_instanceClass([instanceClass retain]) + , m_invocation(invocation) + , m_arguments(arguments) + , m_result(result) + { + ASSERT(type != CallbackInstanceMethod || instanceClass); + } + + ~ObjCCallbackFunctionImpl() + { + [m_instanceClass release]; + } + + JSValueRef call(JSContext *context, JSObjectRef thisObject, size_t argumentCount, const JSValueRef arguments[], JSValueRef* exception); + + JSContext *context() + { + return m_context.get(); + } + + void setContext(JSContext *context) + { + ASSERT(!m_context.get()); + m_context.set(context); + } + + id wrappedBlock() + { + return m_type == CallbackBlock ? [m_invocation target] : nil; + } + +private: + WeakContextRef m_context; + CallbackType m_type; + Class m_instanceClass; + RetainPtr m_invocation; + OwnPtr m_arguments; + OwnPtr m_result; +}; + +static JSValueRef objCCallbackFunctionCallAsFunction(JSContextRef callerContext, JSObjectRef function, JSObjectRef thisObject, size_t argumentCount, const JSValueRef arguments[], JSValueRef* exception) +{ + // Retake the API lock - we need this for a few reasons: + // (1) We don't want to support the C-API's confusing drops-locks-once policy - should only drop locks if we can do so recursively. + // (2) We're calling some JSC internals that require us to be on the 'inside' - e.g. createTypeError. + // (3) We need to be locked (per context would be fine) against conflicting usage of the ObjCCallbackFunction's NSInvocation. + JSC::APIEntryShim entryShim(toJS(callerContext)); + + ObjCCallbackFunction* callback = static_cast(toJS(function)); + ObjCCallbackFunctionImpl* impl = callback->impl(); + JSContext *context = impl->context(); + if (!context) { + context = [JSContext contextWithJSGlobalContextRef:toGlobalRef(toJS(callerContext)->lexicalGlobalObject()->globalExec())]; + impl->setContext(context); + } + + CallbackData callbackData; + JSValueRef result; + @autoreleasepool { + [context beginCallbackWithData:&callbackData thisValue:thisObject argumentCount:argumentCount arguments:arguments]; + result = impl->call(context, thisObject, argumentCount, arguments, exception); + if (context.exception) + *exception = valueInternalValue(context.exception); + [context endCallbackWithData:&callbackData]; + } + return result; +} + +const JSC::ClassInfo ObjCCallbackFunction::s_info = { "CallbackFunction", &Base::s_info, 0, 0, CREATE_METHOD_TABLE(ObjCCallbackFunction) }; + +ObjCCallbackFunction::ObjCCallbackFunction(JSC::JSGlobalObject* globalObject, JSObjectCallAsFunctionCallback callback, PassOwnPtr impl) + : Base(globalObject, globalObject->objcCallbackFunctionStructure()) + , m_callback(callback) + , m_impl(impl) +{ +} + +ObjCCallbackFunction* ObjCCallbackFunction::create(JSC::ExecState* exec, JSC::JSGlobalObject* globalObject, const String& name, PassOwnPtr impl) +{ + ObjCCallbackFunction* function = new (NotNull, allocateCell(*exec->heap())) ObjCCallbackFunction(globalObject, objCCallbackFunctionCallAsFunction, impl); + function->finishCreation(exec->vm(), name); + return function; +} + +void ObjCCallbackFunction::destroy(JSCell* cell) +{ + static_cast(cell)->ObjCCallbackFunction::~ObjCCallbackFunction(); +} + +CallType ObjCCallbackFunction::getCallData(JSCell*, CallData& callData) +{ + callData.native.function = APICallbackFunction::call; + return CallTypeHost; +} + +JSValueRef ObjCCallbackFunctionImpl::call(JSContext *context, JSObjectRef thisObject, size_t argumentCount, const JSValueRef arguments[], JSValueRef* exception) +{ + JSGlobalContextRef contextRef = [context JSGlobalContextRef]; + + size_t firstArgument; + switch (m_type) { + case CallbackInstanceMethod: { + id target = tryUnwrapObjcObject(contextRef, thisObject); + if (!target || ![target isKindOfClass:m_instanceClass]) { + *exception = toRef(JSC::createTypeError(toJS(contextRef), "self type check failed for Objective-C instance method")); + return JSValueMakeUndefined(contextRef); + } + [m_invocation setTarget:target]; + } + // fallthrough - firstArgument for CallbackInstanceMethod is also 2! + case CallbackClassMethod: + firstArgument = 2; + break; + case CallbackBlock: + firstArgument = 1; + } + + size_t argumentNumber = 0; + for (CallbackArgument* argument = m_arguments.get(); argument; argument = argument->m_next.get()) { + JSValueRef value = argumentNumber < argumentCount ? arguments[argumentNumber] : JSValueMakeUndefined(contextRef); + argument->set(m_invocation.get(), argumentNumber + firstArgument, context, value, exception); + if (*exception) + return JSValueMakeUndefined(contextRef); + ++argumentNumber; + } + + [m_invocation invoke]; + + return m_result->get(m_invocation.get(), context, exception); +} + +} // namespace JSC + +static bool blockSignatureContainsClass() +{ + static bool containsClass = ^{ + id block = ^(NSString *string){ return string; }; + return _Block_has_signature(block) && strstr(_Block_signature(block), "NSString"); + }(); + return containsClass; +} + +inline bool skipNumber(const char*& position) +{ + if (!isASCIIDigit(*position)) + return false; + while (isASCIIDigit(*++position)) { } + return true; +} + +static JSObjectRef objCCallbackFunctionForInvocation(JSContext *context, NSInvocation *invocation, CallbackType type, Class instanceClass, const char* signatureWithObjcClasses) +{ + const char* position = signatureWithObjcClasses; + + OwnPtr result = adoptPtr(parseObjCType(position)); + if (!result || !skipNumber(position)) + return nil; + + switch (type) { + case CallbackInstanceMethod: + case CallbackClassMethod: + // Methods are passed two implicit arguments - (id)self, and the selector. + if ('@' != *position++ || !skipNumber(position) || ':' != *position++ || !skipNumber(position)) + return nil; + break; + case CallbackBlock: + // Blocks are passed one implicit argument - the block, of type "@?". + if (('@' != *position++) || ('?' != *position++) || !skipNumber(position)) + return nil; + // Only allow arguments of type 'id' if the block signature contains the NS type information. + if ((!blockSignatureContainsClass() && strchr(position, '@'))) + return nil; + break; + } + + OwnPtr arguments = 0; + OwnPtr* nextArgument = &arguments; + unsigned argumentCount = 0; + while (*position) { + OwnPtr argument = adoptPtr(parseObjCType(position)); + if (!argument || !skipNumber(position)) + return nil; + + *nextArgument = argument.release(); + nextArgument = &(*nextArgument)->m_next; + ++argumentCount; + } + + JSC::ExecState* exec = toJS([context JSGlobalContextRef]); + JSC::APIEntryShim shim(exec); + OwnPtr impl = adoptPtr(new JSC::ObjCCallbackFunctionImpl(context, invocation, type, instanceClass, arguments.release(), result.release())); + // FIXME: Maybe we could support having the selector as the name of the function to make it a bit more user-friendly from the JS side? + return toRef(JSC::ObjCCallbackFunction::create(exec, exec->lexicalGlobalObject(), "", impl.release())); +} + +JSObjectRef objCCallbackFunctionForMethod(JSContext *context, Class cls, Protocol *protocol, BOOL isInstanceMethod, SEL sel, const char* types) +{ + NSInvocation *invocation = [NSInvocation invocationWithMethodSignature:[NSMethodSignature signatureWithObjCTypes:types]]; + [invocation setSelector:sel]; + if (!isInstanceMethod) + [invocation setTarget:cls]; + return objCCallbackFunctionForInvocation(context, invocation, isInstanceMethod ? CallbackInstanceMethod : CallbackClassMethod, isInstanceMethod ? cls : nil, _protocol_getMethodTypeEncoding(protocol, sel, YES, isInstanceMethod)); +} + +JSObjectRef objCCallbackFunctionForBlock(JSContext *context, id target) +{ + if (!_Block_has_signature(target)) + return 0; + const char* signature = _Block_signature(target); + NSInvocation *invocation = [NSInvocation invocationWithMethodSignature:[NSMethodSignature signatureWithObjCTypes:signature]]; + [invocation retainArguments]; + id targetCopy = [target copy]; + [invocation setTarget:targetCopy]; + [targetCopy release]; + return objCCallbackFunctionForInvocation(context, invocation, CallbackBlock, nil, signature); +} + +id tryUnwrapBlock(JSObjectRef object) +{ + if (!toJS(object)->inherits(JSC::ObjCCallbackFunction::info())) + return nil; + return static_cast(toJS(object))->impl()->wrappedBlock(); +} + +#endif diff --git a/JavaScriptCore/API/ObjcRuntimeExtras.h b/JavaScriptCore/API/ObjcRuntimeExtras.h new file mode 100755 index 00000000..48c11209 --- /dev/null +++ b/JavaScriptCore/API/ObjcRuntimeExtras.h @@ -0,0 +1,231 @@ +/* + * Copyright (C) 2013 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY + * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#import +#import +#import + +inline bool protocolImplementsProtocol(Protocol *candidate, Protocol *target) +{ + unsigned protocolProtocolsCount; + Protocol ** protocolProtocols = protocol_copyProtocolList(candidate, &protocolProtocolsCount); + for (unsigned i = 0; i < protocolProtocolsCount; ++i) { + if (protocol_isEqual(protocolProtocols[i], target)) { + free(protocolProtocols); + return true; + } + } + free(protocolProtocols); + return false; +} + +inline void forEachProtocolImplementingProtocol(Class cls, Protocol *target, void (^callback)(Protocol *)) +{ + ASSERT(cls); + ASSERT(target); + + Vector worklist; + HashSet visited; + + // Initially fill the worklist with the Class's protocols. + unsigned protocolsCount; + Protocol ** protocols = class_copyProtocolList(cls, &protocolsCount); + worklist.append(protocols, protocolsCount); + free(protocols); + + while (!worklist.isEmpty()) { + Protocol *protocol = worklist.last(); + worklist.removeLast(); + + // Are we encountering this Protocol for the first time? + if (!visited.add(protocol).isNewEntry) + continue; + + // If it implements the protocol, make the callback. + if (protocolImplementsProtocol(protocol, target)) + callback(protocol); + + // Add incorporated protocols to the worklist. + protocols = protocol_copyProtocolList(protocol, &protocolsCount); + worklist.append(protocols, protocolsCount); + free(protocols); + } +} + +inline void forEachMethodInClass(Class cls, void (^callback)(Method)) +{ + unsigned count; + Method* methods = class_copyMethodList(cls, &count); + for (unsigned i = 0; i < count; ++i) + callback(methods[i]); + free(methods); +} + +inline void forEachMethodInProtocol(Protocol *protocol, BOOL isRequiredMethod, BOOL isInstanceMethod, void (^callback)(SEL, const char*)) +{ + unsigned count; + struct objc_method_description* methods = protocol_copyMethodDescriptionList(protocol, isRequiredMethod, isInstanceMethod, &count); + for (unsigned i = 0; i < count; ++i) + callback(methods[i].name, methods[i].types); + free(methods); +} + +inline void forEachPropertyInProtocol(Protocol *protocol, void (^callback)(objc_property_t)) +{ + unsigned count; + objc_property_t* properties = protocol_copyPropertyList(protocol, &count); + for (unsigned i = 0; i < count; ++i) + callback(properties[i]); + free(properties); +} + +template +void skipPair(const char*& position) +{ + size_t count = 1; + do { + char c = *position++; + if (!c) + @throw [NSException exceptionWithName:NSInternalInconsistencyException reason:@"Malformed type encoding" userInfo:nil]; + if (c == open) + ++count; + else if (c == close) + --count; + } while (count); +} + +class StringRange { + WTF_MAKE_NONCOPYABLE(StringRange); +public: + StringRange(const char* begin, const char* end) : m_ptr(strndup(begin, end - begin)) { } + ~StringRange() { free(m_ptr); } + operator const char*() const { return m_ptr; } + const char* get() const { return m_ptr; } + +private: + char* m_ptr; +}; + +class StructBuffer { + WTF_MAKE_NONCOPYABLE(StructBuffer); +public: + StructBuffer(const char* encodedType) + { + NSUInteger size, alignment; + NSGetSizeAndAlignment(encodedType, &size, &alignment); + --alignment; + m_allocation = static_cast(malloc(size + alignment)); + m_buffer = reinterpret_cast((reinterpret_cast(m_allocation) + alignment) & ~alignment); + } + + ~StructBuffer() { free(m_allocation); } + operator void*() const { return m_buffer; } + +private: + void* m_allocation; + void* m_buffer; +}; + +template +typename DelegateType::ResultType parseObjCType(const char*& position) +{ + ASSERT(*position); + + switch (*position++) { + case 'c': + return DelegateType::template typeInteger(); + case 'i': + return DelegateType::template typeInteger(); + case 's': + return DelegateType::template typeInteger(); + case 'l': + return DelegateType::template typeInteger(); + case 'q': + return DelegateType::template typeDouble(); + case 'C': + return DelegateType::template typeInteger(); + case 'I': + return DelegateType::template typeInteger(); + case 'S': + return DelegateType::template typeInteger(); + case 'L': + return DelegateType::template typeInteger(); + case 'Q': + return DelegateType::template typeDouble(); + case 'f': + return DelegateType::template typeDouble(); + case 'd': + return DelegateType::template typeDouble(); + case 'B': + return DelegateType::typeBool(); + case 'v': + return DelegateType::typeVoid(); + + case '@': { // An object (whether statically typed or typed id) + if (position[0] == '?' && position[1] == '<') { + position += 2; + const char* begin = position; + skipPair<'<','>'>(position); + return DelegateType::typeBlock(begin, position - 1); + } + + if (*position == '"') { + const char* begin = ++position; + position = index(position, '"'); + return DelegateType::typeOfClass(begin, position++); + } + + return DelegateType::typeId(); + } + + case '{': { // {name=type...} A structure + const char* begin = position - 1; + skipPair<'{','}'>(position); + return DelegateType::typeStruct(begin, position); + } + + // NOT supporting C strings, arrays, pointers, unions, bitfields, function pointers. + case '*': // A character string (char *) + case '[': // [array type] An array + case '(': // (name=type...) A union + case 'b': // bnum A bit field of num bits + case '^': // ^type A pointer to type + case '?': // An unknown type (among other things, this code is used for function pointers) + // NOT supporting Objective-C Class, SEL + case '#': // A class object (Class) + case ':': // A method selector (SEL) + default: + return nil; + } +} + +extern "C" { + // Forward declare some Objective-C runtime internal methods that are not API. + const char *_protocol_getMethodTypeEncoding(Protocol *, SEL, BOOL isRequiredMethod, BOOL isInstanceMethod); + id objc_initWeak(id *, id); + void objc_destroyWeak(id *); + bool _Block_has_signature(void *); + const char * _Block_signature(void *); +} diff --git a/JavaScriptCore/API/OpaqueJSString.cpp b/JavaScriptCore/API/OpaqueJSString.cpp old mode 100644 new mode 100755 index 9a116e6b..a7cef8d9 --- a/JavaScriptCore/API/OpaqueJSString.cpp +++ b/JavaScriptCore/API/OpaqueJSString.cpp @@ -32,24 +32,32 @@ using namespace JSC; -PassRefPtr OpaqueJSString::create(const UString& ustring) +PassRefPtr OpaqueJSString::create(const String& string) { - if (!ustring.isNull()) - return adoptRef(new OpaqueJSString(ustring.characters(), ustring.length())); + if (!string.isNull()) + return adoptRef(new OpaqueJSString(string)); return 0; } -UString OpaqueJSString::ustring() const +String OpaqueJSString::string() const { - if (this && m_characters) - return UString(m_characters, m_length); - return UString(); + if (!this) + return String(); + + // Return a copy of the wrapped string, because the caller may make it an Identifier. + return m_string.isolatedCopy(); } -Identifier OpaqueJSString::identifier(JSGlobalData* globalData) const +Identifier OpaqueJSString::identifier(VM* vm) const { - if (!this || !m_characters) - return Identifier(globalData, static_cast(0)); + if (!this || m_string.isNull()) + return Identifier(); + + if (m_string.isEmpty()) + return Identifier(Identifier::EmptyIdentifier); + + if (m_string.is8Bit()) + return Identifier(vm, m_string.characters8(), m_string.length()); - return Identifier(globalData, m_characters, m_length); + return Identifier(vm, m_string.characters16(), m_string.length()); } diff --git a/JavaScriptCore/API/OpaqueJSString.h b/JavaScriptCore/API/OpaqueJSString.h old mode 100644 new mode 100755 index 1c63150c..c374b567 --- a/JavaScriptCore/API/OpaqueJSString.h +++ b/JavaScriptCore/API/OpaqueJSString.h @@ -27,11 +27,11 @@ #define OpaqueJSString_h #include -#include +#include namespace JSC { class Identifier; - class JSGlobalData; + class VM; } struct OpaqueJSString : public ThreadSafeRefCounted { @@ -41,42 +41,50 @@ struct OpaqueJSString : public ThreadSafeRefCounted { return adoptRef(new OpaqueJSString); } + static PassRefPtr create(const LChar* characters, unsigned length) + { + return adoptRef(new OpaqueJSString(characters, length)); + } + static PassRefPtr create(const UChar* characters, unsigned length) { return adoptRef(new OpaqueJSString(characters, length)); } - JS_EXPORT_PRIVATE static PassRefPtr create(const JSC::UString&); + JS_EXPORT_PRIVATE static PassRefPtr create(const String&); - UChar* characters() { return this ? m_characters : 0; } - unsigned length() { return this ? m_length : 0; } + const UChar* characters() { return !!this ? m_string.characters() : 0; } + unsigned length() { return !!this ? m_string.length() : 0; } - JSC::UString ustring() const; - JSC::Identifier identifier(JSC::JSGlobalData*) const; + JS_EXPORT_PRIVATE String string() const; + JSC::Identifier identifier(JSC::VM*) const; +#if PLATFORM(QT) + QString qString() const { return m_string; } +#endif private: friend class WTF::ThreadSafeRefCounted; OpaqueJSString() - : m_characters(0) - , m_length(0) { } - OpaqueJSString(const UChar* characters, unsigned length) - : m_length(length) + OpaqueJSString(const String& string) + : m_string(string.isolatedCopy()) { - m_characters = new UChar[length]; - memcpy(m_characters, characters, length * sizeof(UChar)); } - ~OpaqueJSString() + OpaqueJSString(const LChar* characters, unsigned length) + { + m_string = String(characters, length); + } + + OpaqueJSString(const UChar* characters, unsigned length) { - delete[] m_characters; + m_string = String(characters, length); } - UChar* m_characters; - unsigned m_length; + String m_string; }; #endif diff --git a/JavaScriptCore/API/WebKitAvailability.h b/JavaScriptCore/API/WebKitAvailability.h old mode 100644 new mode 100755 diff --git a/JavaScriptCore/API/tests/JSNode.c b/JavaScriptCore/API/tests/JSNode.c old mode 100644 new mode 100755 index 052c88a0..d9a40bea --- a/JavaScriptCore/API/tests/JSNode.c +++ b/JavaScriptCore/API/tests/JSNode.c @@ -30,7 +30,6 @@ #include "JSValueRef.h" #include "Node.h" #include "NodeList.h" -#include #include static JSValueRef JSNode_appendChild(JSContextRef context, JSObjectRef function, JSObjectRef thisObject, size_t argumentCount, const JSValueRef arguments[], JSValueRef* exception) diff --git a/JavaScriptCore/API/tests/JSNode.h b/JavaScriptCore/API/tests/JSNode.h old mode 100644 new mode 100755 diff --git a/JavaScriptCore/API/tests/JSNodeList.c b/JavaScriptCore/API/tests/JSNodeList.c old mode 100644 new mode 100755 index 0d194845..61d7041a --- a/JavaScriptCore/API/tests/JSNodeList.c +++ b/JavaScriptCore/API/tests/JSNodeList.c @@ -27,7 +27,6 @@ #include "JSNodeList.h" #include "JSObjectRef.h" #include "JSValueRef.h" -#include #include static JSValueRef JSNodeList_item(JSContextRef context, JSObjectRef object, JSObjectRef thisObject, size_t argumentCount, const JSValueRef arguments[], JSValueRef* exception) diff --git a/JavaScriptCore/API/tests/JSNodeList.h b/JavaScriptCore/API/tests/JSNodeList.h old mode 100644 new mode 100755 diff --git a/JavaScriptCore/API/tests/Node.c b/JavaScriptCore/API/tests/Node.c old mode 100644 new mode 100755 diff --git a/JavaScriptCore/API/tests/Node.h b/JavaScriptCore/API/tests/Node.h old mode 100644 new mode 100755 diff --git a/JavaScriptCore/API/tests/NodeList.c b/JavaScriptCore/API/tests/NodeList.c old mode 100644 new mode 100755 diff --git a/JavaScriptCore/API/tests/NodeList.h b/JavaScriptCore/API/tests/NodeList.h old mode 100644 new mode 100755 diff --git a/JavaScriptCore/API/tests/minidom.c b/JavaScriptCore/API/tests/minidom.c old mode 100644 new mode 100755 index 43ae2c1a..f4ccf91e --- a/JavaScriptCore/API/tests/minidom.c +++ b/JavaScriptCore/API/tests/minidom.c @@ -31,7 +31,6 @@ #include #include #include -#include static char* createStringWithContentsOfFile(const char* fileName); static JSValueRef print(JSContextRef context, JSObjectRef object, JSObjectRef thisObject, size_t argumentCount, const JSValueRef arguments[], JSValueRef* exception); @@ -106,6 +105,7 @@ static char* createStringWithContentsOfFile(const char* fileName) FILE* f = fopen(fileName, "r"); if (!f) { fprintf(stderr, "Could not open file: %s\n", fileName); + free(buffer); return 0; } diff --git a/JavaScriptCore/API/tests/minidom.html b/JavaScriptCore/API/tests/minidom.html old mode 100644 new mode 100755 diff --git a/JavaScriptCore/API/tests/minidom.js b/JavaScriptCore/API/tests/minidom.js old mode 100644 new mode 100755 diff --git a/JavaScriptCore/API/tests/testapi.c b/JavaScriptCore/API/tests/testapi.c old mode 100644 new mode 100755 index 91978bbf..a9e9e4da --- a/JavaScriptCore/API/tests/testapi.c +++ b/JavaScriptCore/API/tests/testapi.c @@ -27,10 +27,17 @@ #include "JSBasePrivate.h" #include "JSContextRefPrivate.h" #include "JSObjectRefPrivate.h" +#include "JSScriptRefPrivate.h" +#include "JSStringRefPrivate.h" #include #define ASSERT_DISABLED 0 #include -#include + +#if PLATFORM(MAC) || PLATFORM(IOS) +#include +#include +#include +#endif #if OS(WINDOWS) #include @@ -45,10 +52,19 @@ static double nan(const char*) return std::numeric_limits::quiet_NaN(); } +using std::isinf; +using std::isnan; + #endif +#if JSC_OBJC_API_ENABLED +void testObjectiveCAPI(void); +#endif + +extern void JSSynchronousGarbageCollectForDebugging(JSContextRef); + static JSGlobalContextRef context; -static int failed; +int failed; static void assertEqualsAsBoolean(JSValueRef value, bool expectedValue) { if (JSValueToBoolean(context, value) != expectedValue) { @@ -481,6 +497,11 @@ static bool PropertyCatchalls_setProperty(JSContextRef context, JSObjectRef obje return true; } + if (JSStringIsEqualToUTF8CString(propertyName, "make_throw") || JSStringIsEqualToUTF8CString(propertyName, "0")) { + *exception = JSValueMakeNumber(context, 5); + return true; + } + return false; } @@ -1030,6 +1051,68 @@ static void checkConstnessInJSObjectNames() val.name = "something"; } +#if PLATFORM(MAC) || PLATFORM(IOS) +static double currentCPUTime() +{ + mach_msg_type_number_t infoCount = THREAD_BASIC_INFO_COUNT; + thread_basic_info_data_t info; + + /* Get thread information */ + mach_port_t threadPort = mach_thread_self(); + thread_info(threadPort, THREAD_BASIC_INFO, (thread_info_t)(&info), &infoCount); + mach_port_deallocate(mach_task_self(), threadPort); + + double time = info.user_time.seconds + info.user_time.microseconds / 1000000.; + time += info.system_time.seconds + info.system_time.microseconds / 1000000.; + + return time; +} + +static JSValueRef currentCPUTime_callAsFunction(JSContextRef ctx, JSObjectRef functionObject, JSObjectRef thisObject, size_t argumentCount, const JSValueRef arguments[], JSValueRef* exception) +{ + UNUSED_PARAM(functionObject); + UNUSED_PARAM(thisObject); + UNUSED_PARAM(argumentCount); + UNUSED_PARAM(arguments); + UNUSED_PARAM(exception); + + ASSERT(JSContextGetGlobalContext(ctx) == context); + return JSValueMakeNumber(ctx, currentCPUTime()); +} + +bool shouldTerminateCallbackWasCalled = false; +static bool shouldTerminateCallback(JSContextRef ctx, void* context) +{ + UNUSED_PARAM(ctx); + UNUSED_PARAM(context); + shouldTerminateCallbackWasCalled = true; + return true; +} + +bool cancelTerminateCallbackWasCalled = false; +static bool cancelTerminateCallback(JSContextRef ctx, void* context) +{ + UNUSED_PARAM(ctx); + UNUSED_PARAM(context); + cancelTerminateCallbackWasCalled = true; + return false; +} + +int extendTerminateCallbackCalled = 0; +static bool extendTerminateCallback(JSContextRef ctx, void* context) +{ + UNUSED_PARAM(context); + extendTerminateCallbackCalled++; + if (extendTerminateCallbackCalled == 1) { + JSContextGroupRef contextGroup = JSContextGetGroup(ctx); + JSContextGroupSetExecutionTimeLimit(contextGroup, .200f, extendTerminateCallback, 0); + return false; + } + return true; +} +#endif /* PLATFORM(MAC) || PLATFORM(IOS) */ + + int main(int argc, char* argv[]) { #if OS(WINDOWS) @@ -1039,6 +1122,10 @@ int main(int argc, char* argv[]) ::SetErrorMode(0); #endif +#if JSC_OBJC_API_ENABLED + testObjectiveCAPI(); +#endif + const char *scriptPath = "testapi.js"; if (argc > 1) { scriptPath = argv[1]; @@ -1061,6 +1148,8 @@ int main(int argc, char* argv[]) JSClassRef globalObjectClass = JSClassCreate(&globalObjectClassDefinition); context = JSGlobalContextCreateInGroup(NULL, globalObjectClass); + JSContextGroupRef contextGroup = JSContextGetGroup(context); + JSGlobalContextRetain(context); JSGlobalContextRelease(context); ASSERT(JSContextGetGlobalContext(context) == context); @@ -1117,6 +1206,12 @@ int main(int argc, char* argv[]) free(buffer); JSValueRef jsCFEmptyStringWithCharacters = JSValueMakeString(context, jsCFEmptyIStringWithCharacters); + JSChar constantString[] = { 'H', 'e', 'l', 'l', 'o', }; + JSStringRef constantStringRef = JSStringCreateWithCharactersNoCopy(constantString, sizeof(constantString) / sizeof(constantString[0])); + ASSERT(JSStringGetCharactersPtr(constantStringRef) == constantString); + JSStringRelease(constantStringRef); + + ASSERT(JSValueGetType(context, NULL) == kJSTypeNull); ASSERT(JSValueGetType(context, jsUndefined) == kJSTypeUndefined); ASSERT(JSValueGetType(context, jsNull) == kJSTypeNull); ASSERT(JSValueGetType(context, jsTrue) == kJSTypeBoolean); @@ -1131,6 +1226,49 @@ int main(int argc, char* argv[]) ASSERT(JSValueGetType(context, jsCFEmptyString) == kJSTypeString); ASSERT(JSValueGetType(context, jsCFEmptyStringWithCharacters) == kJSTypeString); + ASSERT(!JSValueIsBoolean(context, NULL)); + ASSERT(!JSValueIsObject(context, NULL)); + ASSERT(!JSValueIsString(context, NULL)); + ASSERT(!JSValueIsNumber(context, NULL)); + ASSERT(!JSValueIsUndefined(context, NULL)); + ASSERT(JSValueIsNull(context, NULL)); + ASSERT(!JSObjectCallAsFunction(context, NULL, NULL, 0, NULL, NULL)); + ASSERT(!JSObjectCallAsConstructor(context, NULL, 0, NULL, NULL)); + ASSERT(!JSObjectIsConstructor(context, NULL)); + ASSERT(!JSObjectIsFunction(context, NULL)); + + JSStringRef nullString = JSStringCreateWithUTF8CString(0); + const JSChar* characters = JSStringGetCharactersPtr(nullString); + if (characters) { + printf("FAIL: Didn't return null when accessing character pointer of a null String.\n"); + failed = 1; + } else + printf("PASS: returned null when accessing character pointer of a null String.\n"); + + JSStringRef emptyString = JSStringCreateWithCFString(CFSTR("")); + characters = JSStringGetCharactersPtr(emptyString); + if (!characters) { + printf("FAIL: Returned null when accessing character pointer of an empty String.\n"); + failed = 1; + } else + printf("PASS: returned empty when accessing character pointer of an empty String.\n"); + + size_t length = JSStringGetLength(nullString); + if (length) { + printf("FAIL: Didn't return 0 length for null String.\n"); + failed = 1; + } else + printf("PASS: returned 0 length for null String.\n"); + JSStringRelease(nullString); + + length = JSStringGetLength(emptyString); + if (length) { + printf("FAIL: Didn't return 0 length for empty String.\n"); + failed = 1; + } else + printf("PASS: returned 0 length for empty String.\n"); + JSStringRelease(emptyString); + JSObjectRef propertyCatchalls = JSObjectMake(context, PropertyCatchalls_class(context), NULL); JSStringRef propertyCatchallsString = JSStringCreateWithUTF8CString("PropertyCatchalls"); JSObjectSetProperty(context, globalObject, propertyCatchallsString, propertyCatchalls, kJSPropertyAttributeNone, NULL); @@ -1208,6 +1346,15 @@ int main(int argc, char* argv[]) } else printf("PASS: Retrieved private property.\n"); + JSStringRef nullJSON = JSStringCreateWithUTF8CString(0); + JSValueRef nullJSONObject = JSValueMakeFromJSONString(context, nullJSON); + if (nullJSONObject) { + printf("FAIL: Did not parse null String as JSON correctly\n"); + failed = 1; + } else + printf("PASS: Parsed null String as JSON correctly.\n"); + JSStringRelease(nullJSON); + JSStringRef validJSON = JSStringCreateWithUTF8CString("{\"aProperty\":true}"); JSValueRef jsonObject = JSValueMakeFromJSONString(context, validJSON); JSStringRelease(validJSON); @@ -1374,9 +1521,12 @@ int main(int argc, char* argv[]) JSValueUnprotect(context, jsNumberValue); JSStringRef goodSyntax = JSStringCreateWithUTF8CString("x = 1;"); - JSStringRef badSyntax = JSStringCreateWithUTF8CString("x := 1;"); + const char* badSyntaxConstant = "x := 1;"; + JSStringRef badSyntax = JSStringCreateWithUTF8CString(badSyntaxConstant); ASSERT(JSCheckScriptSyntax(context, goodSyntax, NULL, 0, NULL)); ASSERT(!JSCheckScriptSyntax(context, badSyntax, NULL, 0, NULL)); + ASSERT(!JSScriptCreateFromString(contextGroup, 0, 0, badSyntax, 0, 0)); + ASSERT(!JSScriptCreateReferencingImmortalASCIIText(contextGroup, 0, 0, badSyntaxConstant, strlen(badSyntaxConstant), 0, 0)); JSValueRef result; JSValueRef v; @@ -1565,13 +1715,21 @@ int main(int argc, char* argv[]) v = JSObjectCallAsFunction(context, function, o, 0, NULL, NULL); ASSERT(JSValueIsEqual(context, v, o, NULL)); - JSStringRef script = JSStringCreateWithUTF8CString("this;"); + const char* thisScript = "this;"; + JSStringRef script = JSStringCreateWithUTF8CString(thisScript); v = JSEvaluateScript(context, script, NULL, NULL, 1, NULL); ASSERT(JSValueIsEqual(context, v, globalObject, NULL)); v = JSEvaluateScript(context, script, o, NULL, 1, NULL); ASSERT(JSValueIsEqual(context, v, o, NULL)); JSStringRelease(script); + JSScriptRef scriptObject = JSScriptCreateReferencingImmortalASCIIText(contextGroup, 0, 0, thisScript, strlen(thisScript), 0, 0); + v = JSScriptEvaluate(context, scriptObject, NULL, NULL); + ASSERT(JSValueIsEqual(context, v, globalObject, NULL)); + v = JSScriptEvaluate(context, scriptObject, o, NULL); + ASSERT(JSValueIsEqual(context, v, o, NULL)); + JSScriptRelease(scriptObject); + script = JSStringCreateWithUTF8CString("eval(this);"); v = JSEvaluateScript(context, script, NULL, NULL, 1, NULL); ASSERT(JSValueIsEqual(context, v, globalObject, NULL)); @@ -1591,8 +1749,23 @@ int main(int argc, char* argv[]) printf("FAIL: Test script could not be loaded.\n"); failed = 1; } else { - script = JSStringCreateWithUTF8CString(scriptUTF8); - result = JSEvaluateScript(context, script, NULL, NULL, 1, &exception); + JSStringRef url = JSStringCreateWithUTF8CString(scriptPath); + JSStringRef script = JSStringCreateWithUTF8CString(scriptUTF8); + JSStringRef errorMessage = 0; + int errorLine = 0; + JSScriptRef scriptObject = JSScriptCreateFromString(contextGroup, url, 1, script, &errorMessage, &errorLine); + ASSERT((!scriptObject) != (!errorMessage)); + if (!scriptObject) { + printf("FAIL: Test script did not parse\n\t%s:%d\n\t", scriptPath, errorLine); + CFStringRef errorCF = JSStringCopyCFString(kCFAllocatorDefault, errorMessage); + CFShow(errorCF); + CFRelease(errorCF); + JSStringRelease(errorMessage); + failed = 1; + } + + JSStringRelease(script); + result = scriptObject ? JSScriptEvaluate(context, scriptObject, 0, &exception) : 0; if (result && JSValueIsUndefined(context, result)) printf("PASS: Test script executed successfully.\n"); else { @@ -1604,10 +1777,163 @@ int main(int argc, char* argv[]) JSStringRelease(exceptionIString); failed = 1; } - JSStringRelease(script); + JSScriptRelease(scriptObject); free(scriptUTF8); } +#if PLATFORM(MAC) || PLATFORM(IOS) + JSStringRef currentCPUTimeStr = JSStringCreateWithUTF8CString("currentCPUTime"); + JSObjectRef currentCPUTimeFunction = JSObjectMakeFunctionWithCallback(context, currentCPUTimeStr, currentCPUTime_callAsFunction); + JSObjectSetProperty(context, globalObject, currentCPUTimeStr, currentCPUTimeFunction, kJSPropertyAttributeNone, NULL); + JSStringRelease(currentCPUTimeStr); + + /* Test script timeout: */ + JSContextGroupSetExecutionTimeLimit(contextGroup, .10f, shouldTerminateCallback, 0); + { + const char* loopForeverScript = "var startTime = currentCPUTime(); while (true) { if (currentCPUTime() - startTime > .150) break; } "; + JSStringRef script = JSStringCreateWithUTF8CString(loopForeverScript); + double startTime; + double endTime; + exception = NULL; + shouldTerminateCallbackWasCalled = false; + startTime = currentCPUTime(); + v = JSEvaluateScript(context, script, NULL, NULL, 1, &exception); + endTime = currentCPUTime(); + + if (((endTime - startTime) < .150f) && shouldTerminateCallbackWasCalled) + printf("PASS: script timed out as expected.\n"); + else { + if (!((endTime - startTime) < .150f)) + printf("FAIL: script did not timed out as expected.\n"); + if (!shouldTerminateCallbackWasCalled) + printf("FAIL: script timeout callback was not called.\n"); + failed = true; + } + + if (!exception) { + printf("FAIL: TerminatedExecutionException was not thrown.\n"); + failed = true; + } + } + + /* Test the script timeout's TerminatedExecutionException should NOT be catchable: */ + JSContextGroupSetExecutionTimeLimit(contextGroup, 0.10f, shouldTerminateCallback, 0); + { + const char* loopForeverScript = "var startTime = currentCPUTime(); try { while (true) { if (currentCPUTime() - startTime > .150) break; } } catch(e) { }"; + JSStringRef script = JSStringCreateWithUTF8CString(loopForeverScript); + double startTime; + double endTime; + exception = NULL; + shouldTerminateCallbackWasCalled = false; + startTime = currentCPUTime(); + v = JSEvaluateScript(context, script, NULL, NULL, 1, &exception); + endTime = currentCPUTime(); + + if (((endTime - startTime) >= .150f) || !shouldTerminateCallbackWasCalled) { + if (!((endTime - startTime) < .150f)) + printf("FAIL: script did not timed out as expected.\n"); + if (!shouldTerminateCallbackWasCalled) + printf("FAIL: script timeout callback was not called.\n"); + failed = true; + } + + if (exception) + printf("PASS: TerminatedExecutionException was not catchable as expected.\n"); + else { + printf("FAIL: TerminatedExecutionException was caught.\n"); + failed = true; + } + } + + /* Test script timeout with no callback: */ + JSContextGroupSetExecutionTimeLimit(contextGroup, .10f, 0, 0); + { + const char* loopForeverScript = "var startTime = currentCPUTime(); while (true) { if (currentCPUTime() - startTime > .150) break; } "; + JSStringRef script = JSStringCreateWithUTF8CString(loopForeverScript); + double startTime; + double endTime; + exception = NULL; + startTime = currentCPUTime(); + v = JSEvaluateScript(context, script, NULL, NULL, 1, &exception); + endTime = currentCPUTime(); + + if (((endTime - startTime) < .150f) && shouldTerminateCallbackWasCalled) + printf("PASS: script timed out as expected when no callback is specified.\n"); + else { + if (!((endTime - startTime) < .150f)) + printf("FAIL: script did not timed out as expected when no callback is specified.\n"); + failed = true; + } + + if (!exception) { + printf("FAIL: TerminatedExecutionException was not thrown.\n"); + failed = true; + } + } + + /* Test script timeout cancellation: */ + JSContextGroupSetExecutionTimeLimit(contextGroup, 0.10f, cancelTerminateCallback, 0); + { + const char* loopForeverScript = "var startTime = currentCPUTime(); while (true) { if (currentCPUTime() - startTime > .150) break; } "; + JSStringRef script = JSStringCreateWithUTF8CString(loopForeverScript); + double startTime; + double endTime; + exception = NULL; + startTime = currentCPUTime(); + v = JSEvaluateScript(context, script, NULL, NULL, 1, &exception); + endTime = currentCPUTime(); + + if (((endTime - startTime) >= .150f) && cancelTerminateCallbackWasCalled && !exception) + printf("PASS: script timeout was cancelled as expected.\n"); + else { + if (((endTime - startTime) < .150) || exception) + printf("FAIL: script timeout was not cancelled.\n"); + if (!cancelTerminateCallbackWasCalled) + printf("FAIL: script timeout callback was not called.\n"); + failed = true; + } + + if (exception) { + printf("FAIL: Unexpected TerminatedExecutionException thrown.\n"); + failed = true; + } + } + + /* Test script timeout extension: */ + JSContextGroupSetExecutionTimeLimit(contextGroup, 0.100f, extendTerminateCallback, 0); + { + const char* loopForeverScript = "var startTime = currentCPUTime(); while (true) { if (currentCPUTime() - startTime > .500) break; } "; + JSStringRef script = JSStringCreateWithUTF8CString(loopForeverScript); + double startTime; + double endTime; + double deltaTime; + exception = NULL; + startTime = currentCPUTime(); + v = JSEvaluateScript(context, script, NULL, NULL, 1, &exception); + endTime = currentCPUTime(); + deltaTime = endTime - startTime; + + if ((deltaTime >= .300f) && (deltaTime < .500f) && (extendTerminateCallbackCalled == 2) && exception) + printf("PASS: script timeout was extended as expected.\n"); + else { + if (deltaTime < .200f) + printf("FAIL: script timeout was not extended as expected.\n"); + else if (deltaTime >= .500f) + printf("FAIL: script did not timeout.\n"); + + if (extendTerminateCallbackCalled < 1) + printf("FAIL: script timeout callback was not called.\n"); + if (extendTerminateCallbackCalled < 2) + printf("FAIL: script timeout callback was not called after timeout extension.\n"); + + if (!exception) + printf("FAIL: TerminatedExecutionException was not thrown during timeout extension test.\n"); + + failed = true; + } + } +#endif /* PLATFORM(MAC) || PLATFORM(IOS) */ + // Clear out local variables pointing at JSObjectRefs to allow their values to be collected function = NULL; v = NULL; @@ -1670,6 +1996,7 @@ static char* createStringWithContentsOfFile(const char* fileName) FILE* f = fopen(fileName, "r"); if (!f) { fprintf(stderr, "Could not open file: %s\n", fileName); + free(buffer); return 0; } diff --git a/JavaScriptCore/API/tests/testapi.js b/JavaScriptCore/API/tests/testapi.js old mode 100644 new mode 100755 index 28fa5443..47c20a83 --- a/JavaScriptCore/API/tests/testapi.js +++ b/JavaScriptCore/API/tests/testapi.js @@ -262,6 +262,10 @@ shouldBe("PropertyCatchalls.x", 4); for (var i = 0; i < 6; ++i) var x = PropertyCatchalls.x; shouldBe("x", null); +var make_throw = 'make_throw'; +shouldThrow("PropertyCatchalls[make_throw]=1"); +make_throw = 0; +shouldThrow("PropertyCatchalls[make_throw]=1"); for (var i = 0; i < 10; ++i) { for (var p in PropertyCatchalls) { diff --git a/JavaScriptCore/API/tests/testapi.mm b/JavaScriptCore/API/tests/testapi.mm new file mode 100755 index 00000000..defb46e7 --- /dev/null +++ b/JavaScriptCore/API/tests/testapi.mm @@ -0,0 +1,841 @@ +/* + * Copyright (C) 2013 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY + * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#import + +extern "C" void JSSynchronousGarbageCollectForDebugging(JSContextRef); + +extern "C" bool _Block_has_signature(id); +extern "C" const char * _Block_signature(id); + +extern int failed; +extern "C" void testObjectiveCAPI(void); + +#if JSC_OBJC_API_ENABLED + +@protocol ParentObject +@end + +@interface ParentObject : NSObject ++ (NSString *)parentTest; +@end + +@implementation ParentObject ++ (NSString *)parentTest +{ + return [self description]; +} +@end + +@protocol TestObject +@property int variable; +@property (readonly) int six; +@property CGPoint point; ++ (NSString *)classTest; ++ (NSString *)parentTest; +- (NSString *)getString; +JSExportAs(testArgumentTypes, +- (NSString *)testArgumentTypesWithInt:(int)i double:(double)d boolean:(BOOL)b string:(NSString *)s number:(NSNumber *)n array:(NSArray *)a dictionary:(NSDictionary *)o +); +- (void)callback:(JSValue *)function; +- (void)bogusCallback:(void(^)(int))function; +@end + +@interface TestObject : ParentObject +@property int six; ++ (id)testObject; +@end + +@implementation TestObject +@synthesize variable; +@synthesize six; +@synthesize point; ++ (id)testObject +{ + return [[TestObject alloc] init]; +} ++ (NSString *)classTest +{ + return @"classTest - okay"; +} +- (NSString *)getString +{ + return @"42"; +} +- (NSString *)testArgumentTypesWithInt:(int)i double:(double)d boolean:(BOOL)b string:(NSString *)s number:(NSNumber *)n array:(NSArray *)a dictionary:(NSDictionary *)o +{ + return [NSString stringWithFormat:@"%d,%g,%d,%@,%d,%@,%@", i, d, b==YES?true:false,s,[n intValue],a[1],o[@"x"]]; +} +- (void)callback:(JSValue *)function +{ + [function callWithArguments:[NSArray arrayWithObject:[NSNumber numberWithInt:42]]]; +} +- (void)bogusCallback:(void(^)(int))function +{ + function(42); +} +@end + +bool testXYZTested = false; + +@protocol TextXYZ +@property int x; +@property (readonly) int y; +@property (assign) JSValue *onclick; +@property (assign) JSValue *weakOnclick; +- (void)test:(NSString *)message; +@end + +@interface TextXYZ : NSObject +@property int x; +@property int y; +@property int z; +- (void)click; +@end + +@implementation TextXYZ { + JSManagedValue *m_weakOnclickHandler; + JSManagedValue *m_onclickHandler; +} +@synthesize x; +@synthesize y; +@synthesize z; +- (void)test:(NSString *)message +{ + testXYZTested = [message isEqual:@"test"] && x == 13 & y == 4 && z == 5; +} +- (void)setWeakOnclick:(JSValue *)value +{ + m_weakOnclickHandler = [JSManagedValue managedValueWithValue:value]; +} + +- (void)setOnclick:(JSValue *)value +{ + m_onclickHandler = [JSManagedValue managedValueWithValue:value]; + [value.context.virtualMachine addManagedReference:m_onclickHandler withOwner:self]; +} +- (JSValue *)weakOnclick +{ + return [m_weakOnclickHandler value]; +} +- (JSValue *)onclick +{ + return [m_onclickHandler value]; +} +- (void)click +{ + if (!m_onclickHandler) + return; + + JSValue *function = [m_onclickHandler value]; + [function callWithArguments:[NSArray array]]; +} +- (void)dealloc +{ + [[m_onclickHandler value].context.virtualMachine removeManagedReference:m_onclickHandler withOwner:self]; +} +@end + +@class TinyDOMNode; + +@protocol TinyDOMNode +- (void)appendChild:(TinyDOMNode *)child; +- (NSUInteger)numberOfChildren; +- (TinyDOMNode *)childAtIndex:(NSUInteger)index; +- (void)removeChildAtIndex:(NSUInteger)index; +@end + +@interface TinyDOMNode : NSObject ++ (JSVirtualMachine *)sharedVirtualMachine; ++ (void)clearSharedVirtualMachine; +@end + +@implementation TinyDOMNode { + NSMutableArray *m_children; +} + +static JSVirtualMachine *sharedInstance = nil; + ++ (JSVirtualMachine *)sharedVirtualMachine +{ + if (!sharedInstance) + sharedInstance = [[JSVirtualMachine alloc] init]; + return sharedInstance; +} + ++ (void)clearSharedVirtualMachine +{ + sharedInstance = nil; +} + +- (id)init +{ + self = [super init]; + if (!self) + return nil; + + m_children = [[NSMutableArray alloc] initWithCapacity:0]; + + return self; +} + +- (void)dealloc +{ + NSEnumerator *enumerator = [m_children objectEnumerator]; + id nextChild; + while ((nextChild = [enumerator nextObject])) + [[TinyDOMNode sharedVirtualMachine] removeManagedReference:nextChild withOwner:self]; + +#if !__has_feature(objc_arc) + [super dealloc]; +#endif +} + +- (void)appendChild:(TinyDOMNode *)child +{ + [[TinyDOMNode sharedVirtualMachine] addManagedReference:child withOwner:self]; + [m_children addObject:child]; +} + +- (NSUInteger)numberOfChildren +{ + return [m_children count]; +} + +- (TinyDOMNode *)childAtIndex:(NSUInteger)index +{ + if (index >= [m_children count]) + return nil; + return [m_children objectAtIndex:index]; +} + +- (void)removeChildAtIndex:(NSUInteger)index +{ + if (index >= [m_children count]) + return; + [[TinyDOMNode sharedVirtualMachine] removeManagedReference:[m_children objectAtIndex:index] withOwner:self]; + [m_children removeObjectAtIndex:index]; +} + +@end + +static void checkResult(NSString *description, bool passed) +{ + NSLog(@"TEST: \"%@\": %@", description, passed ? @"PASSED" : @"FAILED"); + if (!passed) + failed = 1; +} + +static bool blockSignatureContainsClass() +{ + static bool containsClass = ^{ + id block = ^(NSString *string){ return string; }; + return _Block_has_signature(block) && strstr(_Block_signature(block), "NSString"); + }(); + return containsClass; +} + +void testObjectiveCAPI() +{ + NSLog(@"Testing Objective-C API"); + + @autoreleasepool { + JSContext *context = [[JSContext alloc] init]; + JSValue *result = [context evaluateScript:@"2 + 2"]; + checkResult(@"2 + 2", [result isNumber] && [result toInt32] == 4); + } + + @autoreleasepool { + JSContext *context = [[JSContext alloc] init]; + NSString *result = [NSString stringWithFormat:@"Two plus two is %@", [context evaluateScript:@"2 + 2"]]; + checkResult(@"stringWithFormat", [result isEqual:@"Two plus two is 4"]); + } + + @autoreleasepool { + JSContext *context = [[JSContext alloc] init]; + context[@"message"] = @"Hello"; + JSValue *result = [context evaluateScript:@"message + ', World!'"]; + checkResult(@"Hello, World!", [result isString] && [result isEqualToObject:@"Hello, World!"]); + } + + @autoreleasepool { + JSContext *context = [[JSContext alloc] init]; + JSValue *result = [context evaluateScript:@"({ x:42 })"]; + checkResult(@"({ x:42 })", [result isObject] && [result[@"x"] isEqualToObject:@42]); + id obj = [result toObject]; + checkResult(@"Check dictionary literal", [obj isKindOfClass:[NSDictionary class]]); + id num = (NSDictionary *)obj[@"x"]; + checkResult(@"Check numeric literal", [num isKindOfClass:[NSNumber class]]); + } + + @autoreleasepool { + JSContext *context = [[JSContext alloc] init]; + __block int result; + context[@"blockCallback"] = ^(int value){ + result = value; + }; + [context evaluateScript:@"blockCallback(42)"]; + checkResult(@"blockCallback", result == 42); + } + + if (blockSignatureContainsClass()) { + @autoreleasepool { + JSContext *context = [[JSContext alloc] init]; + __block bool result = false; + context[@"blockCallback"] = ^(NSString *value){ + result = [@"42" isEqualToString:value] == YES; + }; + [context evaluateScript:@"blockCallback(42)"]; + checkResult(@"blockCallback(NSString *)", result); + } + } else + NSLog(@"Skipping 'blockCallback(NSString *)' test case"); + + @autoreleasepool { + JSContext *context = [[JSContext alloc] init]; + checkResult(@"!context.exception", !context.exception); + [context evaluateScript:@"!@#$%^&*() THIS IS NOT VALID JAVASCRIPT SYNTAX !@#$%^&*()"]; + checkResult(@"context.exception", context.exception); + } + + @autoreleasepool { + JSContext *context = [[JSContext alloc] init]; + __block bool caught = false; + context.exceptionHandler = ^(JSContext *context, JSValue *exception) { + (void)context; + (void)exception; + caught = true; + }; + [context evaluateScript:@"!@#$%^&*() THIS IS NOT VALID JAVASCRIPT SYNTAX !@#$%^&*()"]; + checkResult(@"JSContext.exceptionHandler", caught); + } + + @autoreleasepool { + JSContext *context = [[JSContext alloc] init]; + context[@"callback"] = ^{ + JSContext *context = [JSContext currentContext]; + context.exception = [JSValue valueWithNewErrorFromMessage:@"Something went wrong." inContext:context]; + }; + JSValue *result = [context evaluateScript:@"var result; try { callback(); } catch (e) { result = 'Caught exception'; }"]; + checkResult(@"Explicit throw in callback - was caught by JavaScript", [result isEqualToObject:@"Caught exception"]); + checkResult(@"Explicit throw in callback - not thrown to Objective-C", !context.exception); + } + + @autoreleasepool { + JSContext *context = [[JSContext alloc] init]; + context[@"callback"] = ^{ + JSContext *context = [JSContext currentContext]; + [context evaluateScript:@"!@#$%^&*() THIS IS NOT VALID JAVASCRIPT SYNTAX !@#$%^&*()"]; + }; + JSValue *result = [context evaluateScript:@"var result; try { callback(); } catch (e) { result = 'Caught exception'; }"]; + checkResult(@"Implicit throw in callback - was caught by JavaScript", [result isEqualToObject:@"Caught exception"]); + checkResult(@"Implicit throw in callback - not thrown to Objective-C", !context.exception); + } + + @autoreleasepool { + JSContext *context = [[JSContext alloc] init]; + [context evaluateScript: + @"function sum(array) { \ + var result = 0; \ + for (var i in array) \ + result += array[i]; \ + return result; \ + }"]; + JSValue *array = [JSValue valueWithObject:@[@13, @2, @7] inContext:context]; + JSValue *sumFunction = context[@"sum"]; + JSValue *result = [sumFunction callWithArguments:@[ array ]]; + checkResult(@"sum([13, 2, 7])", [result toInt32] == 22); + } + + @autoreleasepool { + JSContext *context = [[JSContext alloc] init]; + JSValue *mulAddFunction = [context evaluateScript: + @"(function(array, object) { \ + var result = []; \ + for (var i in array) \ + result.push(array[i] * object.x + object.y); \ + return result; \ + })"]; + JSValue *result = [mulAddFunction callWithArguments:@[ @[ @2, @4, @8 ], @{ @"x":@0.5, @"y":@42 } ]]; + checkResult(@"mulAddFunction", [result isObject] && [[result toString] isEqual:@"43,44,46"]); + } + + @autoreleasepool { + JSContext *context = [[JSContext alloc] init]; + JSValue *array = [JSValue valueWithNewArrayInContext:context]; + checkResult(@"arrayLengthEmpty", [[array[@"length"] toNumber] unsignedIntegerValue] == 0); + JSValue *value1 = [JSValue valueWithInt32:42 inContext:context]; + JSValue *value2 = [JSValue valueWithInt32:24 inContext:context]; + NSUInteger lowIndex = 5; + NSUInteger maxLength = UINT_MAX; + + [array setValue:value1 atIndex:lowIndex]; + checkResult(@"array.length after put to low index", [[array[@"length"] toNumber] unsignedIntegerValue] == (lowIndex + 1)); + + [array setValue:value1 atIndex:(maxLength - 1)]; + checkResult(@"array.length after put to maxLength - 1", [[array[@"length"] toNumber] unsignedIntegerValue] == maxLength); + + [array setValue:value2 atIndex:maxLength]; + checkResult(@"array.length after put to maxLength", [[array[@"length"] toNumber] unsignedIntegerValue] == maxLength); + + [array setValue:value2 atIndex:(maxLength + 1)]; + checkResult(@"array.length after put to maxLength + 1", [[array[@"length"] toNumber] unsignedIntegerValue] == maxLength); + + checkResult(@"valueAtIndex:0 is undefined", [[array valueAtIndex:0] isUndefined]); + checkResult(@"valueAtIndex:lowIndex", [[array valueAtIndex:lowIndex] toInt32] == 42); + checkResult(@"valueAtIndex:maxLength - 1", [[array valueAtIndex:(maxLength - 1)] toInt32] == 42); + checkResult(@"valueAtIndex:maxLength", [[array valueAtIndex:maxLength] toInt32] == 24); + checkResult(@"valueAtIndex:maxLength + 1", [[array valueAtIndex:(maxLength + 1)] toInt32] == 24); + } + + @autoreleasepool { + JSContext *context = [[JSContext alloc] init]; + JSValue *object = [JSValue valueWithNewObjectInContext:context]; + + object[@"point"] = @{ @"x":@1, @"y":@2 }; + object[@"point"][@"x"] = @3; + CGPoint point = [object[@"point"] toPoint]; + checkResult(@"toPoint", point.x == 3 && point.y == 2); + + object[@{ @"toString":^{ return @"foo"; } }] = @"bar"; + checkResult(@"toString in object literal used as subscript", [[object[@"foo"] toString] isEqual:@"bar"]); + + object[[@"foobar" substringToIndex:3]] = @"bar"; + checkResult(@"substring used as subscript", [[object[@"foo"] toString] isEqual:@"bar"]); + } + + @autoreleasepool { + JSContext *context = [[JSContext alloc] init]; + TextXYZ *testXYZ = [[TextXYZ alloc] init]; + context[@"testXYZ"] = testXYZ; + testXYZ.x = 3; + testXYZ.y = 4; + testXYZ.z = 5; + [context evaluateScript:@"testXYZ.x = 13; testXYZ.y = 14;"]; + [context evaluateScript:@"testXYZ.test('test')"]; + checkResult(@"TextXYZ - testXYZTested", testXYZTested); + JSValue *result = [context evaluateScript:@"testXYZ.x + ',' + testXYZ.y + ',' + testXYZ.z"]; + checkResult(@"TextXYZ - result", [result isEqualToObject:@"13,4,undefined"]); + } + + @autoreleasepool { + JSContext *context = [[JSContext alloc] init]; + [context[@"Object"][@"prototype"] defineProperty:@"getterProperty" descriptor:@{ + JSPropertyDescriptorGetKey:^{ + return [JSContext currentThis][@"x"]; + } + }]; + JSValue *object = [JSValue valueWithObject:@{ @"x":@101 } inContext:context]; + int result = [object [@"getterProperty"] toInt32]; + checkResult(@"getterProperty", result == 101); + } + + @autoreleasepool { + JSContext *context = [[JSContext alloc] init]; + context[@"concatenate"] = ^{ + NSArray *arguments = [JSContext currentArguments]; + if (![arguments count]) + return @""; + NSString *message = [arguments[0] description]; + for (NSUInteger index = 1; index < [arguments count]; ++index) + message = [NSString stringWithFormat:@"%@ %@", message, arguments[index]]; + return message; + }; + JSValue *result = [context evaluateScript:@"concatenate('Hello,', 'World!')"]; + checkResult(@"concatenate", [result isEqualToObject:@"Hello, World!"]); + } + + @autoreleasepool { + JSContext *context = [[JSContext alloc] init]; + context[@"foo"] = @YES; + checkResult(@"@YES is boolean", [context[@"foo"] isBoolean]); + JSValue *result = [context evaluateScript:@"typeof foo"]; + checkResult(@"@YES is boolean", [result isEqualToObject:@"boolean"]); + } + + @autoreleasepool { + JSContext *context = [[JSContext alloc] init]; + TestObject* testObject = [TestObject testObject]; + context[@"testObject"] = testObject; + JSValue *result = [context evaluateScript:@"String(testObject)"]; + checkResult(@"String(testObject)", [result isEqualToObject:@"[object TestObject]"]); + } + + @autoreleasepool { + JSContext *context = [[JSContext alloc] init]; + TestObject* testObject = [TestObject testObject]; + context[@"testObject"] = testObject; + JSValue *result = [context evaluateScript:@"String(testObject.__proto__)"]; + checkResult(@"String(testObject.__proto__)", [result isEqualToObject:@"[object TestObjectPrototype]"]); + } + + @autoreleasepool { + JSContext *context = [[JSContext alloc] init]; + context[@"TestObject"] = [TestObject class]; + JSValue *result = [context evaluateScript:@"String(TestObject)"]; + checkResult(@"String(TestObject)", [result isEqualToObject:@"[object TestObjectConstructor]"]); + } + + @autoreleasepool { + JSContext *context = [[JSContext alloc] init]; + JSValue* value = [JSValue valueWithObject:[TestObject class] inContext:context]; + checkResult(@"[value toObject] == [TestObject class]", [value toObject] == [TestObject class]); + } + + @autoreleasepool { + JSContext *context = [[JSContext alloc] init]; + context[@"TestObject"] = [TestObject class]; + JSValue *result = [context evaluateScript:@"TestObject.parentTest()"]; + checkResult(@"TestObject.parentTest()", [result isEqualToObject:@"TestObject"]); + } + + @autoreleasepool { + JSContext *context = [[JSContext alloc] init]; + TestObject* testObject = [TestObject testObject]; + context[@"testObjectA"] = testObject; + context[@"testObjectB"] = testObject; + JSValue *result = [context evaluateScript:@"testObjectA == testObjectB"]; + checkResult(@"testObjectA == testObjectB", [result isBoolean] && [result toBool]); + } + + @autoreleasepool { + JSContext *context = [[JSContext alloc] init]; + TestObject* testObject = [TestObject testObject]; + context[@"testObject"] = testObject; + testObject.point = (CGPoint){3,4}; + JSValue *result = [context evaluateScript:@"var result = JSON.stringify(testObject.point); testObject.point = {x:12,y:14}; result"]; + checkResult(@"testObject.point - result", [result isEqualToObject:@"{\"x\":3,\"y\":4}"]); + checkResult(@"testObject.point - {x:12,y:14}", testObject.point.x == 12 && testObject.point.y == 14); + } + + @autoreleasepool { + JSContext *context = [[JSContext alloc] init]; + TestObject* testObject = [TestObject testObject]; + testObject.six = 6; + context[@"testObject"] = testObject; + context[@"mul"] = ^(int x, int y){ return x * y; }; + JSValue *result = [context evaluateScript:@"mul(testObject.six, 7)"]; + checkResult(@"mul(testObject.six, 7)", [result isNumber] && [result toInt32] == 42); + } + + @autoreleasepool { + JSContext *context = [[JSContext alloc] init]; + TestObject* testObject = [TestObject testObject]; + context[@"testObject"] = testObject; + context[@"testObject"][@"variable"] = @4; + [context evaluateScript:@"++testObject.variable"]; + checkResult(@"++testObject.variable", testObject.variable == 5); + } + + @autoreleasepool { + JSContext *context = [[JSContext alloc] init]; + context[@"point"] = @{ @"x":@6, @"y":@7 }; + JSValue *result = [context evaluateScript:@"point.x + ',' + point.y"]; + checkResult(@"point.x + ',' + point.y", [result isEqualToObject:@"6,7"]); + } + + @autoreleasepool { + JSContext *context = [[JSContext alloc] init]; + context[@"point"] = @{ @"x":@6, @"y":@7 }; + JSValue *result = [context evaluateScript:@"point.x + ',' + point.y"]; + checkResult(@"point.x + ',' + point.y", [result isEqualToObject:@"6,7"]); + } + + @autoreleasepool { + JSContext *context = [[JSContext alloc] init]; + TestObject* testObject = [TestObject testObject]; + context[@"testObject"] = testObject; + JSValue *result = [context evaluateScript:@"testObject.getString()"]; + checkResult(@"testObject.getString()", [result isString] && [result toInt32] == 42); + } + + @autoreleasepool { + JSContext *context = [[JSContext alloc] init]; + TestObject* testObject = [TestObject testObject]; + context[@"testObject"] = testObject; + JSValue *result = [context evaluateScript:@"testObject.testArgumentTypes(101,0.5,true,'foo',666,[false,'bar',false],{x:'baz'})"]; + checkResult(@"testObject.testArgumentTypes", [result isEqualToObject:@"101,0.5,1,foo,666,bar,baz"]); + } + + @autoreleasepool { + JSContext *context = [[JSContext alloc] init]; + TestObject* testObject = [TestObject testObject]; + context[@"testObject"] = testObject; + JSValue *result = [context evaluateScript:@"testObject.getString.call(testObject)"]; + checkResult(@"testObject.getString.call(testObject)", [result isString] && [result toInt32] == 42); + } + + @autoreleasepool { + JSContext *context = [[JSContext alloc] init]; + TestObject* testObject = [TestObject testObject]; + context[@"testObject"] = testObject; + checkResult(@"testObject.getString.call({}) pre", !context.exception); + [context evaluateScript:@"testObject.getString.call({})"]; + checkResult(@"testObject.getString.call({}) post", context.exception); + } + + @autoreleasepool { + JSContext *context = [[JSContext alloc] init]; + TestObject* testObject = [TestObject testObject]; + context[@"testObject"] = testObject; + JSValue *result = [context evaluateScript:@"var result = 0; testObject.callback(function(x){ result = x; }); result"]; + checkResult(@"testObject.callback", [result isNumber] && [result toInt32] == 42); + result = [context evaluateScript:@"testObject.bogusCallback"]; + checkResult(@"testObject.bogusCallback == undefined", [result isUndefined]); + } + + @autoreleasepool { + JSContext *context = [[JSContext alloc] init]; + TestObject *testObject = [TestObject testObject]; + context[@"testObject"] = testObject; + JSValue *result = [context evaluateScript:@"Function.prototype.toString.call(testObject.callback)"]; + checkResult(@"Function.prototype.toString", !context.exception && ![result isUndefined]); + } + + @autoreleasepool { + JSContext *context1 = [[JSContext alloc] init]; + JSContext *context2 = [[JSContext alloc] initWithVirtualMachine:context1.virtualMachine]; + JSValue *value = [JSValue valueWithDouble:42 inContext:context2]; + context1[@"passValueBetweenContexts"] = value; + JSValue *result = [context1 evaluateScript:@"passValueBetweenContexts"]; + checkResult(@"[value isEqualToObject:result]", [value isEqualToObject:result]); + } + + @autoreleasepool { + JSContext *context = [[JSContext alloc] init]; + context[@"handleTheDictionary"] = ^(NSDictionary *dict) { + NSDictionary *expectedDict = @{ + @"foo" : [NSNumber numberWithInt:1], + @"bar" : @{ + @"baz": [NSNumber numberWithInt:2] + } + }; + checkResult(@"recursively convert nested dictionaries", [dict isEqualToDictionary:expectedDict]); + }; + [context evaluateScript:@"var myDict = { \ + 'foo': 1, \ + 'bar': {'baz': 2} \ + }; \ + handleTheDictionary(myDict);"]; + + context[@"handleTheArray"] = ^(NSArray *array) { + NSArray *expectedArray = @[@"foo", @"bar", @[@"baz"]]; + checkResult(@"recursively convert nested arrays", [array isEqualToArray:expectedArray]); + }; + [context evaluateScript:@"var myArray = ['foo', 'bar', ['baz']]; handleTheArray(myArray);"]; + } + + @autoreleasepool { + JSContext *context = [[JSContext alloc] init]; + TestObject *testObject = [TestObject testObject]; + @autoreleasepool { + context[@"testObject"] = testObject; + [context evaluateScript:@"var constructor = Object.getPrototypeOf(testObject).constructor; constructor.prototype = undefined;"]; + [context evaluateScript:@"testObject = undefined"]; + } + + JSSynchronousGarbageCollectForDebugging([context JSGlobalContextRef]); + + @autoreleasepool { + context[@"testObject"] = testObject; + } + } + + @autoreleasepool { + JSContext *context = [[JSContext alloc] init]; + TextXYZ *testXYZ = [[TextXYZ alloc] init]; + + @autoreleasepool { + context[@"testXYZ"] = testXYZ; + + [context evaluateScript:@" \ + didClick = false; \ + testXYZ.onclick = function() { \ + didClick = true; \ + }; \ + \ + testXYZ.weakOnclick = function() { \ + return 'foo'; \ + }; \ + "]; + } + + @autoreleasepool { + [testXYZ click]; + JSValue *result = [context evaluateScript:@"didClick"]; + checkResult(@"Event handler onclick", [result toBool]); + } + + JSSynchronousGarbageCollectForDebugging([context JSGlobalContextRef]); + + @autoreleasepool { + JSValue *result = [context evaluateScript:@"testXYZ.onclick"]; + checkResult(@"onclick still around after GC", !([result isNull] || [result isUndefined])); + } + + + @autoreleasepool { + JSValue *result = [context evaluateScript:@"testXYZ.weakOnclick"]; + checkResult(@"weakOnclick not around after GC", [result isNull] || [result isUndefined]); + } + + @autoreleasepool { + [context evaluateScript:@" \ + didClick = false; \ + testXYZ = null; \ + "]; + } + + JSSynchronousGarbageCollectForDebugging([context JSGlobalContextRef]); + + @autoreleasepool { + [testXYZ click]; + JSValue *result = [context evaluateScript:@"didClick"]; + checkResult(@"Event handler onclick doesn't fire", ![result toBool]); + } + } + + @autoreleasepool { + JSVirtualMachine *vm = [[JSVirtualMachine alloc] init]; + TestObject *testObject = [TestObject testObject]; + JSManagedValue *weakValue; + @autoreleasepool { + JSContext *context = [[JSContext alloc] initWithVirtualMachine:vm]; + context[@"testObject"] = testObject; + weakValue = [[JSManagedValue alloc] initWithValue:context[@"testObject"]]; + } + + @autoreleasepool { + JSContext *context = [[JSContext alloc] initWithVirtualMachine:vm]; + context[@"testObject"] = testObject; + JSSynchronousGarbageCollectForDebugging([context JSGlobalContextRef]); + checkResult(@"weak value == nil", ![weakValue value]); + checkResult(@"root is still alive", ![context[@"testObject"] isUndefined]); + } + } + + @autoreleasepool { + JSVirtualMachine *vm = [TinyDOMNode sharedVirtualMachine]; + JSContext *context = [[JSContext alloc] initWithVirtualMachine:vm]; + TinyDOMNode *root = [[TinyDOMNode alloc] init]; + TinyDOMNode *lastNode = root; + for (NSUInteger i = 0; i < 3; i++) { + TinyDOMNode *newNode = [[TinyDOMNode alloc] init]; + [lastNode appendChild:newNode]; + lastNode = newNode; + } + + @autoreleasepool { + context[@"root"] = root; + context[@"getLastNodeInChain"] = ^(TinyDOMNode *head){ + TinyDOMNode *lastNode = nil; + while (head) { + lastNode = head; + head = [lastNode childAtIndex:0]; + } + return lastNode; + }; + [context evaluateScript:@"getLastNodeInChain(root).myCustomProperty = 42;"]; + } + + JSSynchronousGarbageCollectForDebugging([context JSGlobalContextRef]); + + JSValue *myCustomProperty = [context evaluateScript:@"getLastNodeInChain(root).myCustomProperty"]; + checkResult(@"My custom property == 42", [myCustomProperty isNumber] && [myCustomProperty toInt32] == 42); + + [TinyDOMNode clearSharedVirtualMachine]; + } + + @autoreleasepool { + JSVirtualMachine *vm = [TinyDOMNode sharedVirtualMachine]; + JSContext *context = [[JSContext alloc] initWithVirtualMachine:vm]; + TinyDOMNode *root = [[TinyDOMNode alloc] init]; + TinyDOMNode *lastNode = root; + for (NSUInteger i = 0; i < 3; i++) { + TinyDOMNode *newNode = [[TinyDOMNode alloc] init]; + [lastNode appendChild:newNode]; + lastNode = newNode; + } + + @autoreleasepool { + context[@"root"] = root; + context[@"getLastNodeInChain"] = ^(TinyDOMNode *head){ + TinyDOMNode *lastNode = nil; + while (head) { + lastNode = head; + head = [lastNode childAtIndex:0]; + } + return lastNode; + }; + [context evaluateScript:@"getLastNodeInChain(root).myCustomProperty = 42;"]; + + [root appendChild:[root childAtIndex:0]]; + [root removeChildAtIndex:0]; + } + + JSSynchronousGarbageCollectForDebugging([context JSGlobalContextRef]); + + JSValue *myCustomProperty = [context evaluateScript:@"getLastNodeInChain(root).myCustomProperty"]; + checkResult(@"duplicate calls to addManagedReference don't cause things to die", [myCustomProperty isNumber] && [myCustomProperty toInt32] == 42); + + [TinyDOMNode clearSharedVirtualMachine]; + } + + @autoreleasepool { + JSContext *context = [[JSContext alloc] init]; + JSValue *o = [JSValue valueWithNewObjectInContext:context]; + o[@"foo"] = @"foo"; + JSSynchronousGarbageCollectForDebugging([context JSGlobalContextRef]); + + checkResult(@"JSValue correctly protected its internal value", [[o[@"foo"] toString] isEqualToString:@"foo"]); + } + + @autoreleasepool { + JSContext *context = [[JSContext alloc] init]; + TestObject *testObject = [TestObject testObject]; + context[@"testObject"] = testObject; + [context evaluateScript:@"testObject.__lookupGetter__('variable').call({})"]; + checkResult(@"Make sure we throw an exception when calling getter on incorrect |this|", context.exception); + } + + @autoreleasepool { + TestObject *testObject = [TestObject testObject]; + JSManagedValue *managedTestObject; + @autoreleasepool { + JSContext *context = [[JSContext alloc] init]; + context[@"testObject"] = testObject; + managedTestObject = [JSManagedValue managedValueWithValue:context[@"testObject"]]; + [context.virtualMachine addManagedReference:managedTestObject withOwner:testObject]; + } + } +} + +#else + +void testObjectiveCAPI() +{ +} + +#endif diff --git a/JavaScriptCore/AUTHORS b/JavaScriptCore/AUTHORS old mode 100644 new mode 100755 diff --git a/JavaScriptCore/AllInOneFile.cpp b/JavaScriptCore/AllInOneFile.cpp old mode 100644 new mode 100755 diff --git a/JavaScriptCore/CMakeLists.txt b/JavaScriptCore/CMakeLists.txt old mode 100644 new mode 100755 index bf48f970..178db819 --- a/JavaScriptCore/CMakeLists.txt +++ b/JavaScriptCore/CMakeLists.txt @@ -1,4 +1,4 @@ -SET(JavaScriptCore_INCLUDE_DIRECTORIES +set(JavaScriptCore_INCLUDE_DIRECTORIES "${CMAKE_BINARY_DIR}" "${JAVASCRIPTCORE_DIR}" "${JAVASCRIPTCORE_DIR}/API" @@ -7,6 +7,8 @@ SET(JavaScriptCore_INCLUDE_DIRECTORIES "${JAVASCRIPTCORE_DIR}/bytecode" "${JAVASCRIPTCORE_DIR}/bytecompiler" "${JAVASCRIPTCORE_DIR}/dfg" + "${JAVASCRIPTCORE_DIR}/disassembler" + "${JAVASCRIPTCORE_DIR}/ftl" "${JAVASCRIPTCORE_DIR}/heap" "${JAVASCRIPTCORE_DIR}/debugger" "${JAVASCRIPTCORE_DIR}/interpreter" @@ -22,8 +24,9 @@ SET(JavaScriptCore_INCLUDE_DIRECTORIES "${CMAKE_SOURCE_DIR}/Source" ) -SET(JavaScriptCore_SOURCES +set(JavaScriptCore_SOURCES API/JSBase.cpp + API/JSCTestRunnerUtils.cpp API/JSCallbackConstructor.cpp API/JSCallbackFunction.cpp API/JSCallbackObject.cpp @@ -31,126 +34,270 @@ SET(JavaScriptCore_SOURCES API/JSContextRef.cpp API/JSObjectRef.cpp API/JSProfilerPrivate.cpp + API/JSScriptRef.cpp API/JSStringRef.cpp API/JSValueRef.cpp API/JSWeakObjectMapRefPrivate.cpp API/OpaqueJSString.cpp + assembler/MacroAssembler.cpp + assembler/LinkBuffer.cpp + assembler/MacroAssemblerX86Common.cpp + + bytecode/ArrayAllocationProfile.cpp + bytecode/ArrayProfile.cpp bytecode/CallLinkInfo.cpp bytecode/CallLinkStatus.cpp bytecode/CodeBlock.cpp + bytecode/CodeBlockHash.cpp + bytecode/CodeOrigin.cpp + bytecode/CodeType.cpp bytecode/DFGExitProfile.cpp + bytecode/DeferredCompilationCallback.cpp bytecode/ExecutionCounter.cpp + bytecode/ExitKind.cpp bytecode/GetByIdStatus.cpp bytecode/JumpTable.cpp bytecode/LazyOperandValueProfile.cpp - bytecode/MethodCallLinkInfo.cpp - bytecode/MethodCallLinkStatus.cpp bytecode/MethodOfGettingAValueProfile.cpp bytecode/Opcode.cpp bytecode/PolymorphicPutByIdList.cpp - bytecode/PredictedType.cpp + bytecode/PreciseJumpTargets.cpp bytecode/PutByIdStatus.cpp + bytecode/ReduceWhitespace.cpp bytecode/SamplingTool.cpp + bytecode/SpecialPointer.cpp + bytecode/SpeculatedType.cpp + bytecode/StructureStubClearingWatchpoint.cpp bytecode/StructureStubInfo.cpp + bytecode/UnlinkedCodeBlock.cpp + bytecode/Watchpoint.cpp bytecompiler/BytecodeGenerator.cpp bytecompiler/NodesCodegen.cpp - dfg/DFGAbstractState.cpp + dfg/DFGAbstractHeap.cpp + dfg/DFGAbstractValue.cpp + dfg/DFGArgumentsSimplificationPhase.cpp + dfg/DFGArrayMode.cpp dfg/DFGAssemblyHelpers.cpp + dfg/DFGAtTailAbstractState.cpp + dfg/DFGBackwardsPropagationPhase.cpp + dfg/DFGBasicBlock.cpp + dfg/DFGBinarySwitch.cpp + dfg/DFGBlockInsertionSet.cpp dfg/DFGByteCodeParser.cpp - dfg/DFGCapabilities.cpp dfg/DFGCFAPhase.cpp - dfg/DFGCorrectableJumpPoint.cpp + dfg/DFGCFGSimplificationPhase.cpp + dfg/DFGCPSRethreadingPhase.cpp dfg/DFGCSEPhase.cpp + dfg/DFGCapabilities.cpp + dfg/DFGClobberSet.cpp + dfg/DFGClobberize.cpp + dfg/DFGCommon.cpp + dfg/DFGCommonData.cpp + dfg/DFGConstantFoldingPhase.cpp + dfg/DFGCriticalEdgeBreakingPhase.cpp + dfg/DFGDCEPhase.cpp + dfg/DFGDesiredIdentifiers.cpp + dfg/DFGDesiredStructureChains.cpp + dfg/DFGDesiredTransitions.cpp + dfg/DFGDesiredWatchpoints.cpp + dfg/DFGDesiredWeakReferences.cpp + dfg/DFGDesiredWriteBarriers.cpp + dfg/DFGDisassembler.cpp + dfg/DFGDominators.cpp dfg/DFGDriver.cpp + dfg/DFGEdge.cpp + dfg/DFGFailedFinalizer.cpp + dfg/DFGFinalizer.cpp dfg/DFGFixupPhase.cpp + dfg/DFGFlushFormat.cpp + dfg/DFGFlushLivenessAnalysisPhase.cpp dfg/DFGGraph.cpp + dfg/DFGInPlaceAbstractState.cpp + dfg/DFGJITCode.cpp dfg/DFGJITCompiler.cpp + dfg/DFGJITFinalizer.cpp + dfg/DFGLICMPhase.cpp + dfg/DFGLazyJSValue.cpp + dfg/DFGLivenessAnalysisPhase.cpp + dfg/DFGLongLivedState.cpp + dfg/DFGLoopPreHeaderCreationPhase.cpp + dfg/DFGMinifiedNode.cpp + dfg/DFGNaturalLoops.cpp + dfg/DFGNode.cpp dfg/DFGNodeFlags.cpp + dfg/DFGOSRAvailabilityAnalysisPhase.cpp dfg/DFGOSREntry.cpp dfg/DFGOSRExit.cpp + dfg/DFGOSRExitBase.cpp dfg/DFGOSRExitCompiler.cpp dfg/DFGOSRExitCompiler32_64.cpp dfg/DFGOSRExitCompiler64.cpp + dfg/DFGOSRExitCompilerCommon.cpp + dfg/DFGOSRExitJumpPlaceholder.cpp + dfg/DFGOSRExitPreparation.cpp dfg/DFGOperations.cpp dfg/DFGPhase.cpp + dfg/DFGPlan.cpp + dfg/DFGPredictionInjectionPhase.cpp dfg/DFGPredictionPropagationPhase.cpp - dfg/DFGRedundantPhiEliminationPhase.cpp dfg/DFGRepatch.cpp + dfg/DFGSSAConversionPhase.cpp dfg/DFGSpeculativeJIT.cpp dfg/DFGSpeculativeJIT32_64.cpp dfg/DFGSpeculativeJIT64.cpp dfg/DFGThunks.cpp + dfg/DFGTypeCheckHoistingPhase.cpp + dfg/DFGUnificationPhase.cpp + dfg/DFGUseKind.cpp + dfg/DFGValidate.cpp + dfg/DFGValueSource.cpp + dfg/DFGVariableAccessDataDump.cpp + dfg/DFGVariableEvent.cpp + dfg/DFGVariableEventStream.cpp dfg/DFGVirtualRegisterAllocationPhase.cpp + dfg/DFGWorklist.cpp + + disassembler/ARMv7Disassembler.cpp + disassembler/Disassembler.cpp + disassembler/LLVMDisassembler.cpp + disassembler/UDis86Disassembler.cpp + disassembler/X86Disassembler.cpp heap/BlockAllocator.cpp heap/CopiedSpace.cpp + heap/CopyVisitor.cpp heap/ConservativeRoots.cpp heap/DFGCodeBlocks.cpp + heap/GCIncomingRefCountedSet.h + heap/GCIncomingRefCounted.h + heap/GCIncomingRefCountedSetInlines.h + heap/GCIncomingRefCountedInlines.h + heap/GCThread.cpp + heap/GCThreadSharedData.cpp heap/HandleSet.cpp heap/HandleStack.cpp heap/Heap.cpp + heap/HeapStatistics.cpp + heap/HeapTimer.cpp + heap/IncrementalSweeper.cpp + heap/JITStubRoutineSet.cpp heap/MachineStackMarker.cpp + + heap/BlockAllocator.cpp + heap/ConservativeRoots.cpp + heap/CopiedSpace.cpp + heap/CopyVisitor.cpp + heap/DFGCodeBlocks.cpp + heap/GCThread.cpp + heap/GCThreadSharedData.cpp + heap/HandleSet.cpp + heap/HandleStack.cpp + heap/Heap.cpp + heap/HeapStatistics.cpp + heap/HeapTimer.cpp + heap/JITStubRoutineSet.cpp + heap/MachineStackMarker.cpp + heap/MarkStack.cpp heap/MarkedAllocator.cpp heap/MarkedBlock.cpp heap/MarkedSpace.cpp - heap/MarkStack.cpp - heap/WeakSet.cpp - heap/WeakHandleOwner.cpp + heap/SlotVisitor.cpp + heap/SuperRegion.cpp + heap/VTableSpectrum.cpp + heap/Weak.cpp heap/WeakBlock.cpp + heap/WeakHandleOwner.cpp + heap/WeakSet.cpp + heap/WriteBarrierSupport.cpp debugger/Debugger.cpp debugger/DebuggerActivation.cpp debugger/DebuggerCallFrame.cpp - + interpreter/AbstractPC.cpp interpreter/CallFrame.cpp interpreter/Interpreter.cpp - interpreter/RegisterFile.cpp + interpreter/JSStack.cpp + interpreter/StackIterator.cpp + interpreter/VMInspector.cpp + jit/ClosureCallStubRoutine.cpp jit/ExecutableAllocator.cpp + jit/ExecutableAllocatorFixedVMPool.cpp + jit/GCAwareJITStubRoutine.cpp jit/HostCallReturnValue.cpp - jit/JITArithmetic32_64.cpp + jit/JIT.cpp jit/JITArithmetic.cpp - jit/JITCall32_64.cpp + jit/JITArithmetic32_64.cpp jit/JITCall.cpp - jit/JIT.cpp + jit/JITCall32_64.cpp + jit/JITCode.cpp + jit/JITDisassembler.cpp jit/JITExceptions.cpp - jit/JITOpcodes32_64.cpp jit/JITOpcodes.cpp - jit/JITPropertyAccess32_64.cpp + jit/JITOpcodes32_64.cpp jit/JITPropertyAccess.cpp + jit/JITPropertyAccess32_64.cpp + jit/JITStubRoutine.cpp jit/JITStubs.cpp + jit/JITThunks.cpp + jit/JITToDFGDeferredCompilationCallback.cpp + jit/JumpReplacementWatchpoint.cpp jit/ThunkGenerators.cpp parser/Lexer.cpp parser/Nodes.cpp parser/Parser.cpp parser/ParserArena.cpp + parser/SourceCode.cpp + parser/SourceProvider.cpp parser/SourceProviderCache.cpp + profiler/ProfilerBytecode.cpp + profiler/ProfilerBytecodeSequence.cpp + profiler/ProfilerBytecodes.cpp + profiler/ProfilerCompilation.cpp + profiler/ProfilerCompilationKind.cpp + profiler/ProfilerCompiledBytecode.cpp + profiler/ProfilerDatabase.cpp + profiler/ProfilerOrigin.cpp + profiler/ProfilerOriginStack.cpp + profiler/ProfilerOSRExit.cpp + profiler/ProfilerOSRExitSite.cpp + profiler/ProfilerProfiledBytecodes.cpp profiler/Profile.cpp profiler/ProfileGenerator.cpp profiler/ProfileNode.cpp - profiler/Profiler.cpp + profiler/LegacyProfiler.cpp runtime/ArgList.cpp runtime/Arguments.cpp + runtime/ArrayBuffer.cpp + runtime/ArrayBufferView.cpp runtime/ArrayConstructor.cpp runtime/ArrayPrototype.cpp runtime/BooleanConstructor.cpp runtime/BooleanObject.cpp runtime/BooleanPrototype.cpp runtime/CallData.cpp + runtime/CodeCache.cpp + runtime/CodeSpecializationKind.cpp runtime/CommonIdentifiers.cpp + runtime/CommonSlowPaths.cpp + runtime/CommonSlowPathsExceptions.cpp + runtime/CompilationResult.cpp runtime/Completion.cpp runtime/ConstructData.cpp + runtime/DataView.cpp + runtime/DataView.h runtime/DateConstructor.cpp runtime/DateConversion.cpp runtime/DateInstance.cpp runtime/DatePrototype.cpp + runtime/DumpContext.cpp runtime/Error.cpp runtime/ErrorConstructor.cpp runtime/ErrorInstance.cpp @@ -158,37 +305,65 @@ SET(JavaScriptCore_SOURCES runtime/ExceptionHelpers.cpp runtime/Executable.cpp runtime/FunctionConstructor.cpp + runtime/FunctionExecutableDump.cpp runtime/FunctionPrototype.cpp runtime/GCActivityCallback.cpp runtime/GetterSetter.cpp runtime/Identifier.cpp + runtime/IndexingType.cpp runtime/InitializeThreading.cpp + runtime/IntendedStructureChain.cpp runtime/InternalFunction.cpp - runtime/JSActivation.cpp runtime/JSAPIValueWrapper.cpp + runtime/JSActivation.cpp runtime/JSArray.cpp + runtime/JSArrayBuffer.cpp + runtime/JSArrayBufferConstructor.cpp + runtime/JSArrayBufferPrototype.cpp + runtime/JSArrayBufferView.cpp + runtime/JSBoundFunction.cpp + runtime/JSCJSValue.cpp runtime/JSCell.cpp + runtime/JSChunk.cpp + runtime/JSDataView.cpp + runtime/JSDataViewPrototype.cpp runtime/JSDateMath.cpp runtime/JSFunction.cpp - runtime/JSBoundFunction.cpp - runtime/JSGlobalData.cpp runtime/JSGlobalObject.cpp runtime/JSGlobalObjectFunctions.cpp - runtime/JSGlobalThis.cpp runtime/JSLock.cpp + runtime/JSNameScope.cpp runtime/JSNotAnObject.cpp - runtime/JSObject.cpp runtime/JSONObject.cpp + runtime/JSObject.cpp + runtime/JSPromise.cpp + runtime/JSPromiseCallback.cpp + runtime/JSPromiseConstructor.cpp + runtime/JSPromisePrototype.cpp + runtime/JSPromiseResolver.cpp + runtime/JSPromiseResolverConstructor.cpp + runtime/JSPromiseResolverPrototype.cpp runtime/JSPropertyNameIterator.cpp + runtime/JSProxy.cpp + runtime/JSScope.cpp + runtime/JSSegmentedVariableObject.cpp runtime/JSStaticScopeObject.cpp runtime/JSString.cpp runtime/JSStringJoiner.cpp - runtime/JSValue.cpp + runtime/JSSymbolTableObject.cpp + runtime/JSTypedArrayConstructors.cpp + runtime/JSTypedArrayPrototypes.cpp + runtime/JSTypedArrays.cpp runtime/JSVariableObject.cpp + runtime/JSWithScope.cpp runtime/JSWrapperObject.cpp runtime/LiteralParser.cpp runtime/Lookup.cpp runtime/MathObject.cpp + runtime/MemoryStatistics.cpp + runtime/NameConstructor.cpp + runtime/NameInstance.cpp + runtime/NamePrototype.cpp runtime/NativeErrorConstructor.cpp runtime/NativeErrorPrototype.cpp runtime/NumberConstructor.cpp @@ -201,15 +376,19 @@ SET(JavaScriptCore_SOURCES runtime/PropertyDescriptor.cpp runtime/PropertyNameArray.cpp runtime/PropertySlot.cpp + runtime/PropertyTable.cpp + runtime/PrototypeMap.cpp runtime/RegExp.cpp runtime/RegExpCache.cpp - runtime/RegExpConstructor.cpp runtime/RegExpCachedResult.cpp + runtime/RegExpConstructor.cpp runtime/RegExpMatchesArray.cpp runtime/RegExpObject.cpp runtime/RegExpPrototype.cpp - runtime/ScopeChain.cpp + runtime/SamplingCounter.cpp + runtime/SimpleTypedArrayController.cpp runtime/SmallStrings.cpp + runtime/SparseArrayValueMap.cpp runtime/StrictEvalActivation.cpp runtime/StringConstructor.cpp runtime/StringObject.cpp @@ -217,8 +396,13 @@ SET(JavaScriptCore_SOURCES runtime/StringRecursionChecker.cpp runtime/Structure.cpp runtime/StructureChain.cpp - runtime/TimeoutChecker.cpp - runtime/UString.cpp + runtime/StructureRareData.cpp + runtime/SymbolTable.cpp + runtime/TypedArrayController.cpp + runtime/TypedArrayType.cpp + runtime/VM.cpp + runtime/Watchdog.cpp + runtime/WatchdogNone.cpp tools/CodeProfile.cpp tools/CodeProfiling.cpp @@ -230,93 +414,270 @@ SET(JavaScriptCore_SOURCES yarr/YarrSyntaxChecker.cpp ) -SET(JavaScriptCore_LUT_FILES +set(JavaScriptCore_LUT_FILES runtime/ArrayConstructor.cpp runtime/ArrayPrototype.cpp runtime/BooleanPrototype.cpp runtime/DateConstructor.cpp runtime/DatePrototype.cpp runtime/ErrorPrototype.cpp + runtime/JSDataViewPrototype.cpp runtime/JSGlobalObject.cpp runtime/JSONObject.cpp - runtime/MathObject.cpp + runtime/JSPromiseConstructor.cpp + runtime/JSPromisePrototype.cpp + runtime/JSPromiseResolverPrototype.cpp + runtime/NamePrototype.cpp runtime/NumberConstructor.cpp runtime/NumberPrototype.cpp runtime/ObjectConstructor.cpp - runtime/ObjectPrototype.cpp runtime/RegExpConstructor.cpp runtime/RegExpObject.cpp runtime/RegExpPrototype.cpp runtime/StringConstructor.cpp - runtime/StringPrototype.cpp ) -SET(JavaScriptCore_LIBRARIES - ${WTF_LIBRARY_NAME} +set(JavaScriptCore_LIBRARIES + WTF ) +if (WTF_USE_ICU_UNICODE) + list(APPEND JavaScriptCore_INCLUDE_DIRECTORIES + ${ICU_INCLUDE_DIRS} + ) + list(APPEND JavaScriptCore_LIBRARIES + ${ICU_I18N_LIBRARIES} + ) +endif () + +if (ENABLE_LLINT) + # We cannot check for RUBY_FOUND because it is set only when the full package is installed and + # the only thing we need is the interpreter. Unlike Python, cmake does not provide a macro + # for finding the only Ruby interpreter. + if (NOT RUBY_EXECUTABLE) + message(FATAL_ERROR "The Ruby interpreter is needed to generate LLInt files.") + endif () + + set(LLINT_ASM + llint/LowLevelInterpreter.asm + llint/LowLevelInterpreter32_64.asm + llint/LowLevelInterpreter64.asm + ) + + set(OFFLINE_ASM + offlineasm/arm.rb + offlineasm/ast.rb + offlineasm/backends.rb + offlineasm/cloop.rb + offlineasm/config.rb + offlineasm/instructions.rb + offlineasm/offsets.rb + offlineasm/opt.rb + offlineasm/parser.rb + offlineasm/registers.rb + offlineasm/risc.rb + offlineasm/self_hash.rb + offlineasm/settings.rb + offlineasm/transform.rb + offlineasm/x86.rb + ) + + add_custom_command( + OUTPUT ${DERIVED_SOURCES_JAVASCRIPTCORE_DIR}/LLIntDesiredOffsets.h + MAIN_DEPENDENCY ${JAVASCRIPTCORE_DIR}/offlineasm/generate_offset_extractor.rb + DEPENDS ${LLINT_ASM} ${OFFLINE_ASM} + COMMAND ${RUBY_EXECUTABLE} ${JAVASCRIPTCORE_DIR}/offlineasm/generate_offset_extractor.rb ${JAVASCRIPTCORE_DIR}/llint/LowLevelInterpreter.asm ${DERIVED_SOURCES_JAVASCRIPTCORE_DIR}/LLIntDesiredOffsets.h + VERBATIM) + + # We add the header file directly to the ADD_EXECUTABLE call instead of setting the + # OBJECT_DEPENDS property in LLIntOffsetsExtractor.cpp because generate_offset_extractor.rb may + # not regenerate it in case the hash it calculates does not change. + # In this case, if some of the dependencies specified in the ADD_CUSTOM_COMMAND above have + # changed the command will always be called because the mtime of LLIntDesiredOffsets.h will + # always be older than that of its dependencies. + # Additionally, setting the OBJECT_DEPENDS property will make LLIntDesiredOffsets.h a Makefile + # dependency of both LLIntOffsetsExtractor and LLIntOffsetsExtractor.cpp, so the command will + # actually be run twice! + add_executable(LLIntOffsetsExtractor + ${JAVASCRIPTCORE_DIR}/llint/LLIntOffsetsExtractor.cpp + ${DERIVED_SOURCES_JAVASCRIPTCORE_DIR}/LLIntDesiredOffsets.h + ) + target_link_libraries(LLIntOffsetsExtractor WTF) + + # The build system will execute asm.rb every time LLIntOffsetsExtractor's mtime is newer than + # LLIntAssembly.h's mtime. The problem we have here is: asm.rb has some built-in optimization + # that generates a checksum of the LLIntOffsetsExtractor binary, if the checksum of the new + # LLIntOffsetsExtractor matches, no output is generated. To make this target consistent and avoid + # running this command for every build, we artificially update LLIntAssembly.h's mtime (using touch) + # after every asm.rb run. + add_custom_command( + OUTPUT ${DERIVED_SOURCES_JAVASCRIPTCORE_DIR}/LLIntAssembly.h + MAIN_DEPENDENCY ${JAVASCRIPTCORE_DIR}/offlineasm/asm.rb + DEPENDS LLIntOffsetsExtractor ${LLINT_ASM} ${OFFLINE_ASM} + COMMAND ${RUBY_EXECUTABLE} ${JAVASCRIPTCORE_DIR}/offlineasm/asm.rb ${JAVASCRIPTCORE_DIR}/llint/LowLevelInterpreter.asm $ ${DERIVED_SOURCES_JAVASCRIPTCORE_DIR}/LLIntAssembly.h + COMMAND ${CMAKE_COMMAND} -E touch_nocreate ${DERIVED_SOURCES_JAVASCRIPTCORE_DIR}/LLIntAssembly.h + VERBATIM) + + # The explanation for not making LLIntAssembly.h part of the OBJECT_DEPENDS property of some of + # the .cpp files below is similar to the one in the previous comment. However, since these .cpp + # files are used to build JavaScriptCore itself, we can just add LLIntAssembly.h to JSC_HEADERS + # since it is used in the add_library() call at the end of this file. + list(APPEND JavaScriptCore_HEADERS + ${DERIVED_SOURCES_JAVASCRIPTCORE_DIR}/LLIntAssembly.h + ) + list(APPEND JavaScriptCore_SOURCES + llint/LLIntCLoop.cpp + llint/LLIntData.cpp + llint/LLIntEntrypoints.cpp + llint/LLIntExceptions.cpp + llint/LLIntSlowPaths.cpp + llint/LLIntThunks.cpp + llint/LowLevelInterpreter.cpp + ) +endif () + +set(HASH_LUT_GENERATOR ${CMAKE_CURRENT_SOURCE_DIR}/create_hash_table) +macro(GENERATE_HASH_LUT _input _output) + add_custom_command( + OUTPUT ${_output} + DEPENDS ${HASH_LUT_GENERATOR} ${_input} + COMMAND ${PERL_EXECUTABLE} ${HASH_LUT_GENERATOR} ${_input} -i > ${_output} + VERBATIM) + list(APPEND JavaScriptCore_HEADERS ${_output}) +endmacro() # GENERATOR 1-A: LUT creator -FOREACH (_file ${JavaScriptCore_LUT_FILES}) - GET_FILENAME_COMPONENT(_name ${_file} NAME_WE) - GENERATE_HASH_LUT(${JAVASCRIPTCORE_DIR}/${_file} ${DERIVED_SOURCES_JAVASCRIPTCORE_DIR}/${_name}.lut.h) - LIST(APPEND JavaScriptCore_HEADERS ${DERIVED_SOURCES_JAVASCRIPTCORE_DIR}/${_name}.lut.h) -ENDFOREACH () +foreach (_file ${JavaScriptCore_LUT_FILES}) + get_filename_component(_name ${_file} NAME_WE) + GENERATE_HASH_LUT(${CMAKE_CURRENT_SOURCE_DIR}/${_file} ${DERIVED_SOURCES_JAVASCRIPTCORE_DIR}/${_name}.lut.h) +endforeach () + +set(JavaScriptCore_FORWARDING_HEADERS_DIRECTORIES + assembler + bytecode + collector/handles + debugger + heap + interpreter + jit + llint + parser + profiler + runtime + yarr +) + +set(JavaScriptCore_FORWARDING_HEADERS_FILES + API/APICast.h + API/APIShims.h + API/JavaScript.h + API/JSBase.h + API/JSCTestRunnerUtils.h + API/JSContextRef.h + API/JSContextRefPrivate.h + API/JSObjectRef.h + API/JSObjectRefPrivate.h + API/JSScriptRefPrivate.h + API/JSStringRef.h + API/JSStringRefCF.h + API/JSStringRefBSTR.h + API/JSValueRef.h + API/JavaScriptCore.h + API/JSRetainPtr.h + API/JSWeakObjectMapRefInternal.h + API/JSWeakObjectMapRefPrivate.h + API/JSRetainPtr.h + API/OpaqueJSString.h + API/WebKitAvailability.h +) # GENERATOR 1-B: particular LUT creator (for 1 file only) -GENERATE_HASH_LUT(${JAVASCRIPTCORE_DIR}/parser/Keywords.table ${DERIVED_SOURCES_JAVASCRIPTCORE_DIR}/Lexer.lut.h MAIN_DEPENDENCY) -LIST(APPEND JavaScriptCore_HEADERS ${DERIVED_SOURCES_JAVASCRIPTCORE_DIR}/Lexer.lut.h) +GENERATE_HASH_LUT(${CMAKE_CURRENT_SOURCE_DIR}/parser/Keywords.table ${DERIVED_SOURCES_JAVASCRIPTCORE_DIR}/Lexer.lut.h) #GENERATOR: "RegExpJitTables.h": tables used by Yarr -ADD_CUSTOM_COMMAND( +add_custom_command( OUTPUT ${DERIVED_SOURCES_JAVASCRIPTCORE_DIR}/RegExpJitTables.h - MAIN_DEPENDENCY ${JAVASCRIPTCORE_DIR}/create_regex_tables - COMMAND ${PYTHON_EXECUTABLE} ${JAVASCRIPTCORE_DIR}/create_regex_tables > ${DERIVED_SOURCES_JAVASCRIPTCORE_DIR}/RegExpJitTables.h + MAIN_DEPENDENCY ${CMAKE_CURRENT_SOURCE_DIR}/create_regex_tables + COMMAND ${PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/create_regex_tables > ${DERIVED_SOURCES_JAVASCRIPTCORE_DIR}/RegExpJitTables.h VERBATIM) -ADD_SOURCE_DEPENDENCIES(${JAVASCRIPTCORE_DIR}/yarr/YarrPattern.cpp ${DERIVED_SOURCES_JAVASCRIPTCORE_DIR}/RegExpJitTables.h) +ADD_SOURCE_DEPENDENCIES(${CMAKE_CURRENT_SOURCE_DIR}/yarr/YarrPattern.cpp ${DERIVED_SOURCES_JAVASCRIPTCORE_DIR}/RegExpJitTables.h) #GENERATOR: "KeywordLookup.h": keyword decision tree used by the lexer -ADD_CUSTOM_COMMAND( +add_custom_command( OUTPUT ${DERIVED_SOURCES_JAVASCRIPTCORE_DIR}/KeywordLookup.h - MAIN_DEPENDENCY ${JAVASCRIPTCORE_DIR}/KeywordLookupGenerator.py - COMMAND ${PYTHON_EXECUTABLE} ${JAVASCRIPTCORE_DIR}/KeywordLookupGenerator.py ${JAVASCRIPTCORE_DIR}/parser/Keywords.table > ${DERIVED_SOURCES_JAVASCRIPTCORE_DIR}/KeywordLookup.h + MAIN_DEPENDENCY ${CMAKE_CURRENT_SOURCE_DIR}/KeywordLookupGenerator.py + COMMAND ${PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/KeywordLookupGenerator.py ${CMAKE_CURRENT_SOURCE_DIR}/parser/Keywords.table > ${DERIVED_SOURCES_JAVASCRIPTCORE_DIR}/KeywordLookup.h VERBATIM) -ADD_SOURCE_DEPENDENCIES(${JAVASCRIPTCORE_DIR}/parser/Lexer.cpp ${DERIVED_SOURCES_JAVASCRIPTCORE_DIR}/KeywordLookup.h) +ADD_SOURCE_DEPENDENCIES(${CMAKE_CURRENT_SOURCE_DIR}/parser/Lexer.cpp ${DERIVED_SOURCES_JAVASCRIPTCORE_DIR}/KeywordLookup.h) -IF (WTF_CPU_ARM) - LIST(APPEND JavaScriptCore_SOURCES +if (WTF_CPU_ARM) + list(APPEND JavaScriptCore_SOURCES assembler/ARMAssembler.cpp assembler/ARMv7Assembler.cpp assembler/MacroAssemblerARM.cpp ) -ELSEIF (WTF_CPU_MIPS) -ELSEIF (WTF_CPU_X86) -ELSEIF (WTF_CPU_X86_64) -ELSE () - MESSAGE(FATAL_ERROR "Unknown CPU") -ENDIF () + if (MSVC AND ENABLE_JIT) + add_custom_command( + OUTPUT ${DERIVED_SOURCES_DIR}/GeneratedJITStubs.asm + MAIN_DEPENDENCY ${JAVASCRIPTCORE_DIR}/create_jit_stubs + DEPENDS ${JAVASCRIPTCORE_DIR}/jit/JITStubsARM.h + DEPENDS ${JAVASCRIPTCORE_DIR}/jit/JITStubs.cpp + COMMAND ${PERL_EXECUTABLE} ${JAVASCRIPTCORE_DIR}/create_jit_stubs --prefix=MSVC --header ${JAVASCRIPTCORE_DIR}/jit/JITStubsARM.h ${JAVASCRIPTCORE_DIR}/jit/JITStubs.cpp > ${DERIVED_SOURCES_DIR}/GeneratedJITStubs.asm + VERBATIM) + + add_custom_command( + OUTPUT ${DERIVED_SOURCES_DIR}/GeneratedJITStubs.obj + MAIN_DEPENDENCY ${DERIVED_SOURCES_DIR}/GeneratedJITStubs.asm + COMMAND armasm -nologo ${DERIVED_SOURCES_DIR}/GeneratedJITStubs.asm ${DERIVED_SOURCES_DIR}/GeneratedJITStubs.obj + VERBATIM) + + list(APPEND JavaScriptCore_SOURCES ${DERIVED_SOURCES_DIR}/GeneratedJITStubs.obj) + endif () +elseif (WTF_CPU_MIPS) +elseif (WTF_CPU_X86) + list(APPEND JavaScriptCore_SOURCES + assembler/MacroAssemblerX86Common.cpp + ) +elseif (WTF_CPU_X86_64) + if (MSVC AND ENABLE_JIT) + add_custom_command( + OUTPUT ${DERIVED_SOURCES_DIR}/JITStubsMSVC64.obj + MAIN_DEPENDENCY ${JAVASCRIPTCORE_DIR}/jit/JITStubsMSVC64.asm + COMMAND ml64 -nologo -c -Fo ${DERIVED_SOURCES_DIR}/JITStubsMSVC64.obj ${JAVASCRIPTCORE_DIR}/jit/JITStubsMSVC64.asm + VERBATIM) + + list(APPEND JavaScriptCore_SOURCES ${DERIVED_SOURCES_DIR}/JITStubsMSVC64.obj) + endif () + list(APPEND JavaScriptCore_SOURCES + assembler/MacroAssemblerX86Common.cpp + ) +else () + message(FATAL_ERROR "Unknown CPU") +endif () WEBKIT_INCLUDE_CONFIG_FILES_IF_EXISTS() +WEBKIT_CREATE_FORWARDING_HEADERS(JavaScriptCore DIRECTORIES ${JavaScriptCore_FORWARDING_HEADERS_DIRECTORIES} FILES ${JavaScriptCore_FORWARDING_HEADERS_FILES}) + -ADD_SUBDIRECTORY(shell) +add_subdirectory(shell) WEBKIT_WRAP_SOURCELIST(${JavaScriptCore_SOURCES}) -INCLUDE_DIRECTORIES(${JavaScriptCore_INCLUDE_DIRECTORIES}) -ADD_DEFINITIONS(-DBUILDING_JavaScriptCore) -ADD_LIBRARY(${JavaScriptCore_LIBRARY_NAME} ${JavaScriptCore_LIBRARY_TYPE} ${JavaScriptCore_HEADERS} ${JavaScriptCore_SOURCES}) -TARGET_LINK_LIBRARIES(${JavaScriptCore_LIBRARY_NAME} ${JavaScriptCore_LIBRARIES}) -SET_TARGET_PROPERTIES(${JavaScriptCore_LIBRARY_NAME} PROPERTIES FOLDER "JavaScriptCore") -SET_TARGET_PROPERTIES(${JavaScriptCore_LIBRARY_NAME} PROPERTIES LINK_INTERFACE_LIBRARIES "") - -IF (JavaScriptCore_LINK_FLAGS) - ADD_TARGET_PROPERTIES(${JavaScriptCore_LIBRARY_NAME} LINK_FLAGS "${JavaScriptCore_LINK_FLAGS}") -ENDIF () - -IF (SHARED_CORE) - SET_TARGET_PROPERTIES(${JavaScriptCore_LIBRARY_NAME} PROPERTIES VERSION ${PROJECT_VERSION} SOVERSION ${PROJECT_VERSION_MAJOR}) - INSTALL(TARGETS ${JavaScriptCore_LIBRARY_NAME} DESTINATION "${LIB_INSTALL_DIR}") -ENDIF () +include_directories(${JavaScriptCore_INCLUDE_DIRECTORIES}) +add_definitions(-DBUILDING_JavaScriptCore -DSTATICALLY_LINKED_WITH_WTF) +add_library(JavaScriptCore ${JavaScriptCore_LIBRARY_TYPE} ${JavaScriptCore_HEADERS} ${JavaScriptCore_SOURCES}) +target_link_libraries(JavaScriptCore ${JavaScriptCore_LIBRARIES}) +set_target_properties(JavaScriptCore PROPERTIES FOLDER "JavaScriptCore") +set_target_properties(JavaScriptCore PROPERTIES LINK_INTERFACE_LIBRARIES "") + +if (JavaScriptCore_OUTPUT_NAME) + set_target_properties(JavaScriptCore PROPERTIES OUTPUT_NAME ${JavaScriptCore_OUTPUT_NAME}) +endif () + +if (SHARED_CORE) + set_target_properties(JavaScriptCore PROPERTIES VERSION ${PROJECT_VERSION} SOVERSION ${PROJECT_VERSION_MAJOR}) + install(TARGETS JavaScriptCore DESTINATION "${LIB_INSTALL_DIR}") +endif () diff --git a/JavaScriptCore/COPYING.LIB b/JavaScriptCore/COPYING.LIB old mode 100644 new mode 100755 diff --git a/JavaScriptCore/ChangeLog b/JavaScriptCore/ChangeLog old mode 100644 new mode 100755 index e88692c7..5baee7e7 --- a/JavaScriptCore/ChangeLog +++ b/JavaScriptCore/ChangeLog @@ -1,69230 +1,19292 @@ -2012-10-16 Lucas Forschler +2013-08-28 Filip Pizlo + + CodeBlock compilation and installation should be simplified and rationalized + https://bugs.webkit.org/show_bug.cgi?id=120326 + + Reviewed by Oliver Hunt. + + Previously Executable owned the code for generating JIT code; you always had + to go through Executable. But often you also had to go through CodeBlock, + because ScriptExecutable couldn't have virtual methods, but CodeBlock could. + So you'd ask CodeBlock to do something, which would dispatch through a + virtual method that would select the appropriate Executable subtype's method. + This all meant that the same code would often be duplicated, because most of + the work needed to compile something was identical regardless of code type. + But then we tried to fix this, by having templatized helpers in + ExecutionHarness.h and JITDriver.h. The result was that if you wanted to find + out what happened when you asked for something to be compiled, you'd go on a + wild ride that started with CodeBlock, touched upon Executable, and then + ricocheted into either ExecutionHarness or JITDriver (likely both). + + Another awkwardness was that for concurrent compiles, the DFG::Worklist had + super-special inside knowledge of what JITStubs.cpp's cti_optimize would have + done once the compilation finished. + + Also, most of the DFG JIT drivers assumed that they couldn't install the + JITCode into the CodeBlock directly - instead they would return it via a + reference, which happened to be a reference to the JITCode pointer in + Executable. This was super weird. + + Finally, there was no notion of compiling code into a special CodeBlock that + wasn't used for handling calls into an Executable. I'd like this for FTL OSR + entry. + + This patch solves these problems by reducing all of that complexity into just + three primitives: + + - Executable::newCodeBlock(). This gives you a new code block, either for call + or for construct, and either to serve as the baseline code or the optimized + code. The new code block is then owned by the caller; Executable doesn't + register it anywhere. The new code block has no JITCode and isn't callable, + but it has all of the bytecode. + + - CodeBlock::prepareForExecution(). This takes the CodeBlock's bytecode and + produces a JITCode, and then installs the JITCode into the CodeBlock. This + method takes a JITType, and always compiles with that JIT. If you ask for + JITCode::InterpreterThunk then you'll get JITCode that just points to the + LLInt entrypoints. Once this returns, it is possible to call into the + CodeBlock if you do so manually - but the Executable still won't know about + it so JS calls to that Executable will still be routed to whatever CodeBlock + is associated with the Executable. + + - Executable::installCode(). This takes a CodeBlock and makes it the code-for- + entry for that Executable. This involves unlinking the Executable's last + CodeBlock, if there was one. This also tells the GC about any effect on + memory usage and does a bunch of weird data structure rewiring, since + Executable caches some of CodeBlock's fields for the benefit of virtual call + fast paths. + + This functionality is then wrapped around three convenience methods: + + - Executable::prepareForExecution(). If there is no code block for that + Executable, then one is created (newCodeBlock()), compiled + (CodeBlock::prepareForExecution()) and installed (installCode()). + + - CodeBlock::newReplacement(). Asks the Executable for a new CodeBlock that + can serve as an optimized replacement of the current one. + + - CodeBlock::install(). Asks the Executable to install this code block. + + This patch allows me to kill *a lot* of code and to remove a lot of + specializations for functions vs. not-functions, and a lot of places where we + pass around JITCode references and such. ExecutionHarness and JITDriver are + both gone. Overall this patch has more red than green. + + It also allows me to work on FTL OSR entry and tier-up: + + - FTL tier-up: this will involve DFGOperations.cpp asking the DFG::Worklist + to do some compilation, but it will require the DFG::Worklist to do + something different than what JITStubs.cpp would want, once the compilation + finishes. This patch introduces a callback mechanism for that purpose. + + - FTL OSR entry: this will involve creating a special auto-jettisoned + CodeBlock that is used only for FTL OSR entry. The new set of primitives + allows for this: Executable can vend you a fresh new CodeBlock, and you can + ask that CodeBlock to compile itself with any JIT of your choosing. Or you + can take that CodeBlock and compile it yourself. Previously the act of + producing a CodeBlock-for-optimization and the act of compiling code for it + were tightly coupled; now you can separate them and you can create such + auto-jettisoned CodeBlocks that are used for a one-shot OSR entry. - Merge + * CMakeLists.txt: + * GNUmakefile.list.am: + * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * Target.pri: + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::prepareForExecution): + (JSC::CodeBlock::install): + (JSC::CodeBlock::newReplacement): + (JSC::FunctionCodeBlock::jettisonImpl): + (JSC::CodeBlock::setOptimizationThresholdBasedOnCompilationResult): + * bytecode/CodeBlock.h: + (JSC::CodeBlock::hasBaselineJITProfiling): + * bytecode/DeferredCompilationCallback.cpp: Added. + (JSC::DeferredCompilationCallback::DeferredCompilationCallback): + (JSC::DeferredCompilationCallback::~DeferredCompilationCallback): + * bytecode/DeferredCompilationCallback.h: Added. + * dfg/DFGDriver.cpp: + (JSC::DFG::tryCompile): + * dfg/DFGDriver.h: + (JSC::DFG::tryCompile): + * dfg/DFGFailedFinalizer.cpp: + (JSC::DFG::FailedFinalizer::finalize): + (JSC::DFG::FailedFinalizer::finalizeFunction): + * dfg/DFGFailedFinalizer.h: + * dfg/DFGFinalizer.h: + * dfg/DFGJITFinalizer.cpp: + (JSC::DFG::JITFinalizer::finalize): + (JSC::DFG::JITFinalizer::finalizeFunction): + * dfg/DFGJITFinalizer.h: + * dfg/DFGOSRExitPreparation.cpp: + (JSC::DFG::prepareCodeOriginForOSRExit): + * dfg/DFGOperations.cpp: + * dfg/DFGPlan.cpp: + (JSC::DFG::Plan::Plan): + (JSC::DFG::Plan::compileInThreadImpl): + (JSC::DFG::Plan::finalizeWithoutNotifyingCallback): + (JSC::DFG::Plan::finalizeAndNotifyCallback): + * dfg/DFGPlan.h: + * dfg/DFGWorklist.cpp: + (JSC::DFG::Worklist::completeAllReadyPlansForVM): + * ftl/FTLJITFinalizer.cpp: + (JSC::FTL::JITFinalizer::finalize): + (JSC::FTL::JITFinalizer::finalizeFunction): + * ftl/FTLJITFinalizer.h: + * heap/Heap.h: + (JSC::Heap::isDeferred): + * interpreter/Interpreter.cpp: + (JSC::Interpreter::execute): + (JSC::Interpreter::executeCall): + (JSC::Interpreter::executeConstruct): + (JSC::Interpreter::prepareForRepeatCall): + * jit/JITDriver.h: Removed. + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + (JSC::jitCompileFor): + (JSC::lazyLinkFor): + * jit/JITToDFGDeferredCompilationCallback.cpp: Added. + (JSC::JITToDFGDeferredCompilationCallback::JITToDFGDeferredCompilationCallback): + (JSC::JITToDFGDeferredCompilationCallback::~JITToDFGDeferredCompilationCallback): + (JSC::JITToDFGDeferredCompilationCallback::create): + (JSC::JITToDFGDeferredCompilationCallback::compilationDidComplete): + * jit/JITToDFGDeferredCompilationCallback.h: Added. + * llint/LLIntEntrypoints.cpp: + (JSC::LLInt::setFunctionEntrypoint): + (JSC::LLInt::setEvalEntrypoint): + (JSC::LLInt::setProgramEntrypoint): + * llint/LLIntEntrypoints.h: + * llint/LLIntSlowPaths.cpp: + (JSC::LLInt::jitCompileAndSetHeuristics): + (JSC::LLInt::setUpCall): + * runtime/ArrayPrototype.cpp: + (JSC::isNumericCompareFunction): + * runtime/CommonSlowPaths.cpp: + * runtime/CompilationResult.cpp: + (WTF::printInternal): + * runtime/CompilationResult.h: + * runtime/Executable.cpp: + (JSC::ScriptExecutable::installCode): + (JSC::ScriptExecutable::newCodeBlockFor): + (JSC::ScriptExecutable::newReplacementCodeBlockFor): + (JSC::ScriptExecutable::prepareForExecutionImpl): + * runtime/Executable.h: + (JSC::ScriptExecutable::prepareForExecution): + (JSC::FunctionExecutable::jettisonOptimizedCodeFor): + * runtime/ExecutionHarness.h: Removed. - 2012-10-10 Filip Pizlo - - SUSundance: JSArray::sort with an evil compare function allows access into arbitrary memory - - Reviewed by Geoffrey Garen. - - This patch correctly omits the removal of the !header check in unshift(). - - * runtime/ArrayPrototype.cpp: - (JSC::arrayProtoFuncSort): - * runtime/JSArray.cpp: - (JSC::JSArray::sortNumeric): - (JSC::JSArray::sort): - (JSC::JSArray::compactForSorting): - * runtime/JSArray.h: - (JSArray): - (JSC::JSArray::hasSparseMap): +2013-08-28 Chris Curtis -2012-10-16 Lucas Forschler + https://bugs.webkit.org/show_bug.cgi?id=119548 + Refactoring Exception throws. + + Reviewed by Geoffrey Garen. + + Gardening of exception throws. The act of throwing an exception was being handled in + different ways depending on whether the code was running in the LLint, Baseline JIT, + or the DFG Jit. This made development in the vm exception and error objects difficult. + + * runtime/VM.cpp: + (JSC::appendSourceToError): + This function moved from the interpreter into the VM. It views the developers code + (if there is a codeBlock) to extract what was trying to be evaluated when the error + occurred. + + (JSC::VM::throwException): + This function takes in the error object and sets the following: + 1: The VM's exception stack + 2: The VM's exception + 3: Appends extra information on the error message(via appendSourceToError) + 4: The error object's line number + 5: The error object's column number + 6: The error object's sourceURL + 7: The error object's stack trace (unless it already exists because the developer + created the error object). + + (JSC::VM::getExceptionInfo): + (JSC::VM::setExceptionInfo): + (JSC::VM::clearException): + (JSC::clearExceptionStack): + * runtime/VM.h: + (JSC::VM::exceptionOffset): + (JSC::VM::exception): + (JSC::VM::addressOfException): + (JSC::VM::exceptionStack): + VM exception and exceptionStack are now private data members. - Merge r129577 + * interpreter/Interpreter.h: + (JSC::ClearExceptionScope::ClearExceptionScope): + Created this structure to temporarily clear the exception within the VM. This + needed to see if addition errors occur when setting the debugger as we are + unwinding the stack. - 2012-09-25 Filip Pizlo + * interpreter/Interpreter.cpp: + (JSC::Interpreter::unwind): + Removed the code that would try to add error information if it did not exist. + All of this functionality has moved into the VM and all error information is set + at the time the error occurs. - We shouldn't use the optimized versions of shift/unshift if the user is doing crazy things to the array - https://bugs.webkit.org/show_bug.cgi?id=97603 - + The rest of these functions reference the new calling convention to throw an error. - Reviewed by Gavin Barraclough. + * API/APICallbackFunction.h: + (JSC::APICallbackFunction::call): + * API/JSCallbackConstructor.cpp: + (JSC::constructJSCallback): + * API/JSCallbackObjectFunctions.h: + (JSC::::getOwnPropertySlot): + (JSC::::defaultValue): + (JSC::::put): + (JSC::::putByIndex): + (JSC::::deleteProperty): + (JSC::::construct): + (JSC::::customHasInstance): + (JSC::::call): + (JSC::::getStaticValue): + (JSC::::staticFunctionGetter): + (JSC::::callbackGetter): + * debugger/Debugger.cpp: + (JSC::evaluateInGlobalCallFrame): + * debugger/DebuggerCallFrame.cpp: + (JSC::DebuggerCallFrame::evaluate): + * dfg/DFGAssemblyHelpers.h: + (JSC::DFG::AssemblyHelpers::emitExceptionCheck): + * dfg/DFGOperations.cpp: + (JSC::DFG::operationPutByValInternal): + * ftl/FTLLowerDFGToLLVM.cpp: + (JSC::FTL::LowerDFGToLLVM::callCheck): + * heap/Heap.cpp: + (JSC::Heap::markRoots): + * interpreter/CallFrame.h: + (JSC::ExecState::clearException): + (JSC::ExecState::exception): + (JSC::ExecState::hadException): + * interpreter/Interpreter.cpp: + (JSC::eval): + (JSC::loadVarargs): + (JSC::stackTraceAsString): + (JSC::Interpreter::execute): + (JSC::Interpreter::executeCall): + (JSC::Interpreter::executeConstruct): + (JSC::Interpreter::prepareForRepeatCall): + * interpreter/Interpreter.h: + (JSC::ClearExceptionScope::ClearExceptionScope): + * jit/JITCode.cpp: + (JSC::JITCode::execute): + * jit/JITExceptions.cpp: + (JSC::genericThrow): + * jit/JITOpcodes.cpp: + (JSC::JIT::emit_op_catch): + * jit/JITOpcodes32_64.cpp: + (JSC::JIT::privateCompileCTINativeCall): + (JSC::JIT::emit_op_catch): + * jit/JITStubs.cpp: + (JSC::returnToThrowTrampoline): + (JSC::throwExceptionFromOpCall): + (JSC::DEFINE_STUB_FUNCTION): + (JSC::jitCompileFor): + (JSC::lazyLinkFor): + (JSC::putByVal): + (JSC::cti_vm_handle_exception): + * jit/SlowPathCall.h: + (JSC::JITSlowPathCall::call): + * jit/ThunkGenerators.cpp: + (JSC::nativeForGenerator): + * jsc.cpp: + (functionRun): + (functionLoad): + (functionCheckSyntax): + * llint/LLIntExceptions.cpp: + (JSC::LLInt::doThrow): + (JSC::LLInt::returnToThrow): + (JSC::LLInt::callToThrow): + * llint/LLIntSlowPaths.cpp: + (JSC::LLInt::LLINT_SLOW_PATH_DECL): + * llint/LowLevelInterpreter.cpp: + (JSC::CLoop::execute): + * llint/LowLevelInterpreter32_64.asm: + * llint/LowLevelInterpreter64.asm: + * runtime/ArrayConstructor.cpp: + (JSC::constructArrayWithSizeQuirk): + * runtime/CommonSlowPaths.cpp: + (JSC::SLOW_PATH_DECL): + * runtime/CommonSlowPaths.h: + (JSC::CommonSlowPaths::opIn): + * runtime/CommonSlowPathsExceptions.cpp: + (JSC::CommonSlowPaths::interpreterThrowInCaller): + * runtime/Completion.cpp: + (JSC::evaluate): + * runtime/Error.cpp: + (JSC::addErrorInfo): + (JSC::throwTypeError): + (JSC::throwSyntaxError): + * runtime/Error.h: + (JSC::throwVMError): + * runtime/ExceptionHelpers.cpp: + (JSC::throwOutOfMemoryError): + (JSC::throwStackOverflowError): + (JSC::throwTerminatedExecutionException): + * runtime/Executable.cpp: + (JSC::EvalExecutable::create): + (JSC::FunctionExecutable::produceCodeBlockFor): + * runtime/FunctionConstructor.cpp: + (JSC::constructFunction): + (JSC::constructFunctionSkippingEvalEnabledCheck): + * runtime/JSArray.cpp: + (JSC::JSArray::defineOwnProperty): + (JSC::JSArray::put): + (JSC::JSArray::push): + * runtime/JSCJSValue.cpp: + (JSC::JSValue::toObjectSlowCase): + (JSC::JSValue::synthesizePrototype): + (JSC::JSValue::putToPrimitive): + * runtime/JSFunction.cpp: + (JSC::JSFunction::defineOwnProperty): + * runtime/JSGenericTypedArrayViewInlines.h: + (JSC::::create): + (JSC::::createUninitialized): + (JSC::::validateRange): + (JSC::::setWithSpecificType): + * runtime/JSGlobalObjectFunctions.cpp: + (JSC::encode): + (JSC::decode): + (JSC::globalFuncProtoSetter): + * runtime/JSNameScope.cpp: + (JSC::JSNameScope::put): + * runtime/JSONObject.cpp: + (JSC::Stringifier::appendStringifiedValue): + (JSC::Walker::walk): + * runtime/JSObject.cpp: + (JSC::JSObject::put): + (JSC::JSObject::defaultValue): + (JSC::JSObject::hasInstance): + (JSC::JSObject::defaultHasInstance): + (JSC::JSObject::defineOwnNonIndexProperty): + (JSC::throwTypeError): + * runtime/ObjectConstructor.cpp: + (JSC::toPropertyDescriptor): + * runtime/RegExpConstructor.cpp: + (JSC::constructRegExp): + * runtime/StringObject.cpp: + (JSC::StringObject::defineOwnProperty): + * runtime/StringRecursionChecker.cpp: + (JSC::StringRecursionChecker::throwStackOverflowError): - You changed the length behind our backs? No optimizations for you then! +2013-08-28 Zan Dobersek - * runtime/ArrayPrototype.cpp: - (JSC::shift): - (JSC::unshift): - * runtime/JSArray.cpp: - (JSC::JSArray::shiftCount): + [GTK] Add support for building JSC with FTL JIT enabled + https://bugs.webkit.org/show_bug.cgi?id=120270 -2012-08-14 Lucas Forschler + Reviewed by Filip Pizlo. - Merge r124272. + * GNUmakefile.am: Add LLVM_LIBS to the list of linker flags and LLVM_CFLAGS to the list of + compiler flags for the JSC library. + * GNUmakefile.list.am: Add the missing build targets. + * ftl/FTLAbbreviations.h: Include the header and use std::strlen. This avoids compilation + failures when using the Clang compiler with the libstdc++ standard library. + (JSC::FTL::mdKindID): + (JSC::FTL::mdString): - 2012-07-31 Sam Weinig +2013-08-23 Andy Estes - Fix the Windows build. + Fix issues found by the Clang Static Analyzer + https://bugs.webkit.org/show_bug.cgi?id=120230 - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + Reviewed by Darin Adler. -2012-08-14 Lucas Forschler + * API/JSValue.mm: + (valueToString): Don't leak every CFStringRef when in Objective-C GC. + * API/ObjCCallbackFunction.mm: + (JSC::ObjCCallbackFunctionImpl::~ObjCCallbackFunctionImpl): Don't + release m_invocation's target since NSInvocation will do it for us on + -dealloc. + (objCCallbackFunctionForBlock): Tell NSInvocation to retain its target + and -release our reference to the copied block. + * API/tests/minidom.c: + (createStringWithContentsOfFile): Free buffer before returning. + * API/tests/testapi.c: + (createStringWithContentsOfFile): Ditto. - Merge r124268. +2013-08-26 Brent Fulgham - 2012-07-31 Sam Weinig + [Windows] Unreviewed build fix after r154629. - Stop masking 8 bits off of the visited link hash. We need all the bits! - https://bugs.webkit.org/show_bug.cgi?id=92799 + * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Add missing build files. + * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: - Reviewed by Anders Carlsson. +2013-08-26 Ryosuke Niwa - * runtime/Identifier.cpp: - (JSC::IdentifierCStringTranslator::hash): - (JSC::IdentifierLCharFromUCharTranslator::hash): - * runtime/Identifier.h: - (JSC::IdentifierCharBufferTranslator::hash): - Update for new function names. + Windows build fix attempt after r154629. -2012-08-10 Lucas Forschler - - Windows build fix after merging radar 12050720. - Add missing symbols. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: -2012-08-10 Lucas Forschler +2013-08-25 Mark Hahnenberg - Windows build fix after merging radar 12050720. - Part 2 - removing symbols. + JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage does a check on the length of the ArrayStorage after possible reallocing it + https://bugs.webkit.org/show_bug.cgi?id=120278 - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + Reviewed by Geoffrey Garen. -2012-08-10 Lucas Forschler + * runtime/JSObject.cpp: + (JSC::JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage): - Windows Build fix after merging radar 12050720. - - * runtime/JSLock.cpp: - (JSC::JSLock::DropAllLocks::DropAllLocks): +2013-08-26 Filip Pizlo -2012-08-06 Lucas Forschler + Fix indention of Executable.h. - Merge patch for - - 2012-07-24 Filip Pizlo + Rubber stamped by Mark Hahnenberg. - DFG method checks should keep the receiver of the property access alive until all checks complete. - - - Reviewed by Gavin Barraclough. + * runtime/Executable.h: - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::parseBlock): +2013-08-26 Mark Hahnenberg -2012-08-02 Lucas Forschler + Object.defineProperty should be able to create a PropertyDescriptor where m_attributes == 0 + https://bugs.webkit.org/show_bug.cgi?id=120314 - Merge 121307 + Reviewed by Darin Adler. - 2012-06-26 Filip Pizlo + Currently with the way that defineProperty works, we leave a stray low bit set in + PropertyDescriptor::m_attributes in the following code: - DFG PutByValAlias is too aggressive - https://bugs.webkit.org/show_bug.cgi?id=90026 - + var o = {}; + Object.defineProperty(o, 100, {writable:true, enumerable:true, configurable:true, value:"foo"}); + + This is due to the fact that the lowest non-zero attribute (ReadOnly) is represented as 1 << 1 + instead of 1 << 0. We then calculate the default attributes as (DontDelete << 1) - 1, which is 0xF, + but only the top three bits mean anything. Even in the case above, the top three bits are set + to 0 but the bottom bit remains set, which causes us to think m_attributes is non-zero. - Reviewed by Gavin Barraclough. + Since some of these attributes and their corresponding values are exposed in the JavaScriptCore + framework's public C API, it's safer to just change how we calculate the default value, which is + where the weirdness was originating from in the first place. - For CSE on normal arrays, we now treat PutByVal as impure. This does not appear to affect - performance by much. + * runtime/PropertyDescriptor.cpp: - For CSE on typed arrays, we fix PutByValAlias by making GetByVal speculate that the access - is within bounds. This also has the effect of making our out-of-bounds handling consistent - with WebCore. +2013-08-24 Sam Weinig - * dfg/DFGCSEPhase.cpp: - (JSC::DFG::CSEPhase::performNodeCSE): - * dfg/DFGGraph.h: - (JSC::DFG::Graph::byValIsPure): - (JSC::DFG::Graph::clobbersWorld): - * dfg/DFGNodeType.h: - (DFG): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): - (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray): + Add support for Promises + https://bugs.webkit.org/show_bug.cgi?id=120260 -2012-07-30 Lucas Forschler + Reviewed by Darin Adler. - Merge 121391 + Add an initial implementation of Promises - http://dom.spec.whatwg.org/#promises. + - Despite Promises being defined in the DOM, the implementation is being put in JSC + in preparation for the Promises eventually being defined in ECMAScript. - 2012-06-27 Filip Pizlo + * CMakeLists.txt: + * DerivedSources.make: + * DerivedSources.pri: + * GNUmakefile.list.am: + * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * Target.pri: + Add new files. - Javascript SHA-512 gives wrong hash on second and subsequent runs unless Web Inspector Javascript Debugging is on - https://bugs.webkit.org/show_bug.cgi?id=90053 - + * jsc.cpp: + Update jsc's GlobalObjectMethodTable to stub out the new QueueTaskToEventLoop callback. This mean's + you can't quite use Promises with with the command line tool yet. + + * interpreter/CallFrame.h: + (JSC::ExecState::promisePrototypeTable): + (JSC::ExecState::promiseConstructorTable): + (JSC::ExecState::promiseResolverPrototypeTable): + * runtime/VM.cpp: + (JSC::VM::VM): + (JSC::VM::~VM): + * runtime/VM.h: + Add supporting code for the new static lookup tables. - Reviewed by Mark Hahnenberg. + * runtime/CommonIdentifiers.h: + Add 3 new identifiers, "Promise", "PromiseResolver", and "then". - The problem is that the code was assuming that the recovery should be Undefined if the source of - the SetLocal was !shouldGenerate(). But that's wrong, since the DFG optimizer may skip around a - UInt32ToNumber node (hence making it !shouldGenerate()) and keep the source of that node alive. - In that case we should base the recovery on the source of the UInt32ToNumber. The logic for this - was already in place but the fast check for !shouldGenerate() broke it. + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::reset): + (JSC::JSGlobalObject::visitChildren): + Add supporting code Promise and PromiseResolver's constructors and structures. - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): + * runtime/JSGlobalObject.h: + (JSC::TaskContext::~TaskContext): + Add a new callback to the GlobalObjectMethodTable to post a task on the embedder's runloop. + + (JSC::JSGlobalObject::promisePrototype): + (JSC::JSGlobalObject::promiseResolverPrototype): + (JSC::JSGlobalObject::promiseStructure): + (JSC::JSGlobalObject::promiseResolverStructure): + (JSC::JSGlobalObject::promiseCallbackStructure): + (JSC::JSGlobalObject::promiseWrapperCallbackStructure): + Add supporting code Promise and PromiseResolver's constructors and structures. + + * runtime/JSPromise.cpp: Added. + * runtime/JSPromise.h: Added. + * runtime/JSPromiseCallback.cpp: Added. + * runtime/JSPromiseCallback.h: Added. + * runtime/JSPromiseConstructor.cpp: Added. + * runtime/JSPromiseConstructor.h: Added. + * runtime/JSPromisePrototype.cpp: Added. + * runtime/JSPromisePrototype.h: Added. + * runtime/JSPromiseResolver.cpp: Added. + * runtime/JSPromiseResolver.h: Added. + * runtime/JSPromiseResolverConstructor.cpp: Added. + * runtime/JSPromiseResolverConstructor.h: Added. + * runtime/JSPromiseResolverPrototype.cpp: Added. + * runtime/JSPromiseResolverPrototype.h: Added. + Add Promise implementation. + +2013-08-26 Zan Dobersek + + Plenty of -Wcast-align warnings in KeywordLookup.h + https://bugs.webkit.org/show_bug.cgi?id=120316 -2012-06-06 Mark Rowe + Reviewed by Darin Adler. - Merge r118995. + * KeywordLookupGenerator.py: Use reinterpret_cast instead of a C-style cast when casting + the character pointers to types of larger size. This avoids spewing lots of warnings + in the KeywordLookup.h header when compiling with the -Wcast-align option. - 2012-05-30 Oliver Hunt +2013-08-26 Gavin Barraclough - Really provide error information with the inspector disabled - https://bugs.webkit.org/show_bug.cgi?id=87910 + RegExpMatchesArray should not call [[put]] + https://bugs.webkit.org/show_bug.cgi?id=120317 - Reviewed by Filip Pizlo. + Reviewed by Oliver Hunt. - Don't bother checking for anything other than pre-existing error info. - In the absence of complete line number information you'll only get the - line a function starts on, but at least it's something. + This will call accessors on the JSObject/JSArray prototypes - so adding an accessor or read-only + property called index or input to either of these prototypes will result in broken behavior. - * interpreter/Interpreter.cpp: - (JSC::Interpreter::throwException): + * runtime/RegExpMatchesArray.cpp: + (JSC::RegExpMatchesArray::reifyAllProperties): + - put -> putDirect -2012-06-06 Mark Rowe +2013-08-24 Filip Pizlo - Merge r118992. + FloatTypedArrayAdaptor::toJSValue should almost certainly not use jsNumber() since that attempts int conversions + https://bugs.webkit.org/show_bug.cgi?id=120228 - 2012-05-30 Filip Pizlo + Reviewed by Oliver Hunt. + + It turns out that there were three problems: + + - Using jsNumber() meant that we were converting doubles to integers and then + possibly back again whenever doing a set() between floating point arrays. + + - Slow-path accesses to double typed arrays were slower than necessary because + of the to-int conversion attempt. + + - The use of JSValue as an intermediate for converting between differen types + in typedArray.set() resulted in worse code than I had previously expected. + + This patch solves the problem by using template double-dispatch to ensure that + that C++ compiler sees the simplest possible combination of casts between any + combination of typed array types, while still preserving JS and typed array + conversion semantics. Conversions are done as follows: + + SourceAdaptor::convertTo(value) + + Internally, convertTo() calls one of three possible methods on TargetAdaptor, + with one method for each of int32_t, uint32_t, and double. This means that the + C++ compiler will at worst see a widening cast to one of those types followed + by a narrowing conversion (not necessarily a cast - may have clamping or the + JS toInt32() function). + + This change doesn't just affect typedArray.set(); it also affects slow-path + accesses to typed arrays as well. This patch also adds a bunch of new test + coverage. + + This change is a ~50% speed-up on typedArray.set() involving floating point + types. - LLInt broken on x86-32 with JIT turned off - https://bugs.webkit.org/show_bug.cgi?id=87906 + * GNUmakefile.list.am: + * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * runtime/GenericTypedArrayView.h: + (JSC::GenericTypedArrayView::set): + * runtime/JSDataViewPrototype.cpp: + (JSC::setData): + * runtime/JSGenericTypedArrayView.h: + (JSC::JSGenericTypedArrayView::setIndexQuicklyToDouble): + (JSC::JSGenericTypedArrayView::setIndexQuickly): + * runtime/JSGenericTypedArrayViewInlines.h: + (JSC::::setWithSpecificType): + (JSC::::set): + * runtime/ToNativeFromValue.h: Added. + (JSC::toNativeFromValue): + * runtime/TypedArrayAdaptors.h: + (JSC::IntegralTypedArrayAdaptor::toJSValue): + (JSC::IntegralTypedArrayAdaptor::toDouble): + (JSC::IntegralTypedArrayAdaptor::toNativeFromInt32): + (JSC::IntegralTypedArrayAdaptor::toNativeFromUint32): + (JSC::IntegralTypedArrayAdaptor::toNativeFromDouble): + (JSC::IntegralTypedArrayAdaptor::convertTo): + (JSC::FloatTypedArrayAdaptor::toJSValue): + (JSC::FloatTypedArrayAdaptor::toDouble): + (JSC::FloatTypedArrayAdaptor::toNativeFromInt32): + (JSC::FloatTypedArrayAdaptor::toNativeFromUint32): + (JSC::FloatTypedArrayAdaptor::toNativeFromDouble): + (JSC::FloatTypedArrayAdaptor::convertTo): + (JSC::Uint8ClampedAdaptor::toJSValue): + (JSC::Uint8ClampedAdaptor::toDouble): + (JSC::Uint8ClampedAdaptor::toNativeFromInt32): + (JSC::Uint8ClampedAdaptor::toNativeFromUint32): + (JSC::Uint8ClampedAdaptor::toNativeFromDouble): + (JSC::Uint8ClampedAdaptor::convertTo): + +2013-08-24 Dan Bernstein + + [mac] link against libz in a more civilized manner + https://bugs.webkit.org/show_bug.cgi?id=120258 - Reviewed by Geoffrey Garen. - - Fixed the code to not clobber registers that contain important things, like the call frame. + Reviewed by Darin Adler. - * llint/LowLevelInterpreter32_64.asm: + * Configurations/JavaScriptCore.xcconfig: Removed “-lz†from OTHER_LDFLAGS_BASE. + * JavaScriptCore.xcodeproj/project.pbxproj: Added libz.dylib to the JavaScriptCore target’s + Link Binary With Libraries build phase. -2012-05-31 Ojan Vafai +2013-08-23 Laszlo Papp - add back the ability to disable flexbox - https://bugs.webkit.org/show_bug.cgi?id=87147 + Failure building with python3 + https://bugs.webkit.org/show_bug.cgi?id=106645 - Reviewed by Tony Chang. + Reviewed by Benjamin Poulain. - * Configurations/FeatureDefines.xcconfig: + Use print functions instead of python statements to be compatible with python 3.X and 2.7 as well. + Archlinux has been using python3 and that is what causes issues while packaging QtWebKit along with Qt5. + + * disassembler/udis86/itab.py: + (UdItabGenerator.genInsnTable): + * disassembler/udis86/ud_opcode.py: + (UdOpcodeTables.print_table): + * disassembler/udis86/ud_optable.py: + (UdOptableXmlParser.parseDef): + (UdOptableXmlParser.parse): + (printFn): + +2013-08-23 Filip Pizlo + + Incorrect TypedArray#set behavior + https://bugs.webkit.org/show_bug.cgi?id=83818 + + Reviewed by Oliver Hunt and Mark Hahnenberg. + + This was so much fun! typedArray.set() is like a memmove on steroids, and I'm + not smart enough to figure out optimal versions for *all* of the cases. But I + did come up with optimal implementations for most of the cases, and I wrote + spec-literal code (i.e. copy via a transfer buffer) for the cases I'm not smart + enough to write optimal code for. + + * runtime/JSArrayBufferView.h: + (JSC::JSArrayBufferView::hasArrayBuffer): + * runtime/JSArrayBufferViewInlines.h: + (JSC::JSArrayBufferView::buffer): + (JSC::JSArrayBufferView::existingBufferInButterfly): + (JSC::JSArrayBufferView::neuter): + (JSC::JSArrayBufferView::byteOffset): + * runtime/JSGenericTypedArrayView.h: + * runtime/JSGenericTypedArrayViewInlines.h: + (JSC::::setWithSpecificType): + (JSC::::set): + (JSC::::existingBuffer): -2012-05-31 Tim Horton +2013-08-23 Alex Christensen - Disable CSS3 flexbox - + Re-separating Win32 and Win64 builds. + https://bugs.webkit.org/show_bug.cgi?id=120178 - Reviewed by John Sullivan. + Reviewed by Brent Fulgham. - * Configurations/FeatureDefines.xcconfig: + * JavaScriptCore.vcxproj/JavaScriptCoreGenerated.make: + * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/LLIntAssembly.make: + * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/LLIntDesiredOffsets.make: + Pass PlatformArchitecture as a command line parameter to bash scripts. + * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/build-LLIntAssembly.sh: + * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/build-LLIntDesiredOffsets.sh: + * JavaScriptCore.vcxproj/build-generated-files.sh: + Use PlatformArchitecture from command line to determine which object directory to use (obj32 or obj64). -2012-05-31 Tim Horton +2013-08-22 Filip Pizlo - Add feature defines for web-facing parts of CSS Regions and Exclusions - https://bugs.webkit.org/show_bug.cgi?id=87442 - + build-jsc --ftl-jit should work + https://bugs.webkit.org/show_bug.cgi?id=120194 - Reviewed by Dan Bernstein. + Reviewed by Oliver Hunt. - * Configurations/FeatureDefines.xcconfig: + * Configurations/Base.xcconfig: CPPFLAGS should include FEATURE_DEFINES + * Configurations/JSC.xcconfig: The 'jsc' tool includes headers where field layout may depend on FEATURE_DEFINES + * Configurations/ToolExecutable.xcconfig: All other tools include headers where field layout may depend on FEATURE_DEFINES + * ftl/FTLLowerDFGToLLVM.cpp: Build fix + (JSC::FTL::LowerDFGToLLVM::compilePutStructure): + (JSC::FTL::LowerDFGToLLVM::compilePhantomPutStructure): -2012-05-30 Lucas Forschler +2013-08-23 Oliver Hunt - Merge 118956 + Re-sort xcode project file - 2012-05-30 Oliver Hunt + * JavaScriptCore.xcodeproj/project.pbxproj: - DFG does not correctly handle exceptions caught in the LLInt - https://bugs.webkit.org/show_bug.cgi?id=87885 +2013-08-23 Oliver Hunt - Reviewed by Filip Pizlo. + Support in memory compression of rarely used data + https://bugs.webkit.org/show_bug.cgi?id=120143 - Make the DFG use genericThrow, rather than reimplementing a small portion of it. - Also make the LLInt slow paths validate that their PC is correct. + Reviewed by Gavin Barraclough. - * dfg/DFGOperations.cpp: - * llint/LLIntSlowPaths.cpp: - (LLInt): + Include zlib in LD_FLAGS and make UnlinkedCodeBlock make use of CompressibleVector. This saves ~200k on google maps. -2012-05-30 Lucas Forschler + * Configurations/JavaScriptCore.xcconfig: + * bytecode/UnlinkedCodeBlock.cpp: + (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset): + (JSC::UnlinkedCodeBlock::addExpressionInfo): + * bytecode/UnlinkedCodeBlock.h: - Merge 118810 +2013-08-22 Mark Hahnenberg - 2012-05-29 Mark Hahnenberg + JSObject and JSArray code shouldn't have to tiptoe around garbage collection + https://bugs.webkit.org/show_bug.cgi?id=120179 - CopiedSpace::doneCopying could start another collection - https://bugs.webkit.org/show_bug.cgi?id=86538 + Reviewed by Geoffrey Garen. - Reviewed by Geoffrey Garen. + There are many places in the code for JSObject and JSArray where they are manipulating their + Butterfly/Structure, e.g. after expanding their out-of-line backing storage via allocating. Within + these places there are certain "critical sections" where a GC would be disastrous. Gen GC looks + like it will make this dance even more intricate. To make everybody's lives easier we should use + the DeferGC mechanism in these functions to make these GC critical sections both obvious in the + code and trivially safe. Deferring collections will usually only last marginally longer, thus we + should not incur any additional overhead. - It's possible that if we don't have anything at the head of to-space - after a collection and the BlockAllocator doesn't have any fresh blocks - to give us right now we could start another collection while still in - the middle of the first collection when we call CopiedSpace::addNewBlock(). + * heap/Heap.h: + * runtime/JSArray.cpp: + (JSC::JSArray::unshiftCountSlowCase): + * runtime/JSObject.cpp: + (JSC::JSObject::enterDictionaryIndexingModeWhenArrayStorageAlreadyExists): + (JSC::JSObject::createInitialUndecided): + (JSC::JSObject::createInitialInt32): + (JSC::JSObject::createInitialDouble): + (JSC::JSObject::createInitialContiguous): + (JSC::JSObject::createArrayStorage): + (JSC::JSObject::convertUndecidedToArrayStorage): + (JSC::JSObject::convertInt32ToArrayStorage): + (JSC::JSObject::convertDoubleToArrayStorage): + (JSC::JSObject::convertContiguousToArrayStorage): + (JSC::JSObject::increaseVectorLength): + (JSC::JSObject::ensureLengthSlow): + * runtime/JSObject.h: + (JSC::JSObject::putDirectInternal): + (JSC::JSObject::setStructureAndReallocateStorageIfNecessary): + (JSC::JSObject::putDirectWithoutTransition): - One way to resolve this would be to have Heap::shouldCollect() check that - m_operationInProgress is NoOperation. This would prevent the path in - getFreshBlock() that starts the collection if we're already in the middle of one. +2013-08-22 Filip Pizlo - I could not come up with a test case to reproduce this crash on ToT. + Update LLVM binary drops and scripts to the latest version from SVN + https://bugs.webkit.org/show_bug.cgi?id=120184 - * heap/Heap.h: - (JSC::Heap::shouldCollect): We shouldn't collect if we're already in the middle - of a collection, i.e. the current operation should be NoOperation. + Reviewed by Mark Hahnenberg. -2012-05-30 Lucas Forschler + * dfg/DFGPlan.cpp: + (JSC::DFG::Plan::compileInThreadImpl): - Merge +2013-08-22 Gavin Barraclough -2012-05-23 Lucas Forschler + Don't leak registers for redeclared variables + https://bugs.webkit.org/show_bug.cgi?id=120174 - Merge 117860 + Reviewed by Geoff Garen. - 2012-05-21 Michael Saboff + We currently always allocate registers for new global variables, but these are wasted when the variable is being redeclared. + Only allocate new registers when necessary. - Cleanup of Calls to operationStrCat and operationNewArray and Use Constructor after r117729 - https://bugs.webkit.org/show_bug.cgi?id=87027 + No performance impact. - Reviewed by Oliver Hunt. + * interpreter/Interpreter.cpp: + (JSC::Interpreter::execute): + * runtime/Executable.cpp: + (JSC::ProgramExecutable::initializeGlobalProperties): + - Don't allocate the register here. + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::addGlobalVar): + - Allocate the register here instead. - Change calls to operationStrCat and operationNewArray to provide the - pointer to the EncodedJSValue* data buffer instead of the ScratchBuffer - that contains it. Added a ScratchBuffer::create() function. - This is a clean-up to r117729. +2013-08-22 Gavin Barraclough - * dfg/DFGOperations.cpp: - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * runtime/JSGlobalData.h: - (JSC::ScratchBuffer::create): - (JSC::ScratchBuffer::dataBuffer): - (JSC::JSGlobalData::scratchBufferForSize): + https://bugs.webkit.org/show_bug.cgi?id=120128 + Remove putDirectVirtual -2012-05-23 Lucas Forschler + Unreviewed, checked in commented out code. :-( - Merge 117729 + * interpreter/Interpreter.cpp: + (JSC::Interpreter::execute): + - delete commented out code - 2012-05-20 Michael Saboff +2013-08-22 Gavin Barraclough - JSGlobalData ScratchBuffers Are Not Visited During Garbage Collection - https://bugs.webkit.org/show_bug.cgi?id=86553 + Error.stack should not be enumerable + https://bugs.webkit.org/show_bug.cgi?id=120171 - Reviewed by Gavin Barraclough. + Reviewed by Oliver Hunt. - Scratch buffers can contain the only reference to live objects. - Therefore visit scratch buffer contents as conservative roots. - Changed the scratch buffers to be a struct with an "active" - length and the actual buffer. The users of the scratch - buffer emit code where needed to set and clear the active - length as appropriate. During marking, the active count is - used for conservative marking. + Breaks ECMA tests. - * dfg/DFGAssemblyHelpers.h: - (JSC::DFG::AssemblyHelpers::debugCall): - * dfg/DFGOSRExitCompiler32_64.cpp: - (JSC::DFG::OSRExitCompiler::compileExit): - * dfg/DFGOSRExitCompiler64.cpp: - (JSC::DFG::OSRExitCompiler::compileExit): - * dfg/DFGOperations.cpp: - * dfg/DFGOperations.h: - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGThunks.cpp: - (JSC::DFG::osrExitGenerationThunkGenerator): - * heap/Heap.cpp: - (JSC::Heap::markRoots): - * runtime/JSGlobalData.cpp: - (JSC::JSGlobalData::gatherConservativeRoots): - * runtime/JSGlobalData.h: - (JSC::ScratchBuffer::ScratchBuffer): - (ScratchBuffer): - (JSC::ScratchBuffer::allocationSize): - (JSC::ScratchBuffer::setActiveLength): - (JSC::ScratchBuffer::activeLength): - (JSC::ScratchBuffer::activeLengthPtr): - (JSC::ScratchBuffer::dataBuffer): - (JSGlobalData): - (JSC::JSGlobalData::scratchBufferForSize): - -2012-05-21 Lucas Forschler - - Merge 117523 - - 2012-05-17 Filip Pizlo - - Setting array index -1 and looping over array causes bad behavior - https://bugs.webkit.org/show_bug.cgi?id=86733 - - - Reviewed by Oliver Hunt. + * runtime/ErrorInstance.cpp: + (JSC::ErrorInstance::finishCreation): + - None -> DontEnum - * dfg/DFGOperations.cpp: +2013-08-21 Gavin Barraclough -2012-05-21 Lucas Forschler + https://bugs.webkit.org/show_bug.cgi?id=120128 + Remove putDirectVirtual - Merge 117193 + Reviewed by Sam Weinig. - 2012-05-15 Oliver Hunt + This could most generously be described as 'vestigial'. + No performance impact. - Make error information available even if all we have is line number information. - https://bugs.webkit.org/show_bug.cgi?id=86547 + * API/JSObjectRef.cpp: + (JSObjectSetProperty): + - changed to use defineOwnProperty + * debugger/DebuggerActivation.cpp: + * debugger/DebuggerActivation.h: + - remove putDirectVirtual + * interpreter/Interpreter.cpp: + (JSC::Interpreter::execute): + - changed to use defineOwnProperty + * runtime/ClassInfo.h: + * runtime/JSActivation.cpp: + * runtime/JSActivation.h: + * runtime/JSCell.cpp: + * runtime/JSCell.h: + * runtime/JSGlobalObject.cpp: + * runtime/JSGlobalObject.h: + * runtime/JSObject.cpp: + * runtime/JSObject.h: + * runtime/JSProxy.cpp: + * runtime/JSProxy.h: + * runtime/JSSymbolTableObject.cpp: + * runtime/JSSymbolTableObject.h: + - remove putDirectVirtual + * runtime/PropertyDescriptor.h: + (JSC::PropertyDescriptor::PropertyDescriptor): + - added constructor for convenience - Reviewed by Filip Pizlo. +2013-08-22 Chris Curtis - We don't need expression information to generate useful line, file, and stack information, - so only require that we have line number info available. + errorDescriptionForValue() should not assume error value is an Object + https://bugs.webkit.org/show_bug.cgi?id=119812 - * interpreter/Interpreter.cpp: - (JSC::Interpreter::throwException): - * runtime/Executable.h: - (JSC): + Reviewed by Geoffrey Garen. -2012-05-21 Lucas Forschler + Added a check to make sure that the JSValue was an object before casting it as an object. Also, in case the parameterized JSValue + has no type, the function now returns the empty string. + * runtime/ExceptionHelpers.cpp: + (JSC::errorDescriptionForValue): - Merge 117201 +2013-08-22 Julien Brianceau - 2012-05-15 Mark Hahnenberg + Fix P_DFGOperation_EJS call for MIPS and ARM EABI. + https://bugs.webkit.org/show_bug.cgi?id=120107 - Block freeing thread should not free blocks when we are actively requesting them - https://bugs.webkit.org/show_bug.cgi?id=86519 + Reviewed by Yong Li. - Reviewed by Geoff Garen. + EncodedJSValue parameters must be aligned to even registers for MIPS and ARM EABI. - * heap/BlockAllocator.h: - (JSC::BlockAllocator::allocate): Reordering the setting of the flag so its done - while we hold the lock to ensure proper locking. + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::callOperation): -2012-05-21 Lucas Forschler +2013-08-21 Commit Queue - Merge 117183 + Unreviewed, rolling out r154416. + http://trac.webkit.org/changeset/154416 + https://bugs.webkit.org/show_bug.cgi?id=120147 - 2012-05-15 Mark Hahnenberg + Broke Windows builds (Requested by rniwa on #webkit). - Block freeing thread should not free blocks when we are actively requesting them - https://bugs.webkit.org/show_bug.cgi?id=86519 + * JavaScriptCore.vcxproj/JavaScriptCoreGenerated.make: + * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/LLIntAssembly.make: + * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/build-LLIntAssembly.sh: + * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/LLIntDesiredOffsets.make: + * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/build-LLIntDesiredOffsets.sh: + * JavaScriptCore.vcxproj/build-generated-files.sh: - Reviewed by Geoffrey Garen. +2013-08-21 Gavin Barraclough - The block freeing thread shoots us in the foot if it decides to run while we're actively - requesting blocks and returning them. This situation can arise when there is a lot of copying - collection going on in steady state. We allocate a large swath of pages to copy into, then we - return all the newly free old pages to the BlockAllocator. In this state, if the block freeing - thread wakes up in between collections (which is more likely than it waking up during a - collection) and frees half of these pages, they will be needed almost immediately during the - next collection, causing a storm of VM allocations which we know are going to be very slow. + Clarify var/const/function declaration + https://bugs.webkit.org/show_bug.cgi?id=120144 - What we'd like is for when things have quieted down the block freeing thread can then return - memory to the OS. Usually this will be when a page has fully loaded and has a low allocation - rate. In this situation, our opportunistic collections will only be running at least every few - seconds, thus the extra time spent doing VM allocations won't matter nearly as much as, say, - while a page is loading. + Reviewed by Sam Weinig. - * heap/BlockAllocator.cpp: - (JSC::BlockAllocator::BlockAllocator): Initialize our new field. - (JSC::BlockAllocator::blockFreeingThreadMain): We check if we've seen any block requests recently. - If so, reset our flag and go back to sleep. We also don't bother with locking here. If we miss out - on an update, we'll see it when we wake up again. - * heap/BlockAllocator.h: Add new field to track whether or not we've received recent block requests. - (BlockAllocator): - (JSC::BlockAllocator::allocate): If we receive a request for a block, set our field that tracks - that to true. We don't bother locking since we assume that writing to a bool is atomic. + Add methods to JSGlobalObject to declare vars, consts, and functions. -2012-05-15 Lucas Forschler + * runtime/Executable.cpp: + (JSC::ProgramExecutable::initializeGlobalProperties): + * runtime/Executable.h: + - Moved declaration code to JSGlobalObject + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::addGlobalVar): + - internal implementation of addVar, addConst, addFunction + * runtime/JSGlobalObject.h: + (JSC::JSGlobalObject::addVar): + (JSC::JSGlobalObject::addConst): + (JSC::JSGlobalObject::addFunction): + - Added methods to declare vars, consts, and functions - Merge 116785 +2013-08-21 Yi Shen - 2012-05-11 Sam Weinig + https://bugs.webkit.org/show_bug.cgi?id=119900 + Exception in global setter doesn't unwind correctly - Fix crash seen when running with libgmalloc - - https://bugs.webkit.org/show_bug.cgi?id=86232 + Reviewed by Geoffrey Garen. - Reviewed by Gavin Barraclough. + Call VM_THROW_EXCEPTION_AT_END in op_put_to_scope if the setter throws exception. - * heap/MarkStack.cpp: - (JSC::MarkStackThreadSharedData::markingThreadMain): - Don't delete the SlotVisitor before the ParallelModeEnabler has had a chance to run its - destructor. + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): -2012-05-15 Sam Weinig +2013-08-21 Mark Hahnenberg - ENABLE_IFRAME_SEAMLESS should be turned off on the branch + Rename/refactor setButterfly/setStructure + https://bugs.webkit.org/show_bug.cgi?id=120138 - Reviewed by Andy Estes. + Reviewed by Geoffrey Garen. - * Configurations/FeatureDefines.xcconfig: - Disable ENABLE_IFRAME_SEAMLESS. + setButterfly becomes setStructureAndButterfly. -2012-05-15 Lucas Forschler + Also removed the Butterfly* argument from setStructure and just implicitly + used m_butterfly internally since that's what every single client of setStructure + was doing already. - Merge 116925 + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * runtime/JSObject.cpp: + (JSC::JSObject::notifyPresenceOfIndexedAccessors): + (JSC::JSObject::createInitialUndecided): + (JSC::JSObject::createInitialInt32): + (JSC::JSObject::createInitialDouble): + (JSC::JSObject::createInitialContiguous): + (JSC::JSObject::createArrayStorage): + (JSC::JSObject::convertUndecidedToInt32): + (JSC::JSObject::convertUndecidedToDouble): + (JSC::JSObject::convertUndecidedToContiguous): + (JSC::JSObject::convertUndecidedToArrayStorage): + (JSC::JSObject::convertInt32ToDouble): + (JSC::JSObject::convertInt32ToContiguous): + (JSC::JSObject::convertInt32ToArrayStorage): + (JSC::JSObject::genericConvertDoubleToContiguous): + (JSC::JSObject::convertDoubleToArrayStorage): + (JSC::JSObject::convertContiguousToArrayStorage): + (JSC::JSObject::switchToSlowPutArrayStorage): + (JSC::JSObject::setPrototype): + (JSC::JSObject::putDirectAccessor): + (JSC::JSObject::seal): + (JSC::JSObject::freeze): + (JSC::JSObject::preventExtensions): + (JSC::JSObject::reifyStaticFunctionsForDelete): + (JSC::JSObject::removeDirect): + * runtime/JSObject.h: + (JSC::JSObject::setStructureAndButterfly): + (JSC::JSObject::setStructure): + (JSC::JSObject::putDirectInternal): + (JSC::JSObject::setStructureAndReallocateStorageIfNecessary): + (JSC::JSObject::putDirectWithoutTransition): + * runtime/Structure.cpp: + (JSC::Structure::flattenDictionaryStructure): - 2012-05-13 Filip Pizlo +2013-08-21 Gavin Barraclough - DFG performs incorrect constant folding on double-to-uint32 conversion in - Uint32Array PutByVal - https://bugs.webkit.org/show_bug.cgi?id=86330 + https://bugs.webkit.org/show_bug.cgi?id=120127 + Remove JSObject::propertyIsEnumerable - Reviewed by Darin Adler. + Unreviewed typo fix - static_cast(d) is wrong, since JS semantics require us to use toInt32(d). - In particular, C++ casts on typical hardware (like x86 and similar) will - return 0x80000000 for double values that are out of range of the int32 domain - (i.e. less than -2^31 or greater than or equal to 2^31). But JS semantics call - for wrap-around; for example the double value 4294967297 ought to become the - int32 value 1, not 0x80000000. + * runtime/JSObject.h: + - fix typo - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): +2013-08-21 Gavin Barraclough -2012-05-15 Lucas Forschler + https://bugs.webkit.org/show_bug.cgi?id=120139 + PropertyDescriptor argument to define methods should be const - Merge 116809 + Rubber stamped by Sam Weinig. - 2012-05-11 Geoffrey Garen + This should never be modified, and this way we can use rvalues. - Clarified JSGlobalData (JavaScript VM) lifetime - https://bugs.webkit.org/show_bug.cgi?id=85142 + * debugger/DebuggerActivation.cpp: + (JSC::DebuggerActivation::defineOwnProperty): + * debugger/DebuggerActivation.h: + * runtime/Arguments.cpp: + (JSC::Arguments::defineOwnProperty): + * runtime/Arguments.h: + * runtime/ClassInfo.h: + * runtime/JSArray.cpp: + (JSC::JSArray::defineOwnProperty): + * runtime/JSArray.h: + * runtime/JSArrayBuffer.cpp: + (JSC::JSArrayBuffer::defineOwnProperty): + * runtime/JSArrayBuffer.h: + * runtime/JSArrayBufferView.cpp: + (JSC::JSArrayBufferView::defineOwnProperty): + * runtime/JSArrayBufferView.h: + * runtime/JSCell.cpp: + (JSC::JSCell::defineOwnProperty): + * runtime/JSCell.h: + * runtime/JSFunction.cpp: + (JSC::JSFunction::defineOwnProperty): + * runtime/JSFunction.h: + * runtime/JSGenericTypedArrayView.h: + * runtime/JSGenericTypedArrayViewInlines.h: + (JSC::::defineOwnProperty): + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::defineOwnProperty): + * runtime/JSGlobalObject.h: + * runtime/JSObject.cpp: + (JSC::JSObject::putIndexedDescriptor): + (JSC::JSObject::defineOwnIndexedProperty): + (JSC::putDescriptor): + (JSC::JSObject::defineOwnNonIndexProperty): + (JSC::JSObject::defineOwnProperty): + * runtime/JSObject.h: + * runtime/JSProxy.cpp: + (JSC::JSProxy::defineOwnProperty): + * runtime/JSProxy.h: + * runtime/RegExpMatchesArray.h: + (JSC::RegExpMatchesArray::defineOwnProperty): + * runtime/RegExpObject.cpp: + (JSC::RegExpObject::defineOwnProperty): + * runtime/RegExpObject.h: + * runtime/StringObject.cpp: + (JSC::StringObject::defineOwnProperty): + * runtime/StringObject.h: + - make PropertyDescriptor const - Reviewed by Alexey Proskuryakov. +2013-08-21 Filip Pizlo - (Follow-up fix.) + REGRESSION: Crash under JITCompiler::link while loading Gmail + https://bugs.webkit.org/show_bug.cgi?id=119872 - * API/JSContextRef.cpp: - (JSGlobalContextCreate): Restored some code I removed because I misread an #ifdef. - (We don't need to test BUILDING_ON_LEOPARD, but we still need the linked-on - test, because apps might have been linked on older OS's.) + Reviewed by Mark Hahnenberg. + + Apparently, unsigned + signed = unsigned. Work around it with a cast. -2012-05-15 Lucas Forschler + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::parseBlock): - Merge 116813 +2013-08-21 Alex Christensen - 2012-05-11 Filip Pizlo + Separating Win32 and Win64 builds. - JIT memory allocator is not returning memory to the OS on Darwin - https://bugs.webkit.org/show_bug.cgi?id=86047 + Reviewed by Brent Fulgham. - Reviewed by Geoff Garen. + * JavaScriptCore.vcxproj/JavaScriptCoreGenerated.make: + * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/LLIntAssembly.make: + * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/LLIntDesiredOffsets.make: + Pass PlatformArchitecture as a command line parameter to bash scripts. + * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/build-LLIntAssembly.sh: + * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/build-LLIntDesiredOffsets.sh: + * JavaScriptCore.vcxproj/build-generated-files.sh: + Use PlatformArchitecture from command line to determine which object directory to use (obj32 or obj64). - * jit/ExecutableAllocatorFixedVMPool.cpp: - (JSC::FixedVMPoolExecutableAllocator::notifyPageIsFree): +2013-08-21 Filip Pizlo -2012-05-15 Lucas Forschler + Assertion failure in JSC::SlotVisitor::copyLater when marking JSDataView + https://bugs.webkit.org/show_bug.cgi?id=120099 - Merge 116593 + Reviewed by Mark Hahnenberg. + + JSDataView should not store the ArrayBuffer* in the butterfly indexing header, since + JSDataView may have ordinary JS indexed properties. - 2012-05-09 Filip Pizlo + * runtime/ClassInfo.h: + * runtime/JSArrayBufferView.cpp: + (JSC::JSArrayBufferView::ConstructionContext::ConstructionContext): + (JSC::JSArrayBufferView::finishCreation): + * runtime/JSArrayBufferView.h: + (JSC::hasArrayBuffer): + * runtime/JSArrayBufferViewInlines.h: + (JSC::JSArrayBufferView::buffer): + (JSC::JSArrayBufferView::neuter): + (JSC::JSArrayBufferView::byteOffset): + * runtime/JSCell.cpp: + (JSC::JSCell::slowDownAndWasteMemory): + * runtime/JSCell.h: + * runtime/JSDataView.cpp: + (JSC::JSDataView::JSDataView): + (JSC::JSDataView::create): + (JSC::JSDataView::slowDownAndWasteMemory): + * runtime/JSDataView.h: + (JSC::JSDataView::buffer): + * runtime/JSGenericTypedArrayView.h: + * runtime/JSGenericTypedArrayViewInlines.h: + (JSC::::visitChildren): + (JSC::::slowDownAndWasteMemory): - JIT memory allocator is not returning memory to the OS on Darwin - https://bugs.webkit.org/show_bug.cgi?id=86047 - +2013-08-21 Mark Hahnenberg - Reviewed by Geoff Garen. + Remove incorrect ASSERT from CopyVisitor::visitItem - Work around the problem by using a different madvise() flag, but only for the JIT memory - allocator. Also put in ASSERTs that the call is actually working. + Rubber stamped by Filip Pizlo. - * jit/ExecutableAllocatorFixedVMPool.cpp: - (JSC::FixedVMPoolExecutableAllocator::notifyNeedPage): - (JSC::FixedVMPoolExecutableAllocator::notifyPageIsFree): + * heap/CopyVisitorInlines.h: + (JSC::CopyVisitor::visitItem): -2012-05-15 Lucas Forschler +2013-08-21 Gavin Barraclough - Merge 116565 + https://bugs.webkit.org/show_bug.cgi?id=120127 + Remove JSObject::propertyIsEnumerable - 2012-05-09 Mark Hahnenberg + Reviewed by Sam Weinig. - CopiedSpace does not add pinned blocks back to the to-space filter - https://bugs.webkit.org/show_bug.cgi?id=86011 + This method is just a wart - it contains unnecessary const-casting, function call overhead, and LOC. - Reviewed by Geoffrey Garen. + * runtime/JSObject.cpp: + * runtime/JSObject.h: + - remove propertyIsEnumerable + * runtime/ObjectPrototype.cpp: + (JSC::objectProtoFuncPropertyIsEnumerable): + - Move implementation here using getOwnPropertyDescriptor directly. - After a collection has finished, we go through the blocks in from-space - and move any of them that are pinned into to-space. At the beginning of - collection, we reset the to-space block filter that is used during - conservative scanning and add back the blocks that are filled during the - collection. However, we neglect to add back those blocks that are moved - from from-space to to-space, which can cause the conservative scan to - think that some pinned items are not actually in CopiedSpace. +2013-08-20 Filip Pizlo - * heap/CopiedSpace.cpp: - (JSC::CopiedSpace::doneCopying): Add the pinned blocks back to the - to-space filter. Also added a comment and assert for future readers that - indicates that it's okay that we don't also add the block to the - to-space block set since it was never removed. + DFG should inline new typedArray() + https://bugs.webkit.org/show_bug.cgi?id=120022 -2012-05-15 Lucas Forschler + Reviewed by Oliver Hunt. + + Adds inlining of typed array allocations in the DFG. Any operation of the + form: + + new foo(blah) + + or: + + foo(blah) + + where 'foo' is a typed array constructor and 'blah' is exactly one argument, + is turned into the NewTypedArray intrinsic. Later, of child1 (i.e. 'blah') + is predicted integer, we generate inline code for an allocation. Otherwise + it turns into a call to an operation that behaves like the constructor would + if it was passed one argument (i.e. it may wrap a buffer or it may create a + copy or another array, or it may allocate an array of that length). - Merge 116484 + * bytecode/SpeculatedType.cpp: + (JSC::speculationFromTypedArrayType): + (JSC::speculationFromClassInfo): + * bytecode/SpeculatedType.h: + * dfg/DFGAbstractInterpreterInlines.h: + (JSC::DFG::::executeEffects): + * dfg/DFGBackwardsPropagationPhase.cpp: + (JSC::DFG::BackwardsPropagationPhase::propagate): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::handleTypedArrayConstructor): + (JSC::DFG::ByteCodeParser::handleConstantInternalFunction): + * dfg/DFGCCallHelpers.h: + (JSC::DFG::CCallHelpers::setupArgumentsWithExecState): + * dfg/DFGCSEPhase.cpp: + (JSC::DFG::CSEPhase::putStructureStoreElimination): + * dfg/DFGClobberize.h: + (JSC::DFG::clobberize): + * dfg/DFGFixupPhase.cpp: + (JSC::DFG::FixupPhase::fixupNode): + * dfg/DFGGraph.cpp: + (JSC::DFG::Graph::dump): + * dfg/DFGNode.h: + (JSC::DFG::Node::hasTypedArrayType): + (JSC::DFG::Node::typedArrayType): + * dfg/DFGNodeType.h: + * dfg/DFGOperations.cpp: + (JSC::DFG::newTypedArrayWithSize): + (JSC::DFG::newTypedArrayWithOneArgument): + * dfg/DFGOperations.h: + (JSC::DFG::operationNewTypedArrayWithSizeForType): + (JSC::DFG::operationNewTypedArrayWithOneArgumentForType): + * dfg/DFGPredictionPropagationPhase.cpp: + (JSC::DFG::PredictionPropagationPhase::propagate): + * dfg/DFGSafeToExecute.h: + (JSC::DFG::safeToExecute): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compileNewTypedArray): + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::callOperation): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * jit/JITOpcodes.cpp: + (JSC::JIT::emit_op_new_object): + * jit/JITOpcodes32_64.cpp: + (JSC::JIT::emit_op_new_object): + * runtime/JSArray.h: + (JSC::JSArray::allocationSize): + * runtime/JSArrayBufferView.h: + (JSC::JSArrayBufferView::allocationSize): + * runtime/JSGenericTypedArrayViewConstructorInlines.h: + (JSC::constructGenericTypedArrayView): + * runtime/JSObject.h: + (JSC::JSFinalObject::allocationSize): + * runtime/TypedArrayType.cpp: + (JSC::constructorClassInfoForType): + * runtime/TypedArrayType.h: + (JSC::indexToTypedArrayType): - 2012-05-08 Mark Hahnenberg +2013-08-21 Julien Brianceau - Heap should not continually allocate new pages in steady state - https://bugs.webkit.org/show_bug.cgi?id=85936 + Fix V_DFGOperation_EJPP signature in DFG. - Reviewed by Geoff Garen. + Reviewed by Geoffrey Garen. - Currently, in steady state (i.e. a constant amount of live GC - memory with a constant rate of allocation) assuming we've just - finished a collection with X live blocks in CopiedSpace, we - increase our working set by X blocks in CopiedSpace with each - collection we perform. This is due to the fact that we allocate - until we run out of free blocks to use in the Heap before we - consider whether we should run a collection. + * dfg/DFGOperations.h: - In the longer term, this issue will be mostly resolved by - implementing quick release for the CopiedSpace. In the shorter - term, we should change our policy to check whether we should - allocate before trying to use a free block from the Heap. We - can change our policy to something more appropriate once we - have implemented quick release. +2013-08-20 Gavin Barraclough - This change should also have the convenient side effect of - reducing the variance in GC-heavy tests (e.g. v8-splay) due - to fact that we are doing less VM allocation during copying - collection. Overall, this patch is performance neutral across - the benchmarks we track. + https://bugs.webkit.org/show_bug.cgi?id=120093 + Remove getOwnPropertyDescriptor trap - * heap/CopiedSpace.cpp: - (JSC::CopiedSpace::getFreshBlock): Shuffle the request from the BlockAllocator - around so that we only do it if the block request must succeed - i.e. after we've already checked whether we should do a collection. - * heap/MarkedAllocator.cpp: - (JSC::MarkedAllocator::allocateSlowCase): Ditto. - (JSC::MarkedAllocator::allocateBlock): We no longer have a failure mode in this - function because by the time we've called it, we've already checked whether we - should run a collection so there's no point in returning null. - * heap/MarkedAllocator.h: Removing old arguments from function declaration. - (MarkedAllocator): + Reviewed by Geoff Garen. -2012-05-15 Lucas Forschler + All implementations of this method are now called via the method table, and equivalent in behaviour. + Remove all duplicate implementations (and the method table trap), and add a single member function implementation on JSObject. - Merge 116372 + * API/JSCallbackObject.h: + * API/JSCallbackObjectFunctions.h: + * debugger/DebuggerActivation.cpp: + * debugger/DebuggerActivation.h: + * runtime/Arguments.cpp: + * runtime/Arguments.h: + * runtime/ArrayConstructor.cpp: + * runtime/ArrayConstructor.h: + * runtime/ArrayPrototype.cpp: + * runtime/ArrayPrototype.h: + * runtime/BooleanPrototype.cpp: + * runtime/BooleanPrototype.h: + - remove getOwnPropertyDescriptor + * runtime/ClassInfo.h: + - remove getOwnPropertyDescriptor from MethodTable + * runtime/DateConstructor.cpp: + * runtime/DateConstructor.h: + * runtime/DatePrototype.cpp: + * runtime/DatePrototype.h: + * runtime/ErrorPrototype.cpp: + * runtime/ErrorPrototype.h: + * runtime/JSActivation.cpp: + * runtime/JSActivation.h: + * runtime/JSArray.cpp: + * runtime/JSArray.h: + * runtime/JSArrayBuffer.cpp: + * runtime/JSArrayBuffer.h: + * runtime/JSArrayBufferView.cpp: + * runtime/JSArrayBufferView.h: + * runtime/JSCell.cpp: + * runtime/JSCell.h: + * runtime/JSDataView.cpp: + * runtime/JSDataView.h: + * runtime/JSDataViewPrototype.cpp: + * runtime/JSDataViewPrototype.h: + * runtime/JSFunction.cpp: + * runtime/JSFunction.h: + * runtime/JSGenericTypedArrayView.h: + * runtime/JSGenericTypedArrayViewInlines.h: + * runtime/JSGlobalObject.cpp: + * runtime/JSGlobalObject.h: + * runtime/JSNotAnObject.cpp: + * runtime/JSNotAnObject.h: + * runtime/JSONObject.cpp: + * runtime/JSONObject.h: + - remove getOwnPropertyDescriptor + * runtime/JSObject.cpp: + (JSC::JSObject::propertyIsEnumerable): + - switch to call new getOwnPropertyDescriptor member function + (JSC::JSObject::getOwnPropertyDescriptor): + - new, based on imlementation from GET_OWN_PROPERTY_DESCRIPTOR_IMPL + (JSC::JSObject::defineOwnNonIndexProperty): + - switch to call new getOwnPropertyDescriptor member function + * runtime/JSObject.h: + * runtime/JSProxy.cpp: + * runtime/JSProxy.h: + * runtime/NamePrototype.cpp: + * runtime/NamePrototype.h: + * runtime/NumberConstructor.cpp: + * runtime/NumberConstructor.h: + * runtime/NumberPrototype.cpp: + * runtime/NumberPrototype.h: + - remove getOwnPropertyDescriptor + * runtime/ObjectConstructor.cpp: + (JSC::objectConstructorGetOwnPropertyDescriptor): + (JSC::objectConstructorSeal): + (JSC::objectConstructorFreeze): + (JSC::objectConstructorIsSealed): + (JSC::objectConstructorIsFrozen): + - switch to call new getOwnPropertyDescriptor member function + * runtime/ObjectConstructor.h: + - remove getOwnPropertyDescriptor + * runtime/PropertyDescriptor.h: + - remove GET_OWN_PROPERTY_DESCRIPTOR_IMPL + * runtime/RegExpConstructor.cpp: + * runtime/RegExpConstructor.h: + * runtime/RegExpMatchesArray.cpp: + * runtime/RegExpMatchesArray.h: + * runtime/RegExpObject.cpp: + * runtime/RegExpObject.h: + * runtime/RegExpPrototype.cpp: + * runtime/RegExpPrototype.h: + * runtime/StringConstructor.cpp: + * runtime/StringConstructor.h: + * runtime/StringObject.cpp: + * runtime/StringObject.h: + - remove getOwnPropertyDescriptor - 2012-05-07 Oliver Hunt +2013-08-20 Mark Hahnenberg - Rolling out r110287 + Flattening a dictionary can cause CopiedSpace corruption - RS=Filip Pizlo + Reviewed by Oliver Hunt. - r110287 was meant to be refactoring only, but changed behavior - enough to break some websites, including qq.com. + When we flatten an object in dictionary mode, we compact its properties. If the object + had out-of-line storage in the form of a Butterfly prior to this compaction, and after + compaction its properties fit inline, the object's Structure "forgets" that the object + has a non-zero Butterfly pointer. During GC, we check the Butterfly and reportLiveBytes + with bytes = 0, which causes all sorts of badness in CopiedSpace. -2012-05-15 Lucas Forschler + Instead, after we flatten a dictionary, if properties fit inline we should clear the + Butterfly pointer so that the GC doesn't get confused later. - Merge 116363 + This patch does this clearing, and it also adds JSObject::checkStructure, which overrides + JSCell::checkStructure to add an ASSERT that makes sure that the Structure being assigned + agrees with the whether or not the object has a Butterfly. Also added an ASSERT to check + that the number of bytes reported to SlotVisitor::copyLater is non-zero. - 2012-05-07 Oliver Hunt + * heap/SlotVisitorInlines.h: + (JSC::SlotVisitor::copyLater): + * runtime/JSObject.cpp: + (JSC::JSObject::notifyPresenceOfIndexedAccessors): + (JSC::JSObject::convertUndecidedToInt32): + (JSC::JSObject::convertUndecidedToDouble): + (JSC::JSObject::convertUndecidedToContiguous): + (JSC::JSObject::convertInt32ToDouble): + (JSC::JSObject::convertInt32ToContiguous): + (JSC::JSObject::genericConvertDoubleToContiguous): + (JSC::JSObject::switchToSlowPutArrayStorage): + (JSC::JSObject::setPrototype): + (JSC::JSObject::putDirectAccessor): + (JSC::JSObject::seal): + (JSC::JSObject::freeze): + (JSC::JSObject::preventExtensions): + (JSC::JSObject::reifyStaticFunctionsForDelete): + (JSC::JSObject::removeDirect): + * runtime/JSObject.h: + (JSC::JSObject::setButterfly): + (JSC::JSObject::putDirectInternal): + (JSC::JSObject::setStructure): + (JSC::JSObject::setStructureAndReallocateStorageIfNecessary): + * runtime/Structure.cpp: + (JSC::Structure::flattenDictionaryStructure): - Fix release build. +2013-08-20 Alex Christensen - * llint/LLIntSlowPaths.cpp: - (JSC::LLInt::LLINT_SLOW_PATH_DECL): + Compile fix for Win64 after r154156. -2012-05-15 Lucas Forschler + Rubber stamped by Oliver Hunt. - Merge 116361 + * jit/JITStubsMSVC64.asm: + Renamed ctiVMThrowTrampolineSlowpath to ctiVMHandleException and + cti_vm_throw_slowpath to cti_vm_handle_exception. - 2012-05-07 Oliver Hunt +2013-08-20 Alex Christensen - LLInt doesn't check for Ropes when performing a character switch - https://bugs.webkit.org/show_bug.cgi?id=85837 + More work towards a Win64 build - Reviewed by Filip Pizlo. + Reviewed by Brent Fulgham. - Make LLint check if the scrutinee of a char switch is a rope, and if - so fall back to a slow case. + * JavaScriptCore.vcxproj/JavaScriptCoreGenerated.make: + * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/LLIntAssembly.make: + * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/LLIntDesiredOffsets.make: + * JavaScriptCore.vcxproj/copy-files.cmd: + * JavaScriptCore.vcxproj/jsc/jscCommon.props: + * JavaScriptCore.vcxproj/testRegExp/testRegExpCommon.props: + Use PlatformArchitecture macro instead of bin32, lib32, and obj32. - * llint/LLIntSlowPaths.cpp: - (JSC::LLInt::LLINT_SLOW_PATH_DECL): - (LLInt): - * llint/LowLevelInterpreter32_64.asm: - * llint/LowLevelInterpreter64.asm: +2013-08-20 Mark Hahnenberg -2012-05-15 Lucas Forschler + Concurrent JIT crashes in various fast/js/dfg-* tests while the main thread is setting innerHTML - Merge 116367 + Reviewed by Geoffrey Garen. - 2012-05-07 Andy Estes + More fixes for WriteBarrier deferral during concurrent JIT-ing. This patch makes the use of DesiredWriteBarriers class and the + initializeLazyWriteBarrierFor* wrapper functions more sane. - ENABLE_IFRAME_SEAMLESS should be part of FEATURE_DEFINES. + Refactored DesiredWriteBarrier to require an owner, a type, a CodeBlock, and an index. The type indicates how to use the CodeBlock + and index when triggering the WriteBarrier at the end of compilation. - * Configurations/FeatureDefines.xcconfig: + The client code of initializeLazy* is now responsible for creating the WriteBarrier that will be initialized as well as passing + in the relevant index to be used at the end of compilation. Things were kind of muddled before in that one function did a + little extra work that really shouldn't have been its responsibility. -2012-05-15 Lucas Forschler + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::addConstant): + (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): + * dfg/DFGDesiredWriteBarriers.cpp: + (JSC::DFG::DesiredWriteBarrier::DesiredWriteBarrier): + (JSC::DFG::DesiredWriteBarrier::trigger): + * dfg/DFGDesiredWriteBarriers.h: + (JSC::DFG::DesiredWriteBarriers::add): + (JSC::DFG::initializeLazyWriteBarrierForInlineCallFrameExecutable): + (JSC::DFG::initializeLazyWriteBarrierForInlineCallFrameCallee): + (JSC::DFG::initializeLazyWriteBarrierForConstant): + * dfg/DFGFixupPhase.cpp: + (JSC::DFG::FixupPhase::truncateConstantToInt32): + * dfg/DFGGraph.h: + (JSC::DFG::Graph::constantRegisterForConstant): - Merge 116356 +2013-08-20 Michael Saboff - 2012-05-07 Eric Seidel + https://bugs.webkit.org/show_bug.cgi?id=120075 + REGRESSION (r128400): BBC4 website not displaying pictures - Add ENABLE_IFRAME_SEAMLESS so Apple can turn off SEAMLESS if needed - https://bugs.webkit.org/show_bug.cgi?id=85822 + Reviewed by Oliver Hunt. - Reviewed by Adam Barth. + * runtime/RegExpMatchesArray.h: + (JSC::RegExpMatchesArray::createStructure): Changed the array IndexingType to be ArrayWithSlowPutArrayStorage + so that the match results will be reified before any other modification to the results array. - * Configurations/FeatureDefines.xcconfig: +2013-08-19 Filip Pizlo -2012-05-04 Filip Pizlo + Incorrect behavior on emscripten-compiled cube2hash + https://bugs.webkit.org/show_bug.cgi?id=120033 - DFG should not Flush GetLocal's - https://bugs.webkit.org/show_bug.cgi?id=85663 - + Reviewed by Mark Hahnenberg. + + If PutClosureVar is may-aliased to another PutClosureVar or GetClosureVar + then we should bail attempts to CSE. - Reviewed by Oliver Hunt. + * dfg/DFGCSEPhase.cpp: + (JSC::DFG::CSEPhase::scopedVarLoadElimination): + (JSC::DFG::CSEPhase::scopedVarStoreElimination): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::flushArgument): - (JSC::DFG::ByteCodeParser::handleCall): +2013-08-20 Gavin Barraclough -2012-05-04 Allan Sandfeld Jensen + https://bugs.webkit.org/show_bug.cgi?id=120073 + Remove use of GOPD from JSFunction::defineProperty - Doesn't build with ENABLE_JIT=0 - https://bugs.webkit.org/show_bug.cgi?id=85042 + Reviewed by Oliver Hunt. - Reviewed by Gavin Barraclough. + Call getOwnPropertySlot to check for existing properties instead. - * bytecode/Operands.h: + * runtime/JSFunction.cpp: + (JSC::JSFunction::defineOwnProperty): + - getOwnPropertyDescriptor -> getOwnPropertySlot -2012-05-03 Oliver Hunt +2013-08-20 Gavin Barraclough - Regression(r114702): Clobbering the caller frame register before we've stored it. - https://bugs.webkit.org/show_bug.cgi?id=85564 + https://bugs.webkit.org/show_bug.cgi?id=120067 + Remove getPropertyDescriptor - Reviewed by Filip Pizlo. + Reviewed by Oliver Hunt. - Don't use t0 as a temporary, when we're about to use the value in t0. + This is used by lookupGetter/lookupSetter - this can easily bee replaced by getPropertySlot. + Since we'll be getting the GetterSetter from the slot in the setter case, rename isGetter() to isAccessor(). - * llint/LowLevelInterpreter32_64.asm: + * runtime/JSObject.cpp: + * runtime/JSObject.h: + - remove getPropertyDescriptor + * runtime/ObjectPrototype.cpp: + (JSC::objectProtoFuncLookupGetter): + (JSC::objectProtoFuncLookupSetter): + - replace call to getPropertyDescriptor with getPropertySlot + * runtime/PropertyDescriptor.h: + * runtime/PropertySlot.h: + (JSC::PropertySlot::isAccessor): + (JSC::PropertySlot::isCacheableGetter): + (JSC::PropertySlot::getterSetter): + - rename isGetter() to isAccessor() -2012-05-03 Mark Hahnenberg +2013-08-20 Gavin Barraclough - Removing remainder of accidental printfs. + https://bugs.webkit.org/show_bug.cgi?id=120054 + Remove some dead code following getOwnPropertyDescriptor cleanup - * heap/Heap.cpp: - (JSC::Heap::collect): + Reviewed by Oliver Hunt. -2012-05-03 Andy Estes + * runtime/Lookup.h: + (JSC::getStaticFunctionSlot): + - remove getStaticPropertyDescriptor, getStaticFunctionDescriptor, getStaticValueDescriptor. - If you add printf()s to your garbage collector, the layout tests are gonna have a bad time. +2013-08-20 Gavin Barraclough - * runtime/GCActivityCallbackCF.cpp: - (JSC::DefaultGCActivityCallbackPlatformData::timerDidFire): + https://bugs.webkit.org/show_bug.cgi?id=120052 + Remove custom getOwnPropertyDescriptor for JSProxy -2012-05-03 Mark Hahnenberg + Reviewed by Geoff Garen. - Heap::reportAbandonedObjectGraph should not hasten an allocation-triggered collection - https://bugs.webkit.org/show_bug.cgi?id=85543 + GET_OWN_PROPERTY_DESCRIPTOR_IMPL runs afoul with JSProxy due to the workaround for JSDOMWindow's broken behavior. + Because the window object incorrectly searches the prototype chain in getOwnPropertySlot we check that the base + object matches, but in the case of JSProxy we can end up comparing the window object to the window shell & falsely + assuming this is a prototype property. Add toThis conversion to correctly identify proxied own access. I've kept + the original slotBase check as a fast case, and also so that direct access on JSDOMWindow still works. - Reviewed by Filip Pizlo. + * runtime/JSProxy.cpp: + - Remove custom getOwnPropertyDescriptor implementation. + * runtime/PropertyDescriptor.h: + - Modify own property access check to perform toThis conversion. - Currently reportAbandonedObjectGraph causes the Heap to think it is closer to its - allocation limit for the current cycle, thus hastening an allocation-triggered collection. - In reality, it should just affect the opportunistic GC timer. We should track the bytes - we think have been abandoned and the bytes that have been allocated separately. +2013-08-20 Alex Christensen - * heap/Heap.cpp: Added a new field m_abandonedBytes to Heap to keep track of how much - we think we've abandoned. - (JSC::Heap::Heap): - (JSC::Heap::reportAbandonedObjectGraph): - (JSC): - (JSC::Heap::didAbandon): Added this function for reportAbandonedObjectGraph to call - rather than didAllocate. Works the same as didAllocate, but modifies bytes abandoned rather - than bytes allocated. Also notifies the timer, summing the two values together. - (JSC::Heap::collect): - (JSC::Heap::didAllocate): Now adds the bytes allocated and bytes abandoned when reporting - to GCActivityCallback. - * heap/Heap.h: - (Heap): + Use PlatformArchitecture to distinguish between 32-bit and 64-bit builds on Windows. + https://bugs.webkit.org/show_bug.cgi?id=119512 -2012-05-02 Eric Seidel + Reviewed by Brent Fulgham. - Sort ENABLE_ defines in FeatureDefines.xcconfig files to make them easier to compare with one another (and easier to autogenerate) - https://bugs.webkit.org/show_bug.cgi?id=85433 + * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: + * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: + * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props: + * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/LLIntAssembly.vcxproj: + * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/LLIntDesiredOffsets.vcxproj: + * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcxproj: + * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorCommon.props: + Replaced obj32, bin32, and lib32 with macros for 64-bit build. - Reviewed by Adam Barth. +2013-08-20 Julien Brianceau - I have a script which can autogenerate these xcconfig files as well as the - vsprops files (and soon the Chromium, cmake, gnumake and qmake) feature lists - from a central feature list file. - In preparation for posting such a tool, I'm re-sorting these xcconfig files to be - alphabetically ordered (currently they're close, but not quite). - There is also at least one inconsistency between these files (CSS_LEGACY_PREFIXES) which - I will fix in a second pass. I will also sort the FEATURE_DEFINES = line in a follow-up patch. + Missing ensureSpace call in sh4 baseline JIT. - * Configurations/FeatureDefines.xcconfig: + Reviewed by Allan Sandfeld Jensen. -2012-05-02 Hojong Han + branchPtrWithPatch() of baseline JIT must ensure that space is available for its + instructions and two constants now DFG is enabled for sh4 architecture. + These missing ensureSpace calls lead to random crashes. - ARM_TRADITIONAL build fix - https://bugs.webkit.org/show_bug.cgi?id=85358 + * assembler/MacroAssemblerSH4.h: + (JSC::MacroAssemblerSH4::branchPtrWithPatch): - Reviewed by Gavin Barraclough. +2013-08-19 Gavin Barraclough - * assembler/MacroAssemblerARM.h: - (JSC::MacroAssemblerARM::lshift32): - (MacroAssemblerARM): - (JSC::MacroAssemblerARM::or32): - (JSC::MacroAssemblerARM::urshift32): - (JSC::MacroAssemblerARM::xor32): - (JSC::MacroAssemblerARM::branchSub32): + https://bugs.webkit.org/show_bug.cgi?id=120034 + Remove custom getOwnPropertyDescriptor for global objects -2012-05-02 Mark Hahnenberg + Reviewed by Geoff Garen. - Opportunistic GC should give up if the Heap is paged out - https://bugs.webkit.org/show_bug.cgi?id=85411 + Fix attributes of JSC SynbolTableObject entries, ensure that cross frame access is safe, and suppress prototype chain walk. - Reviewed by Filip Pizlo. + * runtime/JSGlobalObject.cpp: + - Remove custom getOwnPropertyDescriptor implementation. + * runtime/JSSymbolTableObject.h: + (JSC::symbolTableGet): + - The symbol table does not store the DontDelete attribute, we should be adding it back in. + * runtime/PropertyDescriptor.h: + - JSDOMWindow walks the prototype chain on own access. This is bad, but for now workaround for the getOwnPropertyDescriptor case. + * runtime/PropertySlot.h: + (JSC::PropertySlot::setUndefined): + - This is used by WebCore when blocking access to properties on cross-frame access. + Mark blocked properties as read-only, non-configurable to prevent defineProperty. - Opportunistic GC is punishing us severely in limited memory situations because its - assumptions about how much time a collection will take are way out of whack when the Heap - has been paged out by the OS. We should add a simple detection function to the Heap that - detects if its is paged out. It will do this by iterating each block of both the MarkedSpace - and CopiedSpace. If that operation takes longer than a fixed amount of time (e.g. 100ms), - the function returns true. This function will only be run prior to an opportunistic - collection (i.e. it will not run during our normal allocation-triggered collections). +2013-08-17 Filip Pizlo - In my tests, steady state was drastically improved in high memory pressure situations (i.e. - the browser was still usable, significant reduction in SPODs). Occasionally, a normal GC - would be triggered due to pages doing things in the background, which would cause a - significant pause. As we close pages we now cause normal collections rather than full - collections, which prevents us from collecting all of the dead memory immediately. One - nice way to deal with this issue might be to do incremental sweeping. + DFG should inline typedArray.byteOffset + https://bugs.webkit.org/show_bug.cgi?id=119962 + Reviewed by Oliver Hunt. + + This adds a new node, GetTypedArrayByteOffset, which inlines + typedArray.byteOffset. + + Also, I improved a bunch of the clobbering logic related to typed arrays + and clobbering in general. For example, PutByOffset/PutStructure are not + clobber-world so they can be handled by most default cases in CSE. Also, + It's better to use the 'Class_field' notation for typed arrays now that + they no longer involve magical descriptor thingies. - * heap/CopiedSpace.cpp: - (JSC::isBlockListPagedOut): Helper function to reduce code duplication when iterating over - to-space, from-space, and the oversize blocks. - (JSC): - (JSC::CopiedSpace::isPagedOut): Tries to determine whether or not CopiedSpace is paged out - by iterating all of the blocks. - * heap/CopiedSpace.h: - (CopiedSpace): - * heap/Heap.cpp: - (JSC::Heap::isPagedOut): Tries to determine whether the Heap is paged out by asking the - MarkedSpace and CopiedSpace if they are paged out. - (JSC): - * heap/Heap.h: - (Heap): - (JSC::Heap::increaseLastGCLength): Added this so that the GC timer can linearly back off - each time it determines that the Heap is paged out. - * heap/MarkedAllocator.cpp: - (JSC::MarkedAllocator::isPagedOut): Tries to determine if this particular MarkedAllocator's - list of blocks are paged out. - (JSC): - * heap/MarkedAllocator.h: - (MarkedAllocator): - * heap/MarkedSpace.cpp: - (JSC::MarkedSpace::isPagedOut): For each MarkedAllocator, check to see if they're paged out. - * heap/MarkedSpace.h: - (MarkedSpace): - * runtime/GCActivityCallback.cpp: - (JSC::DefaultGCActivityCallback::cancel): - (JSC): - * runtime/GCActivityCallback.h: - (JSC::GCActivityCallback::cancel): - (DefaultGCActivityCallback): - * runtime/GCActivityCallbackCF.cpp: Added a constant of 100ms for the timeout in determining - whether the Heap is paged out or not. - (JSC): - (JSC::DefaultGCActivityCallbackPlatformData::timerDidFire): Added the check to see if we - should attempt a collection based on whether or not we can iterate the blocks of the Heap in - 100ms. If we can't, we cancel the timer and tell the Heap we just wasted 100ms more trying to - do a collection. This gives us a nice linear backoff so we're not constantly re-trying in - steady state paged-out-ness. - (JSC::DefaultGCActivityCallback::cancel): Added this function which, while currently doing - exactly the same thing as willCollect, is more obvious as to what it's doing when we call it - in timerDidFire. + * bytecode/SpeculatedType.h: + * dfg/DFGAbstractHeap.h: + * dfg/DFGAbstractInterpreterInlines.h: + (JSC::DFG::::executeEffects): + * dfg/DFGArrayMode.h: + (JSC::DFG::neverNeedsStorage): + * dfg/DFGCSEPhase.cpp: + (JSC::DFG::CSEPhase::getByValLoadElimination): + (JSC::DFG::CSEPhase::getByOffsetLoadElimination): + (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination): + (JSC::DFG::CSEPhase::checkArrayElimination): + (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination): + (JSC::DFG::CSEPhase::getTypedArrayByteOffsetLoadElimination): + (JSC::DFG::CSEPhase::performNodeCSE): + * dfg/DFGClobberize.h: + (JSC::DFG::clobberize): + * dfg/DFGFixupPhase.cpp: + (JSC::DFG::FixupPhase::fixupNode): + (JSC::DFG::FixupPhase::attemptToMakeGetTypedArrayByteLength): + (JSC::DFG::FixupPhase::convertToGetArrayLength): + (JSC::DFG::FixupPhase::attemptToMakeGetTypedArrayByteOffset): + * dfg/DFGNodeType.h: + * dfg/DFGPredictionPropagationPhase.cpp: + (JSC::DFG::PredictionPropagationPhase::propagate): + * dfg/DFGSafeToExecute.h: + (JSC::DFG::safeToExecute): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::compileGetTypedArrayByteOffset): + * dfg/DFGSpeculativeJIT.h: + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGTypeCheckHoistingPhase.cpp: + (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantStructureChecks): + * runtime/ArrayBuffer.h: + (JSC::ArrayBuffer::offsetOfData): + * runtime/Butterfly.h: + (JSC::Butterfly::offsetOfArrayBuffer): + * runtime/IndexingHeader.h: + (JSC::IndexingHeader::offsetOfArrayBuffer): -2012-05-02 Yong Li +2013-08-18 Filip Pizlo - Fix GCC X86 build error - https://bugs.webkit.org/show_bug.cgi?id=85379 + DFG new Array() inlining could get confused about global objects - Reviewed by Rob Buis. + Reviewed by Geoffrey Garen. - Always explicitly claim ".text" to make sure - functions defined with inline assembly will be - created in the correct section. + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::handleConstantInternalFunction): - * dfg/DFGOperations.cpp: - (JSC): +2013-08-18 Gavin Barraclough -2012-05-02 Oliver Hunt + https://bugs.webkit.org/show_bug.cgi?id=119995 + Start removing custom implementations of getOwnPropertyDescriptor - Unreviewed, rolling out r115388. - http://trac.webkit.org/changeset/115388 - https://bugs.webkit.org/show_bug.cgi?id=85011 + Reviewed by Oliver Hunt. - This caused many weird performance problems, and needs to be - landed in pieces. + This can now typically implemented in terms of getOwnPropertySlot. + Add a macro to PropertyDescriptor to define an implementation of GOPD in terms of GOPS. + Switch over most classes in JSC & the WebCore bindings generator to use this. - * dfg/DFGOperations.cpp: - * heap/Heap.cpp: - (JSC::Heap::getConservativeRegisterRoots): - (JSC::Heap::markRoots): - * interpreter/CallFrame.cpp: - (JSC::CallFrame::dumpCaller): - (JSC): - * interpreter/CallFrame.h: - (JSC::ExecState::init): - (ExecState): - * interpreter/Interpreter.cpp: - (JSC::Interpreter::execute): - (JSC::Interpreter::executeCall): - (JSC::Interpreter::executeConstruct): - (JSC::Interpreter::prepareForRepeatCall): - (JSC::Interpreter::privateExecute): - * interpreter/Interpreter.h: - (JSC::Interpreter::execute): - * interpreter/RegisterFile.cpp: - (JSC::RegisterFile::growSlowCase): - (JSC::RegisterFile::gatherConservativeRoots): - * interpreter/RegisterFile.h: - (JSC::RegisterFile::end): - (JSC::RegisterFile::size): - (JSC::RegisterFile::addressOfEnd): - (RegisterFile): - (JSC::RegisterFile::RegisterFile): - (JSC::RegisterFile::shrink): - (JSC::RegisterFile::grow): - * jit/JITStubs.cpp: - (JSC::DEFINE_STUB_FUNCTION): - (JSC::jitCompileFor): - (JSC::lazyLinkFor): - * llint/LLIntSlowPaths.cpp: - (JSC::LLInt::LLINT_SLOW_PATH_DECL): - (JSC::LLInt::handleHostCall): - * llint/LowLevelInterpreter.asm: - * runtime/CommonSlowPaths.h: - (JSC::CommonSlowPaths::arityCheckFor): + * API/JSCallbackObjectFunctions.h: + * debugger/DebuggerActivation.cpp: + * runtime/Arguments.cpp: + * runtime/ArrayConstructor.cpp: + * runtime/ArrayPrototype.cpp: + * runtime/BooleanPrototype.cpp: + * runtime/DateConstructor.cpp: + * runtime/DatePrototype.cpp: + * runtime/ErrorPrototype.cpp: + * runtime/JSActivation.cpp: + * runtime/JSArray.cpp: + * runtime/JSArrayBuffer.cpp: + * runtime/JSArrayBufferView.cpp: + * runtime/JSCell.cpp: + * runtime/JSDataView.cpp: + * runtime/JSDataViewPrototype.cpp: + * runtime/JSFunction.cpp: + * runtime/JSGenericTypedArrayViewInlines.h: + * runtime/JSNotAnObject.cpp: + * runtime/JSONObject.cpp: + * runtime/JSObject.cpp: + * runtime/NamePrototype.cpp: + * runtime/NumberConstructor.cpp: + * runtime/NumberPrototype.cpp: + * runtime/ObjectConstructor.cpp: + - Implement getOwnPropertySlot in terms of GET_OWN_PROPERTY_DESCRIPTOR_IMPL. + * runtime/PropertyDescriptor.h: + - Added GET_OWN_PROPERTY_DESCRIPTOR_IMPL macro. + * runtime/PropertySlot.h: + (JSC::PropertySlot::isValue): + (JSC::PropertySlot::isGetter): + (JSC::PropertySlot::isCustom): + (JSC::PropertySlot::isCacheableValue): + (JSC::PropertySlot::isCacheableGetter): + (JSC::PropertySlot::isCacheableCustom): + (JSC::PropertySlot::attributes): + (JSC::PropertySlot::getterSetter): + - Add accessors necessary to convert PropertySlot to descriptor. + * runtime/RegExpConstructor.cpp: + * runtime/RegExpMatchesArray.cpp: + * runtime/RegExpMatchesArray.h: + * runtime/RegExpObject.cpp: + * runtime/RegExpPrototype.cpp: + * runtime/StringConstructor.cpp: + * runtime/StringObject.cpp: + - Implement getOwnPropertySlot in terms of GET_OWN_PROPERTY_DESCRIPTOR_IMPL. -2012-05-01 Oliver Hunt +2013-08-19 Michael Saboff - Physijs demo crashes due to DFG not updating topCallFrame correctly. - https://bugs.webkit.org/show_bug.cgi?id=85311 + https://bugs.webkit.org/show_bug.cgi?id=120015 DFG 32Bit: Crash loading "Classic" site @ translate.google.com - Reviewed by Filip Pizlo. + Reviewed by Sam Weinig. - A few of the dfg operations failed to correctly set the topCallFrame, - and so everything goes wrong. This patch corrects the effected operations, - and makes debug builds poison topCallFrame before calling a dfg operation. + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::fillSpeculateCell): Added checks for spillFormat being + DataFormatInteger or DataFormatDouble similar to what is in the 64 bit code and in + all versions of fillSpeculateBoolean(). - * dfg/DFGOperations.cpp: - (JSC::DFG::putByVal): - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::callOperation): - (SpeculativeJIT): - (JSC::DFG::SpeculativeJIT::prepareForExternalCall): - (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck): - (JSC::DFG::SpeculativeJIT::appendCallSetResult): +2013-08-19 Michael Saboff -2012-04-30 Gavin Barraclough + https://bugs.webkit.org/show_bug.cgi?id=120020 Change Set 154207 causes wrong register to be used for 32 bit tests - Should be able to use YARR JIT without the JS language JIT - https://bugs.webkit.org/show_bug.cgi?id=85252 + Reviewed by Benjamin Poulain. - Reviewed by Geoff Garen. + Change branshTest32 to only use the byte for 8 bit test on the lower 4 registers. + Registers 4 through 7 as byte regisers are ah, ch, dh and bh instead of sp, bp, si and di. - Need to split canUseRegExpJIT out of canUseJIT. + * assembler/MacroAssemblerX86Common.h: + (JSC::MacroAssemblerX86Common::branchTest32): - * runtime/JSGlobalData.cpp: - (JSC): - (JSC::useJIT): - (JSC::JSGlobalData::JSGlobalData): - - replace m_canUseJIT with m_canUseAssembler - * runtime/JSGlobalData.h: - (JSGlobalData): - (JSC::JSGlobalData::canUseRegExpJIT): - - Added canUseRegExpJIT, distinct from canUseJIT. - * runtime/RegExp.cpp: - (JSC::RegExp::compile): - (JSC::RegExp::compileMatchOnly): - - Call canUseRegExpJIT instead of canUseJIT. +2013-08-16 Oliver Hunt -2012-04-30 Gavin Barraclough + Crash during exception unwinding - Should be able to build YARR JIT without the JS language JIT - https://bugs.webkit.org/show_bug.cgi?id=85242 + Reviewed by Filip Pizlo. - Reviewed by Michael Saboff. + Add an "Unreachable" NodeType, and then rearrange op_throw and op_throw_reference_error + to plant Throw or ThrowReferenceError followed by a flush and then the Unreachable node. - Some build macros are wrong. + We need this so that Throw and ThrowReferenceError no longer need to be treated as + terminals and the subsequent flush keeps the activation (and other registers) live. - * assembler/RepatchBuffer.h: - * jit/ExecutableAllocator.h: - (JSC): - * jit/JITExceptions.cpp: - * runtime/InitializeThreading.cpp: - (JSC::initializeThreadingOnce): + * dfg/DFGAbstractInterpreterInlines.h: + (JSC::DFG::::executeEffects): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::parseBlock): + * dfg/DFGClobberize.h: + (JSC::DFG::clobberize): + * dfg/DFGFixupPhase.cpp: + (JSC::DFG::FixupPhase::fixupNode): + * dfg/DFGNode.h: + (JSC::DFG::Node::isTerminal): + * dfg/DFGNodeType.h: + * dfg/DFGPredictionPropagationPhase.cpp: + (JSC::DFG::PredictionPropagationPhase::propagate): + * dfg/DFGSafeToExecute.h: + (JSC::DFG::safeToExecute): + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): -2012-04-26 Gavin Barraclough +2013-08-19 Víctor Manuel Jáquez Leal - Arguments object resets attributes on redefinition of a parameter - https://bugs.webkit.org/show_bug.cgi?id=84994 + [GTK][ARM] javascriptcore compilation is broken - Rubber stamped by Oliver Hunt. + Reviewed by Oliver Hunt. - There is a bug that we always re-add the original property before - redefinition, doing so in a way that will reset the attributes - without checking configurability. + Guard the compilation of these files only if DFG_JIT is enabled. - * runtime/Arguments.cpp: - (JSC::Arguments::defineOwnProperty): - - Only instantiate the property once - do not re-add if - it has already been added, or if it has been deleted. + * dfg/DFGDesiredTransitions.cpp: + * dfg/DFGDesiredTransitions.h: + * dfg/DFGDesiredWeakReferences.cpp: + * dfg/DFGDesiredWeakReferences.h: + * dfg/DFGDesiredWriteBarriers.cpp: + * dfg/DFGDesiredWriteBarriers.h: -2012-04-30 Ryosuke Niwa +2013-08-17 Filip Pizlo - Remove an erroneous assertion after r115655. + REGRESSION(r154218): DFG::FixupPhase no longer turns GetById's child1 into CellUse + https://bugs.webkit.org/show_bug.cgi?id=119961 - * runtime/NumberPrototype.cpp: - (JSC::toUStringWithRadix): + Reviewed by Mark Hahnenberg. -2012-04-30 Myles Maxfield + * dfg/DFGFixupPhase.cpp: + (JSC::DFG::FixupPhase::fixupNode): - End of Interpreter::tryCacheGetByID can trigger the garbage collector - https://bugs.webkit.org/show_bug.cgi?id=84927 +2013-08-18 Gavin Barraclough - Reviewed by Oliver Hunt. + https://bugs.webkit.org/show_bug.cgi?id=119972 + Add attributes field to PropertySlot - * interpreter/Interpreter.cpp: - (JSC::Interpreter::tryCacheGetByID): + Reviewed by Geoff Garen. -2012-04-30 Benjamin Poulain + For all JSC types, this makes getOwnPropertyDescriptor redundant. + There will be a bit more hacking required in WebCore to remove GOPD whilst maintaining current behaviour. + (Current behaviour is in many ways broken, particularly in that GOPD & GOPS are inconsistent, but we should fix incrementally). - jsSingleCharacterString and jsSingleCharacterSubstring are not inlined - https://bugs.webkit.org/show_bug.cgi?id=85147 + No performance impact. - Reviewed by Darin Adler. + * runtime/PropertySlot.h: + (JSC::PropertySlot::setValue): + (JSC::PropertySlot::setCustom): + (JSC::PropertySlot::setCacheableCustom): + (JSC::PropertySlot::setCustomIndex): + (JSC::PropertySlot::setGetterSlot): + (JSC::PropertySlot::setCacheableGetterSlot): + - These mathods now all require 'attributes'. + * runtime/JSObject.h: + (JSC::JSObject::getDirect): + (JSC::JSObject::getDirectOffset): + (JSC::JSObject::inlineGetOwnPropertySlot): + - Added variants of getDirect, getDirectOffset that return the attributes. + * API/JSCallbackObjectFunctions.h: + (JSC::::getOwnPropertySlot): + * runtime/Arguments.cpp: + (JSC::Arguments::getOwnPropertySlotByIndex): + (JSC::Arguments::getOwnPropertySlot): + * runtime/JSActivation.cpp: + (JSC::JSActivation::symbolTableGet): + (JSC::JSActivation::getOwnPropertySlot): + * runtime/JSArray.cpp: + (JSC::JSArray::getOwnPropertySlot): + * runtime/JSArrayBuffer.cpp: + (JSC::JSArrayBuffer::getOwnPropertySlot): + * runtime/JSArrayBufferView.cpp: + (JSC::JSArrayBufferView::getOwnPropertySlot): + * runtime/JSDataView.cpp: + (JSC::JSDataView::getOwnPropertySlot): + * runtime/JSFunction.cpp: + (JSC::JSFunction::getOwnPropertySlot): + * runtime/JSGenericTypedArrayViewInlines.h: + (JSC::::getOwnPropertySlot): + (JSC::::getOwnPropertySlotByIndex): + * runtime/JSObject.cpp: + (JSC::JSObject::getOwnPropertySlotByIndex): + (JSC::JSObject::fillGetterPropertySlot): + * runtime/JSString.h: + (JSC::JSString::getStringPropertySlot): + * runtime/JSSymbolTableObject.h: + (JSC::symbolTableGet): + * runtime/Lookup.cpp: + (JSC::setUpStaticFunctionSlot): + * runtime/Lookup.h: + (JSC::getStaticPropertySlot): + (JSC::getStaticPropertyDescriptor): + (JSC::getStaticValueSlot): + (JSC::getStaticValueDescriptor): + * runtime/RegExpObject.cpp: + (JSC::RegExpObject::getOwnPropertySlot): + * runtime/SparseArrayValueMap.cpp: + (JSC::SparseArrayEntry::get): + - Pass attributes to PropertySlot::set* methods. - The functions jsSingleCharacterString() and jsSingleCharacterSubstring() were not inlined - by the compiler. This annihilate the gains of using SmallStrings. +2013-08-17 Mark Hahnenberg - On stringProtoFuncCharAt(), this patch improves the performance by 11%. + Concurrent JIT crashes in various fast/js/dfg-* tests while the main thread is setting innerHTML - * runtime/JSString.h: - (JSC::jsSingleCharacterString): - (JSC::jsSingleCharacterSubstring): + Reviewed by Filip Pizlo. -2012-04-30 Benjamin Poulain + Added a new mode for DesiredWriteBarrier that allows it to track a position in a + Vector of WriteBarriers rather than the specific address. The fact that we were + arbitrarily storing into a Vector's backing store for constants at the end of + compilation after the Vector could have resized was causing crashes. - Add fast patch for radix == 10 on numberProtoFuncToString - https://bugs.webkit.org/show_bug.cgi?id=85120 + * bytecode/CodeBlock.h: + (JSC::CodeBlock::constants): + (JSC::CodeBlock::addConstantLazily): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::addConstant): + * dfg/DFGDesiredWriteBarriers.cpp: + (JSC::DFG::DesiredWriteBarrier::DesiredWriteBarrier): + (JSC::DFG::DesiredWriteBarrier::trigger): + (JSC::DFG::initializeLazyWriteBarrierForConstant): + * dfg/DFGDesiredWriteBarriers.h: + (JSC::DFG::DesiredWriteBarriers::add): + * dfg/DFGFixupPhase.cpp: + (JSC::DFG::FixupPhase::truncateConstantToInt32): + * dfg/DFGGraph.h: + (JSC::DFG::Graph::constantRegisterForConstant): - Reviewed by Darin Adler. +2013-08-16 Filip Pizlo - When radix, we use to turn the doubleValue into a JSValue just to convert - it to a String. The problem is that was using the slow path for conversion and - for the toString() operation. + DFG should optimize typedArray.byteLength + https://bugs.webkit.org/show_bug.cgi?id=119909 - This patch shortcuts the creation of a JSValue and uses NumericStrings directly. - The conversion is split between Integer and Double to ensure the fastest conversion - for the common case of integer arguments. + Reviewed by Oliver Hunt. + + This adds typedArray.byteLength inlining to the DFG, and does so without changing + the IR: byteLength is turned into GetArrayLength followed by BitLShift. This is + legal since the byteLength of a typed array cannot exceed + numeric_limits::max(). - Converting number with radix 10 becomes 5% faster. + * bytecode/SpeculatedType.cpp: + (JSC::typedArrayTypeFromSpeculation): + * bytecode/SpeculatedType.h: + * dfg/DFGArrayMode.cpp: + (JSC::DFG::toArrayType): + * dfg/DFGArrayMode.h: + * dfg/DFGFixupPhase.cpp: + (JSC::DFG::FixupPhase::fixupNode): + (JSC::DFG::FixupPhase::attemptToMakeGetArrayLength): + (JSC::DFG::FixupPhase::attemptToMakeGetByteLength): + (JSC::DFG::FixupPhase::convertToGetArrayLength): + (JSC::DFG::FixupPhase::prependGetArrayLength): + * dfg/DFGGraph.h: + (JSC::DFG::Graph::constantRegisterForConstant): + (JSC::DFG::Graph::convertToConstant): + * runtime/TypedArrayType.h: + (JSC::logElementSize): + (JSC::elementSize): - Due to the simpler conversion of number to string for integer, converting - integers that do not fall in the two previous optimizations get 32% faster. +2013-08-16 Filip Pizlo - * runtime/NumberPrototype.cpp: - (JSC::extractRadixFromArgs): - (JSC::integerValueToString): - (JSC::numberProtoFuncToString): + DFG optimizes out strict mode arguments tear off + https://bugs.webkit.org/show_bug.cgi?id=119504 -2012-04-30 Carlos Garcia Campos + Reviewed by Mark Hahnenberg and Oliver Hunt. + + Don't do the optimization for strict mode. - Unreviewed. Fix make distcheck. + * dfg/DFGArgumentsSimplificationPhase.cpp: + (JSC::DFG::ArgumentsSimplificationPhase::run): + (JSC::DFG::ArgumentsSimplificationPhase::pruneObviousArgumentCreations): - * GNUmakefile.list.am: Add missing header. +2013-08-16 Benjamin Poulain -2012-04-28 Geoffrey Garen + [JSC] x86: improve code generation for xxxTest32 + https://bugs.webkit.org/show_bug.cgi?id=119876 - Factored threaded block allocation into a separate object - https://bugs.webkit.org/show_bug.cgi?id=85148 + Reviewed by Geoffrey Garen. - Reviewed by Sam Weinig. + Try to use testb whenever possible when testing for an immediate value. - 99% of this patch just moves duplicated block allocation and - deallocation code into a new object named BlockAllocator, with these - exceptions: + When the input is an address and an offset, we can tweak the mask + and offset to be able to generate testb for any byte of the mask. - * heap/BlockAllocator.h: Added. - (BlockAllocator::BlockAllocator): The order of declarations here now - guards us against an unlikely race condition during startup. + When the input is a register, we can use testb if we are only interested + in testing the low bits. - * heap/BlockAllocator.cpp: - JSC::BlockAllocator::blockFreeingThreadMain): Added a FIXME to - highlight a lack of clarity we have in our block deallocation routines. + * assembler/MacroAssemblerX86Common.h: + (JSC::MacroAssemblerX86Common::branchTest32): + (JSC::MacroAssemblerX86Common::test32): + (JSC::MacroAssemblerX86Common::generateTest32): -2012-04-28 Sam Weinig +2013-08-16 Mark Lam - Try to fix the Qt build. + Baseline JIT gives erroneous + error message that an object is not a constructor though it expects a function - * heap/Heap.cpp: - (JSC::Heap::lastChanceToFinalize): + Reviewed by Michael Saboff. -2012-04-28 Geoffrey Garen + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): - Try to fix the Windows build. +2013-08-16 Filip Pizlo - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: + Object properties added using dot syntax (o.f = ...) from code that isn't in eval should be less likely to cause an object to become a dictionary + https://bugs.webkit.org/show_bug.cgi?id=119897 -2012-04-28 Geoffrey Garen + Reviewed by Oliver Hunt. + + 6-10x speed-up on microbenchmarks that create large static objects. 40-65% speed-up + on Octane/gbemu. 3% overall speed-up on Octane. No slow-downs anywhere; our ability + to turn objects into dictionaries when you're storing using bracket syntax or using + eval is still in place. - Clarified JSGlobalData (JavaScript VM) lifetime - https://bugs.webkit.org/show_bug.cgi?id=85142 + * bytecode/CodeBlock.h: + (JSC::CodeBlock::putByIdContext): + * dfg/DFGOperations.cpp: + * jit/JITStubs.cpp: + (JSC::DEFINE_STUB_FUNCTION): + * llint/LLIntSlowPaths.cpp: + (JSC::LLInt::LLINT_SLOW_PATH_DECL): + * runtime/JSObject.h: + (JSC::JSObject::putDirectInternal): + * runtime/PutPropertySlot.h: + (JSC::PutPropertySlot::PutPropertySlot): + (JSC::PutPropertySlot::context): + * runtime/Structure.cpp: + (JSC::Structure::addPropertyTransition): + * runtime/Structure.h: - Reviewed by Anders Carlsson. +2013-08-16 Balazs Kilvady - This was so confusing that I didn't feel like I could reason about - memory lifetime in the heap without fixing it. + REGRESSION(FTL): Fix register usage in mips implementation of ctiVMHandleException - The rules are: + Reviewed by Allan Sandfeld Jensen. - (1) JSGlobalData owns the virtual machine and all memory in it. + ctiVMHandleException must jump/return using register ra (r31). - (2) Deleting a JSGlobalData frees the virtual machine and all memory - in it. + * jit/JITStubsMIPS.h: - (Caveat emptor: if you delete the virtual machine while you're running - JIT code or accessing GC objects, you're gonna have a bad time.) +2013-08-16 Julien Brianceau - (I opted not to make arbitrary sub-objects keep the virtual machine - alive automatically because: + Fix sh4 build after r154156. - (a) doing that right would be complex and slow; + Reviewed by Allan Sandfeld Jensen. - (b) in the case of an exiting thread or process, there's no - clear way to give the garbage collector a chance to try again - later; + Fix typo in JITStubsSH4.h file. - (c) continuing to run the garbage collector after we've been - asked to shut down the virtual machine seems rude; + * jit/JITStubsSH4.h: - (d) we've never really supported that feature, anyway.) +2013-08-15 Mark Hahnenberg - (3) Normal ref-counting will do. No need to call a battery of - specialty functions to tear down a JSGlobalData. Its foibles - notwithstanding, C++ does in fact know how to execute destructors in - order. + Concurrent compilation thread should not trigger WriteBarriers - * API/JSContextRef.cpp: - (JSGlobalContextCreate): Removed compatibility shim for older - operating systems because it's no longer used. + Reviewed by Oliver Hunt. - (JSGlobalContextRelease): Now that we can rely on JSGlobalData to "do - the right thing", this code is much simpler. We still have one special - case to notify the garbage collector if we're removing the last - reference to the global object, since this can improve memory behavior. + The concurrent compilation thread should interact minimally with the Heap, including not + triggering WriteBarriers. This is a prerequisite for generational GC. - * heap/CopiedSpace.cpp: - (JSC::CopiedSpace::freeAllBlocks): - * heap/CopiedSpace.h: - (CopiedSpace): Renamed "destroy" => "freeAllBlocks" because true - destruction-time behaviors should be limited to our C++ destructor. + * JavaScriptCore.xcodeproj/project.pbxproj: + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::addOrFindConstant): + (JSC::CodeBlock::findConstant): + * bytecode/CodeBlock.h: + (JSC::CodeBlock::addConstantLazily): + * dfg/DFGByteCodeParser.cpp: + (JSC::DFG::ByteCodeParser::getJSConstantForValue): + (JSC::DFG::ByteCodeParser::constantUndefined): + (JSC::DFG::ByteCodeParser::constantNull): + (JSC::DFG::ByteCodeParser::one): + (JSC::DFG::ByteCodeParser::constantNaN): + (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): + * dfg/DFGCommonData.cpp: + (JSC::DFG::CommonData::notifyCompilingStructureTransition): + * dfg/DFGCommonData.h: + * dfg/DFGDesiredTransitions.cpp: Added. + (JSC::DFG::DesiredTransition::DesiredTransition): + (JSC::DFG::DesiredTransition::reallyAdd): + (JSC::DFG::DesiredTransitions::DesiredTransitions): + (JSC::DFG::DesiredTransitions::~DesiredTransitions): + (JSC::DFG::DesiredTransitions::addLazily): + (JSC::DFG::DesiredTransitions::reallyAdd): + * dfg/DFGDesiredTransitions.h: Added. + * dfg/DFGDesiredWeakReferences.cpp: Added. + (JSC::DFG::DesiredWeakReferences::DesiredWeakReferences): + (JSC::DFG::DesiredWeakReferences::~DesiredWeakReferences): + (JSC::DFG::DesiredWeakReferences::addLazily): + (JSC::DFG::DesiredWeakReferences::reallyAdd): + * dfg/DFGDesiredWeakReferences.h: Added. + * dfg/DFGDesiredWriteBarriers.cpp: Added. + (JSC::DFG::DesiredWriteBarrier::DesiredWriteBarrier): + (JSC::DFG::DesiredWriteBarrier::trigger): + (JSC::DFG::DesiredWriteBarriers::DesiredWriteBarriers): + (JSC::DFG::DesiredWriteBarriers::~DesiredWriteBarriers): + (JSC::DFG::DesiredWriteBarriers::addImpl): + (JSC::DFG::DesiredWriteBarriers::trigger): + * dfg/DFGDesiredWriteBarriers.h: Added. + (JSC::DFG::DesiredWriteBarriers::add): + (JSC::DFG::initializeLazyWriteBarrier): + * dfg/DFGFixupPhase.cpp: + (JSC::DFG::FixupPhase::truncateConstantToInt32): + * dfg/DFGGraph.h: + (JSC::DFG::Graph::convertToConstant): + * dfg/DFGJITCompiler.h: + (JSC::DFG::JITCompiler::addWeakReference): + * dfg/DFGPlan.cpp: + (JSC::DFG::Plan::Plan): + (JSC::DFG::Plan::reallyAdd): + * dfg/DFGPlan.h: + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * runtime/WriteBarrier.h: + (JSC::WriteBarrierBase::set): + (JSC::WriteBarrier::WriteBarrier): - * heap/Heap.cpp: - (JSC::Heap::~Heap): - (JSC): - (JSC::Heap::lastChanceToFinalize): - * heap/Heap.h: - (Heap): - (JSC::Heap::heap): Renamed "destroy" => "lastChanceToFinalize" because - true destruction-time behaviors should be limited to our C++ - destructor. +2013-08-15 Benjamin Poulain - Reorganized the code, putting code that must run before any objects - get torn down into lastChanceToFinalize, and code that just tears down - objects into our destructor. + Fix x86 32bits build after r154158 - * heap/Local.h: - (JSC::LocalStack::LocalStack): - (JSC::LocalStack::push): - (LocalStack): See rule (2). + * assembler/X86Assembler.h: Add missing #ifdef for the x86_64 instructions. - * jsc.cpp: - (functionQuit): - (main): - (printUsageStatement): - (parseArguments): - (jscmain): - * testRegExp.cpp: - (main): - (printUsageStatement): - (parseArguments): - (realMain): See rule (3). +2013-08-15 Ryosuke Niwa - I removed the feature of ensuring orderly tear-down when calling quit() - or running in --help mode because it didn't seem very useful and - making it work with Windows structured exception handling and - NO_RETURN didn't seem like a fun way to spend a Saturday. + Build fix attempt after r154156. - * runtime/JSGlobalData.h: - * runtime/JSGlobalData.cpp: - (JSC::JSGlobalData::JSGlobalData): Moved heap to be the first data - member in JSGlobalData to ensure that it's destructed last, so other - objects that reference it destruct without crashing. This allowed me - to remove clearBuiltinStructures() altogether, and helped guarantee - rule (3). + * jit/JITStubs.cpp: + (JSC::cti_vm_handle_exception): encode! - (JSC::JSGlobalData::~JSGlobalData): Explicitly call - lastChanceToFinalize() at the head of our destructor to ensure that - all pending finalizers run while the virtual machine is still in a - valid state. Trying to resurrect (re-ref) the virtual machine at this - point is not valid, but all other operations are. +2013-08-15 Benjamin Poulain - Changed a null to a 0xbbadbeef to clarify just how bad this beef is. + [JSC] x86: Use inc and dec when possible + https://bugs.webkit.org/show_bug.cgi?id=119831 - * runtime/JSGlobalObject.cpp: - (JSC::JSGlobalObject::init): - * runtime/JSGlobalObject.h: - (JSGlobalObject): - (JSC::JSGlobalObject::globalData): See rule (3). + Reviewed by Geoffrey Garen. -2012-04-27 Geoffrey Garen + When incrementing or decrementing by an immediate of 1, use the insctructions + inc and dec instead of add and sub. + The instructions have good timing and their encoding is smaller. - Try to fix the Windows build. + * assembler/MacroAssemblerX86Common.h: + (JSC::MacroAssemblerX86_64::add32): + (JSC::MacroAssemblerX86_64::sub32): + * assembler/MacroAssemblerX86_64.h: + (JSC::MacroAssemblerX86_64::add64): + (JSC::MacroAssemblerX86_64::sub64): + * assembler/X86Assembler.h: + (JSC::X86Assembler::dec_r): + (JSC::X86Assembler::decq_r): + (JSC::X86Assembler::inc_r): + (JSC::X86Assembler::incq_r): - * heap/WeakBlock.h: - (WeakBlock): +2013-08-15 Filip Pizlo -2012-04-27 Geoffrey Garen + Sometimes, the DFG uses a GetById for typed array length accesses despite profiling data that indicates that it's a typed array length access + https://bugs.webkit.org/show_bug.cgi?id=119874 - Made WeakSet::allocate() static and removed its JSGlobalData argument - https://bugs.webkit.org/show_bug.cgi?id=85128 + Reviewed by Oliver Hunt and Mark Hahnenberg. + + It was a confusion between heuristics in DFG::ArrayMode that are assuming that + you'll use ForceExit if array profiles are empty, the JIT creating empty profiles + sometimes for typed array length accesses, and the FixupPhase assuming that a + ForceExit ArrayMode means that it should continue using a generic GetById. - Reviewed by Anders Carlsson. + This fixes the confusion. - This is a step toward faster finalization. + * dfg/DFGFixupPhase.cpp: + (JSC::DFG::FixupPhase::fixupNode): - WeakSet::allocate() now deduces which WeakSet to allocate from based on - its JSCell* argument. (Currently, there's only one WeakSet, but soon - there will be many.) +2013-08-15 Mark Lam - This was a global replace of "globalData.heap.weakSet()->allocate" with - "WeakSet::allocate", plus by-hand removal of the JSGlobalData argument. + Fix crash when performing activation tearoff. + https://bugs.webkit.org/show_bug.cgi?id=119848 - * heap/WeakSetInlines.h: Copied from Source/JavaScriptCore/heap/WeakSet.h. - - I had to split out WeakSet::allocate() in to a separate header to avoid - a cycle. - - (JSC::WeakSet::allocate): We can mask the pointer we're passed to - figure out where to allocate our WeakImpl. (Soon, we'll use this to - associate the WeakImpl with the GC block it references.) - -2012-04-27 Geoffrey Garen - - Stop using aligned allocation for WeakBlock - https://bugs.webkit.org/show_bug.cgi?id=85124 - - Reviewed by Anders Carlsson. - - We don't actually use the alignment for anything. - - * heap/WeakBlock.cpp: - (JSC::WeakBlock::create): - (JSC::WeakBlock::WeakBlock): Switched from aligned allocation to regular - allocation. + Reviewed by Oliver Hunt. - * heap/WeakBlock.h: - (WeakBlock): Don't use HeapBlock because HeapBlock requires aligned - allocation. This change required me to add some declarations that we used - to inherit from HeapBlock. + The activation tearoff crash was due to a bug in the baseline JIT. + If we have a scenario where the a baseline JIT frame calls a LLINT + frame, an exception may be thrown while in the LLINT. - (WeakBlock::blockFor): Removed. This function relied on aligned allocation - but didn't do anything for us. + Interpreter::throwException() which handles the exception will unwind + all frames until it finds a catcher or sees a host frame. When we + return from the LLINT to the baseline JIT code, the baseline JIT code + errorneously sets topCallFrame to the value in its call frame register, + and starts unwinding the stack frames that have already been unwound. - (WeakBlock::deallocate): Removed. WeakBlock doesn't own any of the deallocation - logic, so it shouldn't own the function. + The fix is: + 1. Rename ctiVMThrowTrampolineSlowpath to ctiVMHandleException. + This is a more accurate description of what this runtime function + is supposed to do i.e. it handles the exception which include doing + nothing (if there are no more frames to unwind). + 2. Fix up topCallFrame values so that the HostCallFrameFlag is never + set on it. + 3. Reloading the call frame register from topCallFrame when we're + returning from a callee and detect exception handling in progress. - * heap/WeakSet.cpp: - (JSC::WeakSet::~WeakSet): - (JSC::WeakSet::finalizeAll): - (JSC::WeakSet::visitLiveWeakImpls): - (JSC::WeakSet::visitDeadWeakImpls): - (JSC::WeakSet::sweep): - (JSC::WeakSet::shrink): - (JSC::WeakSet::resetAllocator): - (JSC::WeakSet::tryFindAllocator): - * heap/WeakSet.h: - (WeakSet): Updated declarations to reflect WeakBlock not inheriting from - HeapBlock. This allowed me to remove some casts, which was nice. + * interpreter/Interpreter.cpp: + (JSC::Interpreter::unwindCallFrame): + - Ensure that topCallFrame is not set with the HostCallFrameFlag. + (JSC::Interpreter::getStackTrace): + * interpreter/Interpreter.h: + (JSC::TopCallFrameSetter::TopCallFrameSetter): + (JSC::TopCallFrameSetter::~TopCallFrameSetter): + (JSC::NativeCallFrameTracer::NativeCallFrameTracer): + - Ensure that topCallFrame is not set with the HostCallFrameFlag. + * jit/JIT.h: + * jit/JITExceptions.cpp: + (JSC::uncaughtExceptionHandler): + - Convenience function to get the handler for uncaught exceptions. + * jit/JITExceptions.h: + * jit/JITInlines.h: + (JSC::JIT::reloadCallFrameFromTopCallFrame): + * jit/JITOpcodes32_64.cpp: + (JSC::JIT::privateCompileCTINativeCall): + - Rename ctiVMThrowTrampolineSlowpath to ctiVMHandleException. + * jit/JITStubs.cpp: + (JSC::throwExceptionFromOpCall): + - Ensure that topCallFrame is not set with the HostCallFrameFlag. + (JSC::cti_vm_handle_exception): + - Check for the case when there are no more frames to unwind. + * jit/JITStubs.h: + * jit/JITStubsARM.h: + * jit/JITStubsARMv7.h: + * jit/JITStubsMIPS.h: + * jit/JITStubsSH4.h: + * jit/JITStubsX86.h: + * jit/JITStubsX86_64.h: + - Rename ctiVMThrowTrampolineSlowpath to ctiVMHandleException. + * jit/SlowPathCall.h: + (JSC::JITSlowPathCall::call): + - reload cfr from topcallFrame when handling an exception. + - Rename ctiVMThrowTrampolineSlowpath to ctiVMHandleException. + * jit/ThunkGenerators.cpp: + (JSC::nativeForGenerator): + * llint/LowLevelInterpreter32_64.asm: + * llint/LowLevelInterpreter64.asm: + - reload cfr from topcallFrame when handling an exception. + * runtime/VM.cpp: + (JSC::VM::VM): + - Ensure that topCallFrame is not set with the HostCallFrameFlag. - (JSC::WeakSet::deallocate): Directly set the deallocated flag instead of - asking WeakBlock to do it for us. We don't need to have a WeakBlock - pointer to set the flag, so stop asking for one. +2013-08-15 Filip Pizlo -2012-04-27 Kentaro Hara + Remove some code duplication. + + Rubber stamped by Mark Hahnenberg. - [JSC] Implement a helper method createNotEnoughArgumentsError() - https://bugs.webkit.org/show_bug.cgi?id=85102 + * runtime/JSDataViewPrototype.cpp: + (JSC::getData): + (JSC::setData): - Reviewed by Geoffrey Garen. +2013-08-15 Julien Brianceau - In bug 84787, kbr@ requested to avoid hard-coding - createTypeError(exec, "Not enough arguments") here and there. - This patch implements createNotEnoughArgumentsError(exec) - and uses it in JSC bindings. + [DFG] isDouble() and isNumerical() should return true with KnownNumberUse UseKind. + https://bugs.webkit.org/show_bug.cgi?id=119794 - c.f. a corresponding bug for V8 bindings is bug 85097. + Reviewed by Filip Pizlo. - * runtime/Error.cpp: - (JSC::createNotEnoughArgumentsError): - (JSC): - * runtime/Error.h: - (JSC): + This patch fixes ASSERTs failures in debug builds for sh4 and mips architecture. -2012-04-27 Geoffrey Garen + * dfg/DFGUseKind.h: + (JSC::DFG::isNumerical): + (JSC::DFG::isDouble): - Only allow non-null pointers in the WeakSet - https://bugs.webkit.org/show_bug.cgi?id=85119 +2013-08-15 Filip Pizlo - Reviewed by Darin Adler. + http://trac.webkit.org/changeset/154120 accidentally changed DFGCapabilities to read the resolve type from operand 4, not 3; it should be 3. - This is a step toward more efficient finalization. + Rubber stamped by Oliver Hunt. + + This was causing some test crashes for me. - No clients put non-pointers (JSValues) into Weak and PassWeak. + * dfg/DFGCapabilities.cpp: + (JSC::DFG::capabilityLevel): - Some clients put null pointers into Weak and PassWeak, but this is - more efficient and straight-forward to model with a null in the Weak - or PassWeak instead of allocating a WeakImpl just to hold null. +2013-08-15 Brent Fulgham - * heap/PassWeak.h: - (JSC): Removed the Unknown (JSValue) type of weak pointer because it's - unused now. + [Windows] Clear up improper export declaration. - (PassWeak): Don't provide a default initializer for our JSCell* argument. - This feature was only used in one place, and it was a bug. + * runtime/ArrayBufferView.h: - (JSC::::get): Don't check for a null stored inside our WeakImpl: that's - not allowed anymore. +2013-08-15 Filip Pizlo - (JSC::PassWeak::PassWeak): Handle null as a null WeakImpl instead of - allocating a WeakImpl and storing null into it. + Unreviewed, remove some unnecessary periods from exceptions. - * heap/Weak.h: - (Weak): - (JSC::::Weak): Same changes as in PassWeak. + * runtime/JSDataViewPrototype.cpp: + (JSC::getData): + (JSC::setData): - * heap/WeakBlock.cpp: - (JSC::WeakBlock::visitLiveWeakImpls): - (JSC::WeakBlock::visitDeadWeakImpls): Only non-null cells are valid in - the WeakSet now, so no need to check for non-cells and null cell pointers. +2013-08-15 Filip Pizlo - * heap/WeakImpl.h: - (JSC::WeakImpl::WeakImpl): Only non-null cells are valid in the WeakSet - now, so ASSERT that. + Unreviewed, fix 32-bit build. -2012-04-27 Gavin Barraclough + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): - Math in JavaScript is inaccurate on iOS +2013-08-14 Filip Pizlo - By defalut IEEE754 denormal support is disabled on iOS; - turn it on. + Typed arrays should be rewritten + https://bugs.webkit.org/show_bug.cgi?id=119064 - Reviewed by Filip Pizlo. + Reviewed by Oliver Hunt. + + Typed arrays were previously deficient in several major ways: + + - They were defined separately in WebCore and in the jsc shell. The two + implementations were different, and the jsc shell one was basically wrong. + The WebCore one was quite awful, also. + + - Typed arrays were not visible to the JIT except through some weird hooks. + For example, the JIT could not ask "what is the Structure that this typed + array would have if I just allocated it from this global object". Also, + it was difficult to wire any of the typed array intrinsics, because most + of the functionality wasn't visible anywhere in JSC. + + - Typed array allocation was brain-dead. Allocating a typed array involved + two JS objects, two GC weak handles, and three malloc allocations. + + - Neutering. It involved keeping tabs on all native views but not the view + wrappers, even though the native views can autoneuter just by asking the + buffer if it was neutered anytime you touch them; while the JS view + wrappers are the ones that you really want to reach out to. + + - Common case-ing. Most typed arrays have one buffer and one view, and + usually nobody touches the buffer. Yet we created all of that stuff + anyway, using data structures optimized for the case where you had a lot + of views. + + - Semantic goofs. Typed arrays should, in the future, behave like ES + features rather than DOM features, for example when it comes to exceptions. + Firefox already does this and I agree with them. + + This patch cleanses our codebase of these sins: + + - Typed arrays are almost entirely defined in JSC. Only the lifecycle + management of native references to buffers is left to WebCore. + + - Allocating a typed array requires either two GC allocations (a cell and a + copied storage vector) or one GC allocation, a malloc allocation, and a + weak handle (a cell and a malloc'd storage vector, plus a finalizer for the + latter). The latter is only used for oversize arrays. Remember that before + it was 7 allocations no matter what. + + - Typed arrays require just 4 words of overhead: Structure*, Butterfly*, + mode/length, void* vector. Before it was a lot more than that - remember, + there were five additional objects that did absolutely nothing for anybody. + + - Native views aren't tracked by the buffer, or by the wrappers. They are + transient. In the future we'll probably switch to not even having them be + malloc'd. + + - Native array buffers have an efficient way of tracking all of their JS view + wrappers, both for neutering, and for lifecycle management. The GC + special-cases native array buffers. This saves a bunch of grief; for example + it means that a JS view wrapper can refer to its buffer via the butterfly, + which would be dead by the time we went to finalize. + + - Typed array semantics now match Firefox, which also happens to be where the + standards are going. The discussion on webkit-dev seemed to confirm that + Chrome is also heading in this direction. This includes making + Uint8ClampedArray not a subtype of Uint8Array, and getting rid of + ArrayBufferView as a JS-visible construct. + + This is up to a 10x speed-up on programs that allocate a lot of typed arrays. + It's a 1% speed-up on Octane. It also opens up a bunch of possibilities for + further typed array optimizations in the JSC JITs, including inlining typed + array allocation, inlining more of the accessors, reducing the cost of type + checks, etc. + + An additional property of this patch is that typed arrays are mostly + implemented using templates. This deduplicates a bunch of code, but does mean + that we need some hacks for exporting s_info's of template classes. See + JSGenericTypedArrayView.h and JSTypedArrays.cpp. Those hacks are fairly + low-impact compared to code duplication. + + Automake work courtesy of Zan Dobersek . + * CMakeLists.txt: + * DerivedSources.make: + * GNUmakefile.list.am: + * JSCTypedArrayStubs.h: Removed. + * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: + * JavaScriptCore.xcodeproj/project.pbxproj: + * Target.pri: + * bytecode/ByValInfo.h: + (JSC::hasOptimizableIndexingForClassInfo): + (JSC::jitArrayModeForClassInfo): + (JSC::typedArrayTypeForJITArrayMode): + * bytecode/SpeculatedType.cpp: + (JSC::speculationFromClassInfo): + * dfg/DFGArrayMode.cpp: + (JSC::DFG::toTypedArrayType): + * dfg/DFGArrayMode.h: + (JSC::DFG::ArrayMode::typedArrayType): + * dfg/DFGSpeculativeJIT.cpp: + (JSC::DFG::SpeculativeJIT::checkArray): + (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): + (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): + (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray): + (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): + (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): + (JSC::DFG::SpeculativeJIT::compileGetArrayLength): + * dfg/DFGSpeculativeJIT.h: + * dfg/DFGSpeculativeJIT32_64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * dfg/DFGSpeculativeJIT64.cpp: + (JSC::DFG::SpeculativeJIT::compile): + * heap/CopyToken.h: + * heap/DeferGC.h: + (JSC::DeferGCForAWhile::DeferGCForAWhile): + (JSC::DeferGCForAWhile::~DeferGCForAWhile): + * heap/GCIncomingRefCounted.h: Added. + (JSC::GCIncomingRefCounted::GCIncomingRefCounted): + (JSC::GCIncomingRefCounted::~GCIncomingRefCounted): + (JSC::GCIncomingRefCounted::numberOfIncomingReferences): + (JSC::GCIncomingRefCounted::incomingReferenceAt): + (JSC::GCIncomingRefCounted::singletonFlag): + (JSC::GCIncomingRefCounted::hasVectorOfCells): + (JSC::GCIncomingRefCounted::hasAnyIncoming): + (JSC::GCIncomingRefCounted::hasSingleton): + (JSC::GCIncomingRefCounted::singleton): + (JSC::GCIncomingRefCounted::vectorOfCells): + * heap/GCIncomingRefCountedInlines.h: Added. + (JSC::::addIncomingReference): + (JSC::::filterIncomingReferences): + * heap/GCIncomingRefCountedSet.h: Added. + (JSC::GCIncomingRefCountedSet::size): + * heap/GCIncomingRefCountedSetInlines.h: Added. + (JSC::::GCIncomingRefCountedSet): + (JSC::::~GCIncomingRefCountedSet): + (JSC::::addReference): + (JSC::::sweep): + (JSC::::removeAll): + (JSC::::removeDead): + * heap/Heap.cpp: + (JSC::Heap::addReference): + (JSC::Heap::extraSize): + (JSC::Heap::size): + (JSC::Heap::capacity): + (JSC::Heap::collect): + (JSC::Heap::decrementDeferralDepth): + (JSC::Heap::decrementDeferralDepthAndGCIfNeeded): + * heap/Heap.h: + * interpreter/CallFrame.h: + (JSC::ExecState::dataViewTable): + * jit/JIT.h: + * jit/JITPropertyAccess.cpp: + (JSC::JIT::privateCompileGetByVal): + (JSC::JIT::privateCompilePutByVal): + (JSC::JIT::emitIntTypedArrayGetByVal): + (JSC::JIT::emitFloatTypedArrayGetByVal): + (JSC::JIT::emitIntTypedArrayPutByVal): + (JSC::JIT::emitFloatTypedArrayPutByVal): * jsc.cpp: - (main): - - clear the appropriate bit in the fpscr. - -2012-04-27 Michael Saboff - - Memory wasted in JSString for non-rope strings - https://bugs.webkit.org/show_bug.cgi?id=84907 - - Reviewed by Geoffrey Garen. - - Split JSString into two classes, JSString as a base class that does not - include the fibers of a Rope, and a subclass JSRopeString that has the - rope functionality. Both classes "share" the same ClassInfo. Added - a bool to JSString to indicate that the string was allocated as a JSRopeString - to properly handle visiting the fiber children when the rope is resolved and - the JSRopeString appears as a JSString. Didn't change the interface of JSString - to require any JIT changes. - - As part of this change, removed "cellSize" from ClassInfo since both classes - share the same ClassInfo, but have different sizes. The only use I could find - for cellSize was an ASSERT in allocateCell(). - - This appears to be neutral on performance tests. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Changed JSString::resolveRope - to JSRopeString::resolveRope + (GlobalObject::finishCreation): + * runtime/ArrayBuffer.cpp: + (JSC::ArrayBuffer::transfer): + * runtime/ArrayBuffer.h: + (JSC::ArrayBuffer::createAdopted): + (JSC::ArrayBuffer::ArrayBuffer): + (JSC::ArrayBuffer::gcSizeEstimateInBytes): + (JSC::ArrayBuffer::pin): + (JSC::ArrayBuffer::unpin): + (JSC::ArrayBufferContents::tryAllocate): + * runtime/ArrayBufferView.cpp: + (JSC::ArrayBufferView::ArrayBufferView): + (JSC::ArrayBufferView::~ArrayBufferView): + (JSC::ArrayBufferView::setNeuterable): + * runtime/ArrayBufferView.h: + (JSC::ArrayBufferView::isNeutered): + (JSC::ArrayBufferView::buffer): + (JSC::ArrayBufferView::baseAddress): + (JSC::ArrayBufferView::byteOffset): + (JSC::ArrayBufferView::verifySubRange): + (JSC::ArrayBufferView::clampOffsetAndNumElements): + (JSC::ArrayBufferView::calculateOffsetAndLength): * runtime/ClassInfo.h: - (JSC): - (ClassInfo): + * runtime/CommonIdentifiers.h: + * runtime/DataView.cpp: Added. + (JSC::DataView::DataView): + (JSC::DataView::create): + (JSC::DataView::wrap): + * runtime/DataView.h: Added. + (JSC::DataView::byteLength): + (JSC::DataView::getType): + (JSC::DataView::get): + (JSC::DataView::set): + * runtime/Float32Array.h: + * runtime/Float64Array.h: + * runtime/GenericTypedArrayView.h: Added. + (JSC::GenericTypedArrayView::data): + (JSC::GenericTypedArrayView::set): + (JSC::GenericTypedArrayView::setRange): + (JSC::GenericTypedArrayView::zeroRange): + (JSC::GenericTypedArrayView::zeroFill): + (JSC::GenericTypedArrayView::length): + (JSC::GenericTypedArrayView::byteLength): + (JSC::GenericTypedArrayView::item): + (JSC::GenericTypedArrayView::checkInboundData): + (JSC::GenericTypedArrayView::getType): + * runtime/GenericTypedArrayViewInlines.h: Added. + (JSC::::GenericTypedArrayView): + (JSC::::create): + (JSC::::createUninitialized): + (JSC::::subarray): + (JSC::::wrap): + * runtime/IndexingHeader.h: + (JSC::IndexingHeader::arrayBuffer): + (JSC::IndexingHeader::setArrayBuffer): + * runtime/Int16Array.h: + * runtime/Int32Array.h: + * runtime/Int8Array.h: + * runtime/JSArrayBuffer.cpp: Added. + (JSC::JSArrayBuffer::JSArrayBuffer): + (JSC::JSArrayBuffer::finishCreation): + (JSC::JSArrayBuffer::create): + (JSC::JSArrayBuffer::createStructure): + (JSC::JSArrayBuffer::getOwnPropertySlot): + (JSC::JSArrayBuffer::getOwnPropertyDescriptor): + (JSC::JSArrayBuffer::put): + (JSC::JSArrayBuffer::defineOwnProperty): + (JSC::JSArrayBuffer::deleteProperty): + (JSC::JSArrayBuffer::getOwnNonIndexPropertyNames): + * runtime/JSArrayBuffer.h: Added. + (JSC::JSArrayBuffer::impl): + (JSC::toArrayBuffer): + * runtime/JSArrayBufferConstructor.cpp: Added. + (JSC::JSArrayBufferConstructor::JSArrayBufferConstructor): + (JSC::JSArrayBufferConstructor::finishCreation): + (JSC::JSArrayBufferConstructor::create): + (JSC::JSArrayBufferConstructor::createStructure): + (JSC::constructArrayBuffer): + (JSC::JSArrayBufferConstructor::getConstructData): + (JSC::JSArrayBufferConstructor::getCallData): + * runtime/JSArrayBufferConstructor.h: Added. + * runtime/JSArrayBufferPrototype.cpp: Added. + (JSC::arrayBufferProtoFuncSlice): + (JSC::JSArrayBufferPrototype::JSArrayBufferPrototype): + (JSC::JSArrayBufferPrototype::finishCreation): + (JSC::JSArrayBufferPrototype::create): + (JSC::JSArrayBufferPrototype::createStructure): + * runtime/JSArrayBufferPrototype.h: Added. + * runtime/JSArrayBufferView.cpp: Added. + (JSC::JSArrayBufferView::ConstructionContext::ConstructionContext): + (JSC::JSArrayBufferView::JSArrayBufferView): + (JSC::JSArrayBufferView::finishCreation): + (JSC::JSArrayBufferView::getOwnPropertySlot): + (JSC::JSArrayBufferView::getOwnPropertyDescriptor): + (JSC::JSArrayBufferView::put): + (JSC::JSArrayBufferView::defineOwnProperty): + (JSC::JSArrayBufferView::deleteProperty): + (JSC::JSArrayBufferView::getOwnNonIndexPropertyNames): + (JSC::JSArrayBufferView::finalize): + * runtime/JSArrayBufferView.h: Added. + (JSC::JSArrayBufferView::sizeOf): + (JSC::JSArrayBufferView::ConstructionContext::operator!): + (JSC::JSArrayBufferView::ConstructionContext::structure): + (JSC::JSArrayBufferView::ConstructionContext::vector): + (JSC::JSArrayBufferView::ConstructionContext::length): + (JSC::JSArrayBufferView::ConstructionContext::mode): + (JSC::JSArrayBufferView::ConstructionContext::butterfly): + (JSC::JSArrayBufferView::mode): + (JSC::JSArrayBufferView::vector): + (JSC::JSArrayBufferView::length): + (JSC::JSArrayBufferView::offsetOfVector): + (JSC::JSArrayBufferView::offsetOfLength): + (JSC::JSArrayBufferView::offsetOfMode): + * runtime/JSArrayBufferViewInlines.h: Added. + (JSC::JSArrayBufferView::slowDownAndWasteMemoryIfNecessary): + (JSC::JSArrayBufferView::buffer): + (JSC::JSArrayBufferView::impl): + (JSC::JSArrayBufferView::neuter): + (JSC::JSArrayBufferView::byteOffset): + * runtime/JSCell.cpp: + (JSC::JSCell::slowDownAndWasteMemory): + (JSC::JSCell::getTypedArrayImpl): * runtime/JSCell.h: - (JSC::allocateCell): - * runtime/JSString.cpp: - (JSC::JSRopeString::RopeBuilder::expand): - (JSC::JSString::visitChildren): - (JSC): - (JSC::JSRopeString::visitFibers): - (JSC::JSRopeString::resolveRope): - (JSC::JSRopeString::resolveRopeSlowCase8): - (JSC::JSRopeString::resolveRopeSlowCase): - (JSC::JSRopeString::outOfMemory): - (JSC::JSRopeString::getIndexSlowCase): - * runtime/JSString.h: - (JSC): - (JSString): - (JSC::JSString::finishCreation): - (JSC::JSString::create): - (JSC::JSString::isRope): - (JSC::JSString::is8Bit): - (JSRopeString): - (RopeBuilder): - (JSC::JSRopeString::RopeBuilder::RopeBuilder): - (JSC::JSRopeString::RopeBuilder::append): - (JSC::JSRopeString::RopeBuilder::release): - (JSC::JSRopeString::RopeBuilder::length): - (JSC::JSRopeString::JSRopeString): - (JSC::JSRopeString::finishCreation): - (JSC::JSRopeString::createNull): - (JSC::JSRopeString::create): - (JSC::JSString::value): - (JSC::JSString::tryGetValue): - (JSC::JSString::getIndex): - (JSC::jsStringBuilder): + * runtime/JSDataView.cpp: Added. + (JSC::JSDataView::JSDataView): + (JSC::JSDataView::create): + (JSC::JSDataView::createUninitialized): + (JSC::JSDataView::set): + (JSC::JSDataView::typedImpl): + (JSC::JSDataView::getOwnPropertySlot): + (JSC::JSDataView::getOwnPropertyDescriptor): + (JSC::JSDataView::slowDownAndWasteMemory): + (JSC::JSDataView::getTypedArrayImpl): + (JSC::JSDataView::createStructure): + * runtime/JSDataView.h: Added. + * runtime/JSDataViewPrototype.cpp: Added. + (JSC::JSDataViewPrototype::JSDataViewPrototype): + (JSC::JSDataViewPrototype::create): + (JSC::JSDataViewPrototype::createStructure): + (JSC::JSDataViewPrototype::getOwnPropertySlot): + (JSC::JSDataViewPrototype::getOwnPropertyDescriptor): + (JSC::getData): + (JSC::setData): + (JSC::dataViewProtoFuncGetInt8): + (JSC::dataViewProtoFuncGetInt16): + (JSC::dataViewProtoFuncGetInt32): + (JSC::dataViewProtoFuncGetUint8): + (JSC::dataViewProtoFuncGetUint16): + (JSC::dataViewProtoFuncGetUint32): + (JSC::dataViewProtoFuncGetFloat32): + (JSC::dataViewProtoFuncGetFloat64): + (JSC::dataViewProtoFuncSetInt8): + (JSC::dataViewProtoFuncSetInt16): + (JSC::dataViewProtoFuncSetInt32): + (JSC::dataViewProtoFuncSetUint8): + (JSC::dataViewProtoFuncSetUint16): + (JSC::dataViewProtoFuncSetUint32): + (JSC::dataViewProtoFuncSetFloat32): + (JSC::dataViewProtoFuncSetFloat64): + * runtime/JSDataViewPrototype.h: Added. + * runtime/JSFloat32Array.h: Added. + * runtime/JSFloat64Array.h: Added. + * runtime/JSGenericTypedArrayView.h: Added. + (JSC::JSGenericTypedArrayView::byteLength): + (JSC::JSGenericTypedArrayView::byteSize): + (JSC::JSGenericTypedArrayView::typedVector): + (JSC::JSGenericTypedArrayView::canGetIndexQuickly): + (JSC::JSGenericTypedArrayView::canSetIndexQuickly): + (JSC::JSGenericTypedArrayView::getIndexQuicklyAsNativeValue): + (JSC::JSGenericTypedArrayView::getIndexQuicklyAsDouble): + (JSC::JSGenericTypedArrayView::getIndexQuickly): + (JSC::JSGenericTypedArrayView::setIndexQuicklyToNativeValue): + (JSC::JSGenericTypedArrayView::setIndexQuicklyToDouble): + (JSC::JSGenericTypedArrayView::setIndexQuickly): + (JSC::JSGenericTypedArrayView::canAccessRangeQuickly): + (JSC::JSGenericTypedArrayView::typedImpl): + (JSC::JSGenericTypedArrayView::createStructure): + (JSC::JSGenericTypedArrayView::info): + (JSC::toNativeTypedView): + * runtime/JSGenericTypedArrayViewConstructor.h: Added. + * runtime/JSGenericTypedArrayViewConstructorInlines.h: Added. + (JSC::::JSGenericTypedArrayViewConstructor): + (JSC::::finishCreation): + (JSC::::create): + (JSC::::createStructure): + (JSC::constructGenericTypedArrayView): + (JSC::::getConstructData): + (JSC::::getCallData): + * runtime/JSGenericTypedArrayViewInlines.h: Added. + (JSC::::JSGenericTypedArrayView): + (JSC::::create): + (JSC::::createUninitialized): + (JSC::::validateRange): + (JSC::::setWithSpecificType): + (JSC::::set): + (JSC::::getOwnPropertySlot): + (JSC::::getOwnPropertyDescriptor): + (JSC::::put): + (JSC::::defineOwnProperty): + (JSC::::deleteProperty): + (JSC::::getOwnPropertySlotByIndex): + (JSC::::putByIndex): + (JSC::::deletePropertyByIndex): + (JSC::::getOwnNonIndexPropertyNames): + (JSC::::getOwnPropertyNames): + (JSC::::visitChildren): + (JSC::::copyBackingStore): + (JSC::::slowDownAndWasteMemory): + (JSC::::getTypedArrayImpl): + * runtime/JSGenericTypedArrayViewPrototype.h: Added. + * runtime/JSGenericTypedArrayViewPrototypeInlines.h: Added. + (JSC::genericTypedArrayViewProtoFuncSet): + (JSC::genericTypedArrayViewProtoFuncSubarray): + (JSC::::JSGenericTypedArrayViewPrototype): + (JSC::::finishCreation): + (JSC::::create): + (JSC::::createStructure): + * runtime/JSGlobalObject.cpp: + (JSC::JSGlobalObject::reset): + (JSC::JSGlobalObject::visitChildren): + * runtime/JSGlobalObject.h: + (JSC::JSGlobalObject::arrayBufferPrototype): + (JSC::JSGlobalObject::arrayBufferStructure): + (JSC::JSGlobalObject::typedArrayStructure): + * runtime/JSInt16Array.h: Added. + * runtime/JSInt32Array.h: Added. + * runtime/JSInt8Array.h: Added. + * runtime/JSTypedArrayConstructors.cpp: Added. + * runtime/JSTypedArrayConstructors.h: Added. + * runtime/JSTypedArrayPrototypes.cpp: Added. + * runtime/JSTypedArrayPrototypes.h: Added. + * runtime/JSTypedArrays.cpp: Added. + * runtime/JSTypedArrays.h: Added. + * runtime/JSUint16Array.h: Added. + * runtime/JSUint32Array.h: Added. + * runtime/JSUint8Array.h: Added. + * runtime/JSUint8ClampedArray.h: Added. * runtime/Operations.h: - (JSC::jsString): - (JSC::jsStringFromArguments): - -2012-04-27 Oliver Hunt - - Correct assertion. - - * interpreter/Interpreter.cpp: - (JSC::Interpreter::throwException): - -2012-04-27 Oliver Hunt - - Lazy link phase of baseline jit fails to propagate exception - https://bugs.webkit.org/show_bug.cgi?id=85092 + * runtime/Options.h: + * runtime/SimpleTypedArrayController.cpp: Added. + (JSC::SimpleTypedArrayController::SimpleTypedArrayController): + (JSC::SimpleTypedArrayController::~SimpleTypedArrayController): + (JSC::SimpleTypedArrayController::toJS): + * runtime/SimpleTypedArrayController.h: Added. + * runtime/Structure.h: + (JSC::Structure::couldHaveIndexingHeader): + * runtime/StructureInlines.h: + (JSC::Structure::hasIndexingHeader): + * runtime/TypedArrayAdaptors.h: Added. + (JSC::IntegralTypedArrayAdaptor::toNative): + (JSC::IntegralTypedArrayAdaptor::toJSValue): + (JSC::IntegralTypedArrayAdaptor::toDouble): + (JSC::FloatTypedArrayAdaptor::toNative): + (JSC::FloatTypedArrayAdaptor::toJSValue): + (JSC::FloatTypedArrayAdaptor::toDouble): + (JSC::Uint8ClampedAdaptor::toNative): + (JSC::Uint8ClampedAdaptor::toJSValue): + (JSC::Uint8ClampedAdaptor::toDouble): + (JSC::Uint8ClampedAdaptor::clamp): + * runtime/TypedArrayController.cpp: Added. + (JSC::TypedArrayController::TypedArrayController): + (JSC::TypedArrayController::~TypedArrayController): + * runtime/TypedArrayController.h: Added. + * runtime/TypedArrayDescriptor.h: Removed. + * runtime/TypedArrayInlines.h: Added. + * runtime/TypedArrayType.cpp: Added. + (JSC::classInfoForType): + (WTF::printInternal): + * runtime/TypedArrayType.h: Added. + (JSC::toIndex): + (JSC::isTypedView): + (JSC::elementSize): + (JSC::isInt): + (JSC::isFloat): + (JSC::isSigned): + (JSC::isClamped): + * runtime/TypedArrays.h: Added. + * runtime/Uint16Array.h: + * runtime/Uint32Array.h: + * runtime/Uint8Array.h: + * runtime/Uint8ClampedArray.h: + * runtime/VM.cpp: + (JSC::VM::VM): + (JSC::VM::~VM): + * runtime/VM.h: + +2013-08-15 Oliver Hunt + + Assigning to a readonly global results in DFG byte code parse failure Reviewed by Filip Pizlo. - Very simple patch, when linking produces an error we need to actually store - the exception prior to throwing it. I can't find any other examples of this, - but as we're already in the slow path when throwing an exception I've hardened - exception throwing against null exceptions. - - * interpreter/Interpreter.cpp: - (JSC::Interpreter::throwException): - * jit/JITStubs.cpp: - (JSC::lazyLinkFor): - -2012-04-27 Benjamin Poulain - - Generalize the single character optimization of numberProtoFuncToString - https://bugs.webkit.org/show_bug.cgi?id=85027 - - Reviewed by Geoffrey Garen. - - The function numberProtoFuncToString() has an optimization to use SmallStrings::singleCharacterString() - when the radix is 36. - - This patch generalize the optimization for any radix. Any positive number smaller than its radix - can be represented by a single character of radixDigits. - - This makes numberProtoFuncToString() about twice as fast for this case of single digit conversion. - - * runtime/NumberPrototype.cpp: - (JSC::numberProtoFuncToString): - -2012-04-27 Gavin Peters - - Add new ENABLE_LINK_PRERENDER define to control the Prerendering API - https://bugs.webkit.org/show_bug.cgi?id=84871 - - Reviewed by Adam Barth. - - Prerendering is currently covered by the ENABLE_LINK_PREFETCH macro, but the new Prerendering - API separates it from prefetching. Having separate include guards lets ports enable prefetching, - a relatively easy change, without needing to build the infrastructure for prerendering, which - is considerably more complicated. - - * Configurations/FeatureDefines.xcconfig: - -2012-04-26 Oliver Hunt + Make sure dfgCapabilities doesn't report a Dynamic put as + being compilable when we don't actually support it. - Allocating WeakImpl should not trigger GC, as that makes the world very tricksy. - https://bugs.webkit.org/show_bug.cgi?id=85020 - - Reviewed by Gavin Barraclough. - - Now in the event that we are unable to find an allocator for a new handle, just - add a new allocator rather than trying to recover "dead" handles through a GC. + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::dumpBytecode): + * dfg/DFGCapabilities.cpp: + (JSC::DFG::capabilityLevel): - Find allocator is now much simpler, and addAllocator directly reports the - increased memory usage to the heap without causing any GC to happen immediately. +2013-08-15 Brent Fulgham - * heap/WeakSet.cpp: - (JSC::WeakSet::findAllocator): - (JSC::WeakSet::addAllocator): + [Windows] Incorrect DLL Linkage for JSC ArrayBuffer and ArrayBufferView + https://bugs.webkit.org/show_bug.cgi?id=119847 -2012-04-26 Oliver Hunt + Reviewed by Oliver Hunt. - Remove RegisterFile::end()/m_end - https://bugs.webkit.org/show_bug.cgi?id=85011 + * runtime/ArrayBuffer.h: Switch from WTF_EXPORT_PRIVATE to JS_EXPORT_PRIVATE + * runtime/ArrayBufferView.h: Ditto. - Reviewed by Gavin Barraclough. +2013-08-15 Gavin Barraclough - Get rid of end() and m_end from RegisterFile. From now on - we only care about the end of the committed region when calling - code. When re-entering the VM we now plant the new CallFrame - immediately after whatever the current topCallFrame is. This - required adding a routine to CallFrame to determine exactly what - we should be doing (in the absence of an existing CallFrame, we - can't reason about the frameExtent() so we check for that). + https://bugs.webkit.org/show_bug.cgi?id=119843 + PropertySlot::setValue is ambiguous - This also now means that the GC only marks the portion of the - RegisterFile that is actually in use, and that VM re-entry doesn't - exhaust the RegisterFile as rapidly. + Reviewed by Geoff Garen. - * dfg/DFGOperations.cpp: - * heap/Heap.cpp: - (JSC::Heap::getConservativeRegisterRoots): - (JSC::Heap::markRoots): - * interpreter/CallFrame.h: - (JSC::ExecState::init): - (JSC::ExecState::startOfReusableRegisterFile): - (ExecState): - * interpreter/Interpreter.cpp: - (JSC::Interpreter::execute): - (JSC::Interpreter::executeCall): - (JSC::Interpreter::executeConstruct): - (JSC::Interpreter::prepareForRepeatCall): - (JSC::Interpreter::privateExecute): - * interpreter/Interpreter.h: - (JSC::Interpreter::execute): - * interpreter/RegisterFile.cpp: - (JSC::RegisterFile::growSlowCase): - (JSC::RegisterFile::gatherConservativeRoots): - * interpreter/RegisterFile.h: - (JSC::RegisterFile::commitEnd): - (JSC::RegisterFile::addressOfEnd): - (RegisterFile): - (JSC::RegisterFile::RegisterFile): - (JSC::RegisterFile::shrink): - (JSC::RegisterFile::grow): - * jit/JITStubs.cpp: - (JSC::DEFINE_STUB_FUNCTION): - (JSC::jitCompileFor): - (JSC::lazyLinkFor): - * llint/LLIntSlowPaths.cpp: - (JSC::LLInt::LLINT_SLOW_PATH_DECL): - (JSC::LLInt::handleHostCall): - * llint/LowLevelInterpreter.asm: - * runtime/CommonSlowPaths.h: - (JSC::CommonSlowPaths::arityCheckFor): + There are three different versions of PropertySlot::setValue, one for cacheable properties, and two that are used interchangeably and inconsistently. + The problematic variants are the ones that just take a value, and one that takes a value and also the object containing the property. + Unify on always providing the object, and remove the version that just takes a value. + This always works except for JSString, where we optimize out the object (logically we should be instantiating a temporary StringObject on every property access). + Provide a version of setValue that takes a JSString as the owner of the property. + We won't store this, but it makes it clear that this interface should only be used from JSString. -2012-04-26 Filip Pizlo + * API/JSCallbackObjectFunctions.h: + (JSC::::getOwnPropertySlot): + * JSCTypedArrayStubs.h: + * runtime/Arguments.cpp: + (JSC::Arguments::getOwnPropertySlotByIndex): + (JSC::Arguments::getOwnPropertySlot): + * runtime/JSActivation.cpp: + (JSC::JSActivation::symbolTableGet): + (JSC::JSActivation::getOwnPropertySlot): + * runtime/JSArray.cpp: + (JSC::JSArray::getOwnPropertySlot): + * runtime/JSObject.cpp: + (JSC::JSObject::getOwnPropertySlotByIndex): + * runtime/JSString.h: + (JSC::JSString::getStringPropertySlot): + * runtime/JSSymbolTableObject.h: + (JSC::symbolTableGet): + * runtime/SparseArrayValueMap.cpp: + (JSC::SparseArrayEntry::get): + - Pass object containing property to PropertySlot::setValue + * runtime/PropertySlot.h: + (JSC::PropertySlot::setValue): + - Logically, the base of a string property access is a temporary StringObject, but we optimize that away. + (JSC::PropertySlot::setUndefined): + - removed setValue(JSValue), added setValue(JSString*, JSValue) - DFG ARMv7 backend should optimize Float32 arrays - https://bugs.webkit.org/show_bug.cgi?id=85000 - +2013-08-15 Oliver Hunt - Reviewed by Gavin Barraclough. + Remove bogus assertion. - * assembler/ARMv7Assembler.h: - (ARMv7Assembler): - (JSC::ARMv7Assembler::flds): - (JSC::ARMv7Assembler::fsts): - (JSC::ARMv7Assembler::vcvtds): - (JSC::ARMv7Assembler::vcvtsd): - * assembler/MacroAssemblerARMv7.h: - (JSC::MacroAssemblerARMv7::loadFloat): - (MacroAssemblerARMv7): - (JSC::MacroAssemblerARMv7::storeFloat): - (JSC::MacroAssemblerARMv7::convertFloatToDouble): - (JSC::MacroAssemblerARMv7::convertDoubleToFloat): - * bytecode/PredictedType.h: - (JSC::isActionableFloatMutableArrayPrediction): - * dfg/DFGNode.h: - (JSC::DFG::Node::shouldSpeculateFloat32Array): + RS=Filip Pizlo -2012-04-25 Benjamin Poulain + * dfg/DFGAbstractInterpreterInlines.h: + (JSC::DFG::::executeEffects): - Add a version of StringImpl::find() without offset - https://bugs.webkit.org/show_bug.cgi?id=83968 +2013-08-15 Allan Sandfeld Jensen - Reviewed by Sam Weinig. + REGRESSION(r148790) Made 7 tests fail on x86 32bit + https://bugs.webkit.org/show_bug.cgi?id=114913 - Add support for the new StringImpl::find() to UString. + Reviewed by Filip Pizlo. - Change stringProtoFuncIndexOf() to specifically take advatage of the feature. - This gives a 12% gains on a distribution of strings between 30 and 100 characters. + The X87 register was not freed before some calls. Instead + of inserting resetX87Registers to the last call sites, + the two X87 registers are now freed in every call. - * runtime/StringPrototype.cpp: - (JSC::substituteBackreferences): - (JSC::stringProtoFuncIndexOf): - * runtime/UString.h: - (UString): - (JSC::UString::find): + * llint/LowLevelInterpreter32_64.asm: + * llint/LowLevelInterpreter64.asm: + * offlineasm/instructions.rb: + * offlineasm/x86.rb: -2012-04-25 Mark Hahnenberg +2013-08-14 Michael Saboff - WebCore shouldn't call collectAllGarbage directly - https://bugs.webkit.org/show_bug.cgi?id=84897 + Fixed jit on Win64. + https://bugs.webkit.org/show_bug.cgi?id=119601 - Reviewed by Geoffrey Garen. + Reviewed by Oliver Hunt. - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Exported symbol - for reportAbanondedObjectGraph so WebCore can use it. - * heap/Heap.h: Ditto. + * jit/JITStubsMSVC64.asm: Added ctiVMThrowTrampolineSlowpath implementation. + * jit/JSInterfaceJIT.h: Added thirdArgumentRegister. + * jit/SlowPathCall.h: + (JSC::JITSlowPathCall::call): Added correct calling convention for Win64. -2012-04-25 Oliver Hunt +2013-08-14 Alex Christensen - Biolab disaster crashes on ToT - https://bugs.webkit.org/show_bug.cgi?id=84898 + Compile fix for Win64 with jit disabled. + https://bugs.webkit.org/show_bug.cgi?id=119804 - Reviewed by Filip Pizlo. + Reviewed by Michael Saboff. - Whoops, committed without saving reviewer requested change. + * offlineasm/cloop.rb: Added std:: before isnan. - * dfg/DFGVirtualRegisterAllocationPhase.cpp: - (JSC::DFG::VirtualRegisterAllocationPhase::run): +2013-08-14 Julien Brianceau -2012-04-25 Oliver Hunt + DFG_JIT implementation for sh4 architecture. + https://bugs.webkit.org/show_bug.cgi?id=119737 - Biolab disaster crashes on ToT - https://bugs.webkit.org/show_bug.cgi?id=84898 + Reviewed by Oliver Hunt. - Reviewed by Filip Pizlo. + * assembler/MacroAssemblerSH4.h: + (JSC::MacroAssemblerSH4::invert): + (JSC::MacroAssemblerSH4::add32): + (JSC::MacroAssemblerSH4::and32): + (JSC::MacroAssemblerSH4::lshift32): + (JSC::MacroAssemblerSH4::mul32): + (JSC::MacroAssemblerSH4::or32): + (JSC::MacroAssemblerSH4::rshift32): + (JSC::MacroAssemblerSH4::sub32): + (JSC::MacroAssemblerSH4::xor32): + (JSC::MacroAssemblerSH4::store32): + (JSC::MacroAssemblerSH4::swapDouble): + (JSC::MacroAssemblerSH4::storeDouble): + (JSC::MacroAssemblerSH4::subDouble): + (JSC::MacroAssemblerSH4::mulDouble): + (JSC::MacroAssemblerSH4::divDouble): + (JSC::MacroAssemblerSH4::negateDouble): + (JSC::MacroAssemblerSH4::zeroExtend32ToPtr): + (JSC::MacroAssemblerSH4::branchTruncateDoubleToUint32): + (JSC::MacroAssemblerSH4::truncateDoubleToUint32): + (JSC::MacroAssemblerSH4::swap): + (JSC::MacroAssemblerSH4::jump): + (JSC::MacroAssemblerSH4::branchNeg32): + (JSC::MacroAssemblerSH4::branchAdd32): + (JSC::MacroAssemblerSH4::branchMul32): + (JSC::MacroAssemblerSH4::urshift32): + * assembler/SH4Assembler.h: + (JSC::SH4Assembler::SH4Assembler): + (JSC::SH4Assembler::labelForWatchpoint): + (JSC::SH4Assembler::label): + (JSC::SH4Assembler::debugOffset): + * dfg/DFGAssemblyHelpers.h: + (JSC::DFG::AssemblyHelpers::preserveReturnAddressAfterCall): + (JSC::DFG::AssemblyHelpers::restoreReturnAddressBeforeReturn): + (JSC::DFG::AssemblyHelpers::debugCall): + * dfg/DFGCCallHelpers.h: + (JSC::DFG::CCallHelpers::setupArguments): + (JSC::DFG::CCallHelpers::setupArgumentsWithExecState): + * dfg/DFGFPRInfo.h: + (JSC::DFG::FPRInfo::toRegister): + (JSC::DFG::FPRInfo::toIndex): + (JSC::DFG::FPRInfo::debugName): + * dfg/DFGGPRInfo.h: + (JSC::DFG::GPRInfo::toRegister): + (JSC::DFG::GPRInfo::toIndex): + (JSC::DFG::GPRInfo::debugName): + * dfg/DFGOperations.cpp: + * dfg/DFGSpeculativeJIT.h: + (JSC::DFG::SpeculativeJIT::callOperation): + * jit/JITStubs.h: + * jit/JITStubsSH4.h: - I recently added an assertion to the Interpreter to catch incorrect - updates of topCallFrame. This caused a bunch of sites (including biolab - disaster) to crash as we were not correctly handling callee registers - of inlined functions, leading to a mismatch. +2013-08-13 Filip Pizlo - I could not actually make this trigger directly, although it does trigger - already on some of the GTK and QT bots. + Unreviewed, fix build. - * dfg/DFGVirtualRegisterAllocationPhase.cpp: - (JSC::DFG::VirtualRegisterAllocationPhase::run): + * API/JSValue.mm: + (isDate): + (isArray): + * API/JSWrapperMap.mm: + (tryUnwrapObjcObject): + * API/ObjCCallbackFunction.mm: + (tryUnwrapBlock): -2012-04-25 Kenneth Russell +2013-08-13 Filip Pizlo - Delete CanvasPixelArray, ByteArray, JSByteArray and JSC code once unreferenced - https://bugs.webkit.org/show_bug.cgi?id=83655 + Foo::s_info should be Foo::info(), so that you can change how the s_info is actually linked + https://bugs.webkit.org/show_bug.cgi?id=119770 - Reviewed by Oliver Hunt. + Reviewed by Mark Hahnenberg. - * CMakeLists.txt: - * GNUmakefile.list.am: - * JavaScriptCore.gypi: - * JavaScriptCore.order: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: - * JavaScriptCore.xcodeproj/project.pbxproj: - * Target.pri: - * bytecode/PredictedType.cpp: - (JSC::predictionToString): - (JSC::predictionToAbbreviatedString): - (JSC::predictionFromClassInfo): - * bytecode/PredictedType.h: - (JSC): - (JSC::isActionableIntMutableArrayPrediction): - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::initialize): - (JSC::DFG::AbstractState::execute): - * dfg/DFGCSEPhase.cpp: - (JSC::DFG::CSEPhase::performNodeCSE): - * dfg/DFGFixupPhase.cpp: - (JSC::DFG::FixupPhase::fixupNode): - * dfg/DFGNode.h: - * dfg/DFGNodeType.h: - (DFG): - * dfg/DFGOperations.cpp: - (JSC::DFG::putByVal): - * dfg/DFGPredictionPropagationPhase.cpp: - (JSC::DFG::PredictionPropagationPhase::propagate): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::checkArgumentTypes): - (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::ValueSource::forPrediction): - (SpeculativeJIT): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * interpreter/Interpreter.cpp: - (JSC::Interpreter::privateExecute): - * jit/JITStubs.cpp: - (JSC::DEFINE_STUB_FUNCTION): - * jit/JITStubs.h: - * llint/LLIntSlowPaths.cpp: - (JSC::LLInt::getByVal): - (JSC::LLInt::LLINT_SLOW_PATH_DECL): - * runtime/JSByteArray.cpp: Removed. - * runtime/JSByteArray.h: Removed. - * runtime/JSGlobalData.cpp: - -2012-04-25 Filip Pizlo - - http://bellard.org/jslinux/ triggers an assertion failure in the DFG JIT - https://bugs.webkit.org/show_bug.cgi?id=84815 - - - Reviewed by Gavin Barraclough. - - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck): - -2012-04-25 Michael Saboff - - Closure in try {} with catch captures all locals from the enclosing function - https://bugs.webkit.org/show_bug.cgi?id=84804 - - Reviewed by Oliver Hunt. - - Changed the capturing of local variables from capturing when eval is used, - within a "with" or within a "catch" to be just when an eval is used. - Renamed the function returning that we should capture from - getCapturedVariables() to usesEval(), since that what it noew returns. - Needed to fix the "with" code to only range check when the activation - has actually been torn off. Added m_isTornOff to JSActivation to - track this. - - * parser/Parser.h: - (JSC::Scope::usesEval): - (JSC::Scope::getCapturedVariables): - * runtime/JSActivation.cpp: - (JSC::JSActivation::JSActivation): - (JSC::JSActivation::symbolTableGet): - (JSC::JSActivation::symbolTablePut): - * runtime/JSActivation.h: - (JSActivation): - (JSC::JSActivation::tearOff): - -2012-04-24 Mark Hahnenberg - - GC Activity Callback timer should be based on how much has been allocated since the last collection - https://bugs.webkit.org/show_bug.cgi?id=84763 - - Reviewed by Geoffrey Garen. - - The desired behavior for the GC timer is to collect at some point in the future, - regardless of how little we've allocated. A secondary goal, which is almost if not - as important, is for the timer to collect sooner if there is the potential to - collect a greater amount of memory. Conversely, as we allocate more memory we'd - like to reduce the delay to the next collection. If we're allocating quickly enough, - the timer should be preempted in favor of a normal allocation-triggered collection. - If allocation were to slow or stop, we'd like the timer to be able to opportunistically - run a collection without us having to allocate to the hard limit set by the Heap. - - This type of policy can be described in terms of the amount of CPU we are willing - to dedicate to reclaim a single MB of memory. For example, we might be willing to - dedicate 1% of our CPU to reclaim 1 MB. We base our CPU usage off of the length of - the last collection, e.g. if our last collection took 1ms, we would want to wait about - 100ms before running another collection to reclaim 1 MB. These constants should be - tune-able, e.g. 0.1% CPU = 1 MB vs. 1% CPU = 1 MB vs. 10% CPU = 1 MB. - - * API/JSBase.cpp: Use the new reportAbandonedObjectGraph. - (JSGarbageCollect): - * API/JSContextRef.cpp: Ditto. - * heap/Heap.cpp: - (JSC::Heap::Heap): - (JSC::Heap::reportAbandonedObjectGraph): Similar to reportExtraMemoryCost. Clients call - this function to notify the Heap that some unknown number of JSC objects might have just - been abandoned and are now garbage. The Heap might schedule a new collection timer based - on this notification. - (JSC): - (JSC::Heap::collect): Renamed m_lastFullGCSize to the less confusing m_sizeAfterLastCollect. - * heap/Heap.h: - (Heap): - * heap/MarkedAllocator.h: - (JSC::MarkedAllocator::zapFreeList): Fixed a bug in zapFreeList that failed to nullify the - current allocator's FreeList once zapping was complete. - * runtime/GCActivityCallback.cpp: Removed didAbandonObjectGraph because it was replaced by - Heap::reportAbandonedObjectGraph. - (JSC): - * runtime/GCActivityCallback.h: - (JSC::GCActivityCallback::willCollect): - (DefaultGCActivityCallback): - * runtime/GCActivityCallbackCF.cpp: Refactored the GC timer code so that we now schedule the - timer based on how much we have allocated since the last collection up to a certain amount. - We use the length of the previous GC to try to keep our total cost of opportunistic timer-triggered - collections around 1% of the CPU per MB of garbage we expect to reclaim up to a maximum of 5 MB. - (DefaultGCActivityCallbackPlatformData): - (JSC): - (JSC::DefaultGCActivityCallback::~DefaultGCActivityCallback): - (JSC::DefaultGCActivityCallback::commonConstructor): - (JSC::scheduleTimer): - (JSC::cancelTimer): - (JSC::DefaultGCActivityCallback::didAllocate): - -2012-04-24 Michael Saboff - - objectProtoFuncToString creates new string every invocation - https://bugs.webkit.org/show_bug.cgi?id=84781 - - Reviewed by Geoffrey Garen. - - Cache the results of object toString() in the attached Structure. - - * runtime/ObjectPrototype.cpp: - (JSC::objectProtoFuncToString): - * runtime/Structure.cpp: - (JSC::Structure::visitChildren): visit new m_hasObjectToStringValue. - * runtime/Structure.h: Added new member m_hasObjectToStringValue - (JSC): - (JSC::Structure::objectToStringValue): - (Structure): - (JSC::Structure::setObjectToStringValue): - -2012-04-24 Thouraya ANDOLSI - - Reviewed by Oliver Hunt. - - https://bugs.webkit.org/show_bug.cgi?id=84727. - Fix build when ENABLE_JIT_CONSTANT_BLINDING enabled. - - * assembler/MacroAssemblerSH4.h: - (JSC::MacroAssemblerSH4::or32): - (JSC::MacroAssemblerSH4::and32): - (JSC::MacroAssemblerSH4::lshift32): - (JSC::MacroAssemblerSH4::xor32): - (JSC::MacroAssemblerSH4::branchSub32): - (JSC::MacroAssemblerSH4::urshift32): - -2012-04-24 Gavin Barraclough - - Add explicit patchableBranchPtrWithPatch/patchableJump methods - https://bugs.webkit.org/show_bug.cgi?id=84498 - - Reviewed by Filip Pizlo. - - Don't rely on inUninterruptedSequence to distinguish which jumps we need to be able to repatch. - - * assembler/AbstractMacroAssembler.h: - (JSC::AbstractMacroAssembler::PatchableJump::PatchableJump): - (PatchableJump): - (JSC::AbstractMacroAssembler::PatchableJump::operator Jump&): - (AbstractMacroAssembler): - (JSC::AbstractMacroAssembler::AbstractMacroAssembler): - - Added PatchableJump type, removed inUninterruptedSequence. - * assembler/LinkBuffer.h: - (LinkBuffer): - (JSC::LinkBuffer::locationOf): - - Only allow the location to be taken of patchable branches - * assembler/MacroAssembler.h: - (MacroAssembler): - (JSC::MacroAssembler::patchableBranchPtrWithPatch): - (JSC::MacroAssembler::patchableJump): - (JSC::MacroAssembler::shouldBlind): - - Added default implementation of patchableBranchPtrWithPatch, patchableJump. - * assembler/MacroAssemblerARMv7.h: - (JSC::MacroAssemblerARMv7::MacroAssemblerARMv7): - (MacroAssemblerARMv7): - (JSC::MacroAssemblerARMv7::patchableBranchPtrWithPatch): - (JSC::MacroAssemblerARMv7::patchableJump): - (JSC::MacroAssemblerARMv7::jump): - (JSC::MacroAssemblerARMv7::makeBranch): - - Added ARMv7 implementation of patchableBranchPtrWithPatch, patchableJump. - * dfg/DFGCorrectableJumpPoint.h: - (DFG): - (JSC::DFG::CorrectableJumpPoint::switchToLateJump): - - Late jumps are PatchableJumps. - * dfg/DFGJITCompiler.cpp: - (JSC::DFG::JITCompiler::linkOSRExits): - - replace use of inUninterruptedSequence - * dfg/DFGJITCompiler.h: - (JSC::DFG::PropertyAccessRecord::PropertyAccessRecord): - (PropertyAccessRecord): - - replace use of inUninterruptedSequence - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::cachedGetById): - (JSC::DFG::SpeculativeJIT::cachedPutById): - - replace use of inUninterruptedSequence - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::cachedGetById): - (JSC::DFG::SpeculativeJIT::cachedPutById): - - replace use of inUninterruptedSequence - * jit/JIT.h: - (PropertyStubCompilationInfo): - - replace use of inUninterruptedSequence - * jit/JITInlineMethods.h: - (JSC::JIT::beginUninterruptedSequence): - (JSC::JIT::endUninterruptedSequence): - - replace use of inUninterruptedSequence - * jit/JITPropertyAccess.cpp: - (JSC::JIT::compileGetByIdHotPath): - - replace use of inUninterruptedSequence - * jit/JITPropertyAccess32_64.cpp: - (JSC::JIT::compileGetByIdHotPath): - - replace use of inUninterruptedSequence - -2012-04-24 Benjamin Poulain - - Generalize the single character optimization of r114072 - https://bugs.webkit.org/show_bug.cgi?id=83961 - - Reviewed by Eric Seidel. - - Use the regular String::find(StringImpl*) in all cases now that it has been made faster. - - * runtime/StringPrototype.cpp: - (JSC::replaceUsingStringSearch): - -2012-04-24 Filip Pizlo - - Unreviewed, 32-bit build fix. - - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - -2012-04-24 Filip Pizlo - - DFG performs incorrect DCE on (some?) intrinsics - https://bugs.webkit.org/show_bug.cgi?id=84746 - - - Reviewed by Oliver Hunt. - - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::execute): - * dfg/DFGByteCodeParser.cpp: - (ByteCodeParser): - (JSC::DFG::ByteCodeParser::setIntrinsicResult): - (JSC::DFG::ByteCodeParser::handleMinMax): - (JSC::DFG::ByteCodeParser::handleIntrinsic): - * dfg/DFGNodeType.h: - (DFG): - * dfg/DFGPredictionPropagationPhase.cpp: - (JSC::DFG::PredictionPropagationPhase::propagate): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - -2012-04-24 Mark Hahnenberg - - Failure to allocate ArrayStorage in emit_op_new_array leads to poisonous JSArray - https://bugs.webkit.org/show_bug.cgi?id=84648 - - Reviewed by Geoffrey Garen. - - When emit_op_new_array successfully allocates a new JSArray but fails to allocate - the corresponding ArrayStorage for it, it falls back to the out-of-line stub call - to constructArray, which constructs and entirely new JSArray/ArrayStorage pair. - This leaves us with a JSArray hanging around on the stack or in a register that - did not go through its own constructor, thus giving it uninitialized memory in the - two fields that are checked in JSArray::visitChildren. - - * jit/JITInlineMethods.h: - (JSC::JIT::emitAllocateJSArray): We try to allocate the ArrayStorage first, so that - if we fail we haven't generated the poisonous JSArray that can cause a GC crash. - * jit/JITOpcodes.cpp: - (JSC::JIT::emitSlow_op_new_array): - -2012-04-23 Filip Pizlo - - DFG on ARMv7 should not OSR exit on every integer division - https://bugs.webkit.org/show_bug.cgi?id=84661 - - Reviewed by Oliver Hunt. - - On ARMv7, ArithDiv no longer has to know whether or not to speculate integer (since - that was broken with the introduction of Int32ToDouble) nor does it have to know - whether or not to convert its result to integer. This is now taken care of for free - with the addition of the DoubleAsInt32 node, which represents a double-is-really-int - speculation. - - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::execute): - * dfg/DFGCSEPhase.cpp: - (JSC::DFG::CSEPhase::performNodeCSE): - * dfg/DFGFixupPhase.cpp: - (JSC::DFG::FixupPhase::fixupNode): - * dfg/DFGNodeType.h: - (DFG): - * dfg/DFGOSRExit.cpp: - (JSC::DFG::OSRExit::OSRExit): - (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow): - * dfg/DFGOSRExit.h: - (OSRExit): - * dfg/DFGPredictionPropagationPhase.cpp: - (JSC::DFG::PredictionPropagationPhase::propagate): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): - (JSC::DFG::SpeculativeJIT::compileDoubleAsInt32): - (DFG): - * dfg/DFGSpeculativeJIT.h: - (SpeculativeJIT): - (JSC::DFG::SpeculativeJIT::speculationCheck): - (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - -2012-04-24 Geoffrey Garen - - "GlobalHandle" HandleHeap (now WeakSet) allocations grow but do not shrink - https://bugs.webkit.org/show_bug.cgi?id=84740 - - - Reviewed by Gavin Barraclough. - - Shrink! - - * heap/Heap.cpp: - (JSC::Heap::destroy): Be more specific about what's shrinking, since we - can also shrink the WeakSet, but we don't do so here. - - (JSC::Heap::collect): If we're going to shrink the heap, shrink the - WeakSet too. Otherwise, its footprint is permanent. - - * heap/Heap.h: - (Heap): Removed shrink() as a public interface, since it's vague about - which parts of the heap it affects, and it's really an internal detail. - - * heap/WeakSet.cpp: - (JSC::WeakSet::shrink): Nix any free blocks. We assume that sweep() has - already taken place, since that's the convention for shrink() in the heap. - - * heap/WeakSet.h: - (WeakSet): New function! - -2012-04-24 Adam Klein - - Fix includes in StrongInlines.h and ScriptValue.h - https://bugs.webkit.org/show_bug.cgi?id=84659 - - Reviewed by Geoffrey Garen. - - * heap/StrongInlines.h: Include JSGlobalData.h, since JSGlobalData's - definiition is required here. - -2012-04-23 Filip Pizlo - - DFG OSR exit should ensure that all variables have been initialized - https://bugs.webkit.org/show_bug.cgi?id=84653 - - - Reviewed by Gavin Barraclough. - - Initialize all uncaptured dead variables to undefined on OSR exit. - - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::ValueSource::dump): - (JSC::DFG::SpeculativeJIT::compile): - (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): - * dfg/DFGSpeculativeJIT.h: - -2012-04-23 Oliver Hunt - - Call instruction for the baseline JIT stores origin info in wrong callframe - https://bugs.webkit.org/show_bug.cgi?id=84645 - - Reviewed by Gavin Barraclough. - - The baseline JIT was updating the wrong callframe when making a call. If the - call failed during dispatch (unable to perform codegen, calling a non-object) - we would attempt to use this information, but it would be completely wrong. - - * jit/JITCall.cpp: - (JSC::JIT::compileOpCall): - * jit/JITCall32_64.cpp: - (JSC::JIT::compileOpCall): - -2012-04-23 Filip Pizlo - - DFG must keep alive values that it will perform speculations on - https://bugs.webkit.org/show_bug.cgi?id=84638 - - - Reviewed by Oliver Hunt. - - * dfg/DFGNodeType.h: - (DFG): - -2012-04-23 Oliver Hunt - - Fix non-LLInt builds by temporarily removing an over-enthusiastic assertion - - * interpreter/Interpreter.cpp: - (JSC::Interpreter::executeCall): - -2012-04-22 Jon Lee - - Remove notifications support on Mac Lion. - https://bugs.webkit.org/show_bug.cgi?id=84554 - - - Reviewed by Sam Weinig. - - * Configurations/FeatureDefines.xcconfig: - -2012-04-21 Darin Adler - - Change JavaScript lexer to use 0 instead of -1 for sentinel, eliminating the need to put characters into ints - https://bugs.webkit.org/show_bug.cgi?id=84523 - - Reviewed by Oliver Hunt. - - Profiles showed that checks against -1 were costly, and I saw they could be eliminated. - Streamlined this code to use standard character types and 0 rather than -1. One benefit - of this is that there's no widening and narrowing. Another is that there are many cases - where we already have the correct behavior for 0, so can eliminate a branch that was - used to test for -1 before. Also eliminates typecasts in the code. - - * parser/Lexer.cpp: - (JSC::Lexer::invalidCharacterMessage): Updated use of String::format since m_current is now a - character type, not an int. - (JSC::Lexer::setCode): Use 0 rather than -1 when past the end. - (JSC::Lexer::shift): Ditto. Also spruced up the comment a bit. - (JSC::Lexer::atEnd): Added. New function that distinguishes an actual 0 character from the end - of the code. This can be used places we used to cheeck for -1. - (JSC::Lexer::peek): Updated to use -1 instead of 0. Removed meaningless comment. - (JSC::Lexer::parseFourDigitUnicodeHex): Changed to use character types instead of int. - (JSC::Lexer::shiftLineTerminator): Removed now-unneeded type casts. Changed local variable that - had a data-member-style name. - (JSC::Lexer::parseIdentifier): Removed now-unneeded explicit checks for -1, since the isIdentPart - function already returns false for the 0 character. Updated types in a couple other places. Used - the atEnd function where needed. - (JSC::Lexer::parseIdentifierSlowCase): More of the same. - (JSC::characterRequiresParseStringSlowCase): Added overloaded helper function for parseString. - (JSC::Lexer::parseString): Ditto. - (JSC::Lexer::parseStringSlowCase): Ditto. - (JSC::Lexer::parseMultilineComment): Ditto. - (JSC::Lexer::lex): More of the same. Also changed code to set the startOffset directly in - the tokenInfo instead of putting it in a local variable first, saving some memory access. - (JSC::Lexer::scanRegExp): Ditto. - (JSC::Lexer::skipRegExp): Ditto. - - * parser/Lexer.h: Changed return type of the peek function and type of m_current from int to - the character type. Added atEnd function. - (JSC::Lexer::setOffset): Used 0 instead of -1 and removed an overzealous attempt to optimize. - (JSC::Lexer::lexExpectIdentifier): Used 0 instead of -1. - -2012-04-21 Darin Adler - - Change JavaScript lexer to use 0 instead of -1 for sentinel, eliminating the need to put characters into ints - https://bugs.webkit.org/show_bug.cgi?id=84523 - - Reviewed by Oliver Hunt. - - Separate preparation step of copyright dates, renaming, and other small tweaks. - - * parser/Lexer.cpp: - (JSC::Lexer::invalidCharacterMessage): Removed "get" from name to match WebKit naming conventions. - (JSC::Lexer::peek): Removed meaningless comment. - (JSC::Lexer::parseFourDigitUnicodeHex): Renamed from getUnicodeCharacter to be more precise about - what this function does. - (JSC::Lexer::shiftLineTerminator): Renamed local variable that had a data-member-style name. - (JSC::Lexer::parseStringSlowCase): Updated for new name of parseFourDigitUnicodeHex. - (JSC::Lexer::lex): Updated for new name of invalidCharacterMessage. - - * parser/Lexer.h: Removed an unneeded forward declaration of the RegExp class. - Renamed getInvalidCharMessage to invalidCharacterMessage and made it const. Renamed - getUnicodeCharacter to parseFourDigitUnicodeHex. - -2012-04-20 Filip Pizlo - - DFG should optimize int8 and int16 arrays on ARMv7 - https://bugs.webkit.org/show_bug.cgi?id=84503 - - Reviewed by Oliver Hunt. - - * assembler/ARMv7Assembler.h: - (ARMv7Assembler): - (JSC::ARMv7Assembler::ldrsb): - (JSC::ARMv7Assembler::ldrsh): - * assembler/MacroAssemblerARMv7.h: - (JSC::MacroAssemblerARMv7::load16Signed): - (JSC::MacroAssemblerARMv7::load8Signed): - * bytecode/PredictedType.h: - (JSC::isActionableIntMutableArrayPrediction): - * dfg/DFGNode.h: - (JSC::DFG::Node::shouldSpeculateInt8Array): - (JSC::DFG::Node::shouldSpeculateInt16Array): - -2012-04-20 Oliver Hunt - - Add an ability to find the extent of a callframe - https://bugs.webkit.org/show_bug.cgi?id=84513 - - Reviewed by Filip Pizlo. - - Add a function to get the extent of a callframe and - use that function for a new assertion to make sure the - RegisterFile makes sense using that information. - - * interpreter/CallFrame.cpp: - (JSC::CallFrame::frameExtentInternal): - (JSC): - * interpreter/CallFrame.h: - (JSC::ExecState::frameExtent): - (ExecState): - * interpreter/Interpreter.cpp: - (JSC::Interpreter::executeCall): - -2012-04-20 Benjamin Poulain - - Inline the JSArray constructor - https://bugs.webkit.org/show_bug.cgi?id=84416 - - Reviewed by Geoffrey Garen. - - The constructor is trivial, no reason to jump for it. - - This makes the creation of array ~5% faster (on non-trivial cases, no empty arrays). - - * runtime/JSArray.cpp: - (JSC): - * runtime/JSArray.h: - (JSC::JSArray::JSArray): - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - -2012-04-20 Mark Hahnenberg - - Heap should cancel GC timer at the start of the collection - https://bugs.webkit.org/show_bug.cgi?id=84477 - - Reviewed by Geoffrey Garen. - - Currently the Heap cancels the GC timer at the conclusion of a collection. - We should change this to be at the beginning because something (e.g. a finalizer) - could call didAbandonObjectGraph(), which will schedule the timer, but then - we'll immediately unschedule the timer at the conclusion of the collection, - thus potentially preventing large swaths of memory from being reclaimed in a timely manner. - - * API/JSBase.cpp: - (JSGarbageCollect): Remove outdated fix-me and remove check for whether the Heap is - busy or not, since we're just scheduling a timer to run a GC in the future. - * heap/Heap.cpp: - (JSC::Heap::collect): Rename didCollect to willCollect and move the call to the - top of Heap::collect. - * runtime/GCActivityCallback.cpp: Renamed didCollect to willCollect. - (JSC::DefaultGCActivityCallback::willCollect): - * runtime/GCActivityCallback.h: Ditto. - (JSC::GCActivityCallback::willCollect): - (DefaultGCActivityCallback): - * runtime/GCActivityCallbackCF.cpp: Ditto. - (JSC::DefaultGCActivityCallback::willCollect): - -2012-04-20 Mark Hahnenberg - - JSGarbageCollect should not call collectAllGarbage() - https://bugs.webkit.org/show_bug.cgi?id=84476 - - Reviewed by Geoffrey Garen. - - * API/JSBase.cpp: - (JSGarbageCollect): Notify the Heap's GCActivityCallback using didAbandonObjectGraph. - -2012-04-19 Oliver Hunt - - Exception stack traces aren't complete when the exception starts in native code - https://bugs.webkit.org/show_bug.cgi?id=84073 - - Reviewed by Filip Pizlo. - - Refactored building the stack trace to so that we can construct - it earlier, and don't rely on any prior work performed in the - exception handling machinery. Also updated LLInt and the DFG to - completely initialise the callframes of host function calls. - - Also fixed a few LLInt paths that failed to correctly update the - topCallFrame. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - * dfg/DFGJITCompiler.h: - * dfg/DFGOperations.cpp: - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::emitCall): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::emitCall): - * interpreter/Interpreter.cpp: - (JSC::eval): - (JSC::Interpreter::getStackTrace): - (JSC::Interpreter::addStackTraceIfNecessary): - (JSC): - (JSC::Interpreter::throwException): - * interpreter/Interpreter.h: - (Interpreter): - * jit/JITCall.cpp: - (JSC::JIT::compileOpCall): - * jit/JITCall32_64.cpp: - (JSC::JIT::compileOpCall): - * jit/JITOpcodes.cpp: - (JSC::JIT::privateCompileCTINativeCall): - * jit/JITOpcodes32_64.cpp: - (JSC::JIT::privateCompileCTINativeCall): - * jsc.cpp: - (functionJSCStack): - * llint/LLIntExceptions.cpp: - (JSC::LLInt::interpreterThrowInCaller): - (JSC::LLInt::returnToThrow): - (JSC::LLInt::callToThrow): - * llint/LLIntSlowPaths.cpp: - (JSC::LLInt::handleHostCall): - * llint/LowLevelInterpreter32_64.asm: - * llint/LowLevelInterpreter64.asm: - * parser/Parser.h: - (JSC::::parse): - * runtime/Error.cpp: - (JSC::addErrorInfo): - (JSC::throwError): - * runtime/Error.h: - (JSC): - -2012-04-19 Mark Hahnenberg - - We're collecting pathologically due to small allocations - https://bugs.webkit.org/show_bug.cgi?id=84404 - - Reviewed by Geoffrey Garen. - - No change in performance on run-jsc-benchmarks. - - * dfg/DFGSpeculativeJIT.h: Replacing m_firstFreeCell with m_freeList. - (JSC::DFG::SpeculativeJIT::emitAllocateBasicJSObject): - * heap/CopiedSpace.cpp: Getting rid of any water mark related stuff, since it's no - longer useful. - (JSC::CopiedSpace::CopiedSpace): - (JSC::CopiedSpace::tryAllocateSlowCase): We now only call didAllocate here rather than - carrying out a somewhat complicated accounting job for our old water mark throughout CopiedSpace. - (JSC::CopiedSpace::tryAllocateOversize): Call the new didAllocate to notify the Heap of - newly allocated stuff. - (JSC::CopiedSpace::tryReallocateOversize): - (JSC::CopiedSpace::doneFillingBlock): - (JSC::CopiedSpace::doneCopying): - (JSC::CopiedSpace::destroy): - * heap/CopiedSpace.h: - (CopiedSpace): - * heap/CopiedSpaceInlineMethods.h: - (JSC::CopiedSpace::startedCopying): - * heap/Heap.cpp: Removed water mark related stuff, replaced with new bytesAllocated and - bytesAllocatedLimit to track how much memory has been allocated since the last collection. - (JSC::Heap::Heap): - (JSC::Heap::reportExtraMemoryCostSlowCase): - (JSC::Heap::collect): We now set the new limit of bytes that we can allocate before triggering - a collection to be the size of the Heap after the previous collection. Thus, we still have our - 2x allocation amount. - (JSC::Heap::didAllocate): Notifies the GC activity timer of how many bytes have been allocated - thus far and then adds the new number of bytes to the current total. - (JSC): - * heap/Heap.h: Removed water mark related stuff. - (JSC::Heap::notifyIsSafeToCollect): - (Heap): - (JSC::Heap::shouldCollect): - (JSC): - * heap/MarkedAllocator.cpp: - (JSC::MarkedAllocator::tryAllocateHelper): Refactored to use MarkedBlock's new FreeList struct. - (JSC::MarkedAllocator::allocateSlowCase): - (JSC::MarkedAllocator::addBlock): - * heap/MarkedAllocator.h: - (MarkedAllocator): - (JSC::MarkedAllocator::MarkedAllocator): - (JSC::MarkedAllocator::allocate): - (JSC::MarkedAllocator::zapFreeList): Refactored to take in a FreeList instead of a FreeCell. - * heap/MarkedBlock.cpp: - (JSC::MarkedBlock::specializedSweep): - (JSC::MarkedBlock::sweep): - (JSC::MarkedBlock::sweepHelper): - (JSC::MarkedBlock::zapFreeList): - * heap/MarkedBlock.h: - (FreeList): Added a new struct that keeps track of the current MarkedAllocator's - free list including the number of bytes of stuff in the free list so that when the free list is - exhausted, the correct amount can be reported to Heap. - (MarkedBlock): - (JSC::MarkedBlock::FreeList::FreeList): - (JSC): - * heap/MarkedSpace.cpp: Removing all water mark related stuff. - (JSC::MarkedSpace::MarkedSpace): - (JSC::MarkedSpace::resetAllocators): - * heap/MarkedSpace.h: - (MarkedSpace): - (JSC): - * heap/WeakSet.cpp: - (JSC::WeakSet::findAllocator): Refactored to use the didAllocate interface with the Heap. This - function still needs work though now that the Heap knows how many bytes have been allocated - since the last collection. - * jit/JITInlineMethods.h: Refactored to use MarkedBlock's new FreeList struct. - (JSC::JIT::emitAllocateBasicJSObject): Ditto. - * llint/LowLevelInterpreter.asm: Ditto. - * runtime/GCActivityCallback.cpp: - (JSC::DefaultGCActivityCallback::didAllocate): - * runtime/GCActivityCallback.h: - (JSC::GCActivityCallback::didAllocate): Renamed willAllocate to didAllocate to indicate that - the allocation that is being reported has already taken place. - (DefaultGCActivityCallback): - * runtime/GCActivityCallbackCF.cpp: - (JSC): - (JSC::DefaultGCActivityCallback::didAllocate): Refactored to return early if the amount of - allocation since the last collection is not above a threshold (initially arbitrarily chosen to - be 128KB). - -2012-04-19 Filip Pizlo - - MacroAssemblerARMv7::branchTruncateDoubleToUint32 should obey the overflow signal - https://bugs.webkit.org/show_bug.cgi?id=84401 - - Reviewed by Gavin Barraclough. - - * assembler/MacroAssemblerARMv7.h: - (JSC::MacroAssemblerARMv7::branchTruncateDoubleToUint32): - -2012-04-19 Don Olmstead - - KeywordLookupGenerator.py should take an output file as an argument - https://bugs.webkit.org/show_bug.cgi?id=84292 - - Reviewed by Eric Seidel. - - Extended KeywordLookupGenerator to accept an additional argument specifying an output file. If this argument is found stdout is redirected to a file for the duration of the script. - - * KeywordLookupGenerator.py: - -2012-04-19 Filip Pizlo - - It should be possible to perform debugCall on ARMv7 - https://bugs.webkit.org/show_bug.cgi?id=84381 - - Reviewed by Oliver Hunt. - - debugCall() was clobbering the argument to the call it was making, leading to a - corrupt ExecState*. This change fixes that issue by using a scratch register that - does not clobber arguments, and it also introduces more assertions that we have - a valid call frame. - - * dfg/DFGAssemblyHelpers.cpp: - (DFG): - (JSC::DFG::AssemblyHelpers::jitAssertHasValidCallFrame): - * dfg/DFGAssemblyHelpers.h: - (JSC::DFG::AssemblyHelpers::selectScratchGPR): - (AssemblyHelpers): - (JSC::DFG::AssemblyHelpers::debugCall): - (JSC::DFG::AssemblyHelpers::jitAssertHasValidCallFrame): - * dfg/DFGJITCompiler.cpp: - (JSC::DFG::JITCompiler::linkOSRExits): - * dfg/DFGOSRExitCompiler.cpp: - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::selectScratchGPR): - -2012-04-19 Filip Pizlo - - LLInt no-JIT fallback native call trampoline's exception handler incorrectly assumes that - the PB/PC has been preserved - https://bugs.webkit.org/show_bug.cgi?id=84367 - - Reviewed by Oliver Hunt. - - * llint/LowLevelInterpreter32_64.asm: - * llint/LowLevelInterpreter64.asm: - -2012-04-19 Filip Pizlo - - It should be possible to load from Float64 arrays on ARMv7 without crashing - https://bugs.webkit.org/show_bug.cgi?id=84361 - - Reviewed by Oliver Hunt. - - * assembler/MacroAssemblerARMv7.h: - (JSC::MacroAssemblerARMv7::loadDouble): - (JSC::MacroAssemblerARMv7::storeDouble): - -2012-04-19 Dominik Röttsches - - [CMake] Build fix after r114575 - https://bugs.webkit.org/show_bug.cgi?id=84322 - - Reviewed by Simon Hausmann. - - Build fix, adding WTF when linking jsc shell. - - * shell/CMakeLists.txt: - -2012-04-18 Filip Pizlo - - JSC testing should have complete coverage over typed array types - https://bugs.webkit.org/show_bug.cgi?id=84302 - - Reviewed by Geoff Garen. - - Added Uint8ClampedArray to the set of typed arrays that are supported by jsc - command-line. - - * JSCTypedArrayStubs.h: - (JSC): - * jsc.cpp: - (GlobalObject::finishCreation): - -2012-04-18 Filip Pizlo - - jsc command line should support typed arrays by default - https://bugs.webkit.org/show_bug.cgi?id=84298 - - Rubber stamped by Gavin Barraclough. - - * JSCTypedArrayStubs.h: - (JSC): - * jsc.cpp: - (GlobalObject::finishCreation): - -2012-04-18 Filip Pizlo - - JSVALUE32_64 should be able to perform division on ARM without crashing, and variables - forced double should not be scrambled when performing OSR entry - https://bugs.webkit.org/show_bug.cgi?id=84272 - - Reviewed by Geoff Garen. - - * dfg/DFGFixupPhase.cpp: - (JSC::DFG::FixupPhase::fixupNode): - * dfg/DFGOSREntry.cpp: - (JSC::DFG::prepareOSREntry): - -2012-04-18 Don Olmstead - - JavaScriptCore.gypi not current - https://bugs.webkit.org/show_bug.cgi?id=84224 - - Reviewed by Eric Seidel. - - Updated JavaScriptCore.gypi to contain the latest sources. Removed os-win32 as it wasn't used. Also removed references to ICU files in the gypi file as ICU is most likely specified by the port itself. - - Private and public header files were determined by looking at copy-files.cmd within Apple's Visual Studio directory. - - * JavaScriptCore.gypi: - -2012-04-18 Benjamin Poulain - - Remove m_subclassData from JSArray, move the attribute to subclass as needed - https://bugs.webkit.org/show_bug.cgi?id=84249 - - Reviewed by Geoffrey Garen. - - JSArray's m_subclassData is only used by WebCore's RuntimeArray. This patch moves - the attribute to RuntimeArray to avoid allocating memory for the pointer in the common - case. - - This gives ~1% improvement in JSArray creation microbenchmark thanks to fewer allocations - of CopiedSpace. - - * jit/JITInlineMethods.h: - (JSC::JIT::emitAllocateJSArray): - * runtime/JSArray.cpp: - (JSC::JSArray::JSArray): - * runtime/JSArray.h: - -2012-04-18 Benjamin Poulain - - replaceUsingStringSearch: delay the creation of the replace string until needed - https://bugs.webkit.org/show_bug.cgi?id=83841 - - Reviewed by Geoffrey Garen. - - We do not need to obtain the replaceValue until we have a match. By moving the intialization - of replaceValue when needed, we save a few instructions when there is no match. - - * runtime/StringPrototype.cpp: - (JSC::replaceUsingRegExpSearch): - (JSC::replaceUsingStringSearch): - (JSC::stringProtoFuncReplace): - -2012-04-18 Mark Hahnenberg - - GC activity timer should be tied to allocation, not collection - https://bugs.webkit.org/show_bug.cgi?id=83919 - - Reviewed by Geoffrey Garen. - - * API/JSContextRef.cpp: Used the new didAbandonObjectGraph callback to indicate that now that we've - released a global object, we're abandoning a potentially large number of objects that JSC might want - to collect. - * heap/CopiedSpace.cpp: - (JSC::CopiedSpace::tryAllocateSlowCase): Added the call to timer's willAllocate function to indicate - that we've hit a slow path and are allocating now, so schedule the timer. - * heap/Heap.cpp: - (JSC::Heap::Heap): - (JSC::Heap::collectAllGarbage): Removed the call to discardAllCompiledCode because it was causing us to - throw away too much code during our benchmarks (especially vp8, which is very large and thus has large - amounts of compiled code). - (JSC::Heap::collect): Added the new call to didCollect at the conclusion of a collection so that we - can cancel the timer if we no longer need to run a collection. Also added a check at the beginning of a - collection to see if we should throw away our compiled code. Currently this is set to happen about once - every minute. - * heap/Heap.h: Added field to keep track of the last time we threw away our compiled code. - * heap/MarkedAllocator.cpp: - (JSC::MarkedAllocator::allocateSlowCase): Added call to willAllocate on the allocation slow path, just like - in CopiedSpace. - * runtime/GCActivityCallback.cpp: Added default stubs for non-CF platforms. - (JSC::DefaultGCActivityCallback::willAllocate): - (JSC): - (JSC::DefaultGCActivityCallback::didCollect): - (JSC::DefaultGCActivityCallback::didAbandonObjectGraph): - * runtime/GCActivityCallback.h: Added new functions to make JSC's GC timer less arcane. This includes replacing - the operator () with willAllocate() and adding an explicit didCollect() to cancel the timer after a collection - occurs rather than relying on the way the timer is invoked to cancel itself. Also added a callback for - when somebody else (e.g. WebCore or the JSC API) to notify JSC that they have just abandoned an entire graph of - objects and that JSC might want to clean them up. - (JSC::GCActivityCallback::~GCActivityCallback): - (JSC::GCActivityCallback::willAllocate): - (JSC::GCActivityCallback::didCollect): - (JSC::GCActivityCallback::didAbandonObjectGraph): - (JSC::GCActivityCallback::synchronize): - (DefaultGCActivityCallback): - * runtime/GCActivityCallbackCF.cpp: Re-wired all the run loop stuff to implement the aforementioned functions. - We added a flag to check whether the timer was active because the call to CFRunLoopTimerSetNextFireDate actually - turned out to be quite expensive (although Instruments couldn't tell us this). - (DefaultGCActivityCallbackPlatformData): - (JSC): - (JSC::DefaultGCActivityCallbackPlatformData::timerDidFire): - (JSC::DefaultGCActivityCallback::commonConstructor): - (JSC::scheduleTimer): - (JSC::cancelTimer): - (JSC::DefaultGCActivityCallback::willAllocate): - (JSC::DefaultGCActivityCallback::didCollect): - (JSC::DefaultGCActivityCallback::didAbandonObjectGraph): - -2012-04-17 Filip Pizlo - - DFG should not attempt to get rare case counts for op_mod on ARM - https://bugs.webkit.org/show_bug.cgi?id=84218 - - Reviewed by Geoff Garen. - - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::makeSafe): - * dfg/DFGCommon.h: - (JSC::DFG::isX86): - (DFG): - -2012-04-17 Myles Maxfield - - BumpPointerAllocator assumes page size is less than MINIMUM_BUMP_POOL_SIZE - https://bugs.webkit.org/show_bug.cgi?id=80912 - - Reviewed by Hajime Morita. - - * wtf/BumpPointerAllocator.h: - (WTF::BumpPointerPool::create): - -2012-04-17 Filip Pizlo - - Attempt to fix Windows build. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - -2012-04-17 Filip Pizlo - - It should be possible to create an inheritorID for the global this object without crashing - https://bugs.webkit.org/show_bug.cgi?id=84200 - - - Reviewed by Oliver Hunt. - - * runtime/JSGlobalThis.cpp: - (JSC::JSGlobalThis::setUnwrappedObject): - * runtime/JSGlobalThis.h: - (JSC::JSGlobalThis::unwrappedObject): - (JSGlobalThis): - * runtime/JSObject.cpp: - (JSC::JSObject::createInheritorID): - * runtime/JSObject.h: - (JSObject): - (JSC::JSObject::resetInheritorID): - -2012-04-17 Filip Pizlo - - DFG and LLInt should not clobber the frame pointer on ARMv7 - https://bugs.webkit.org/show_bug.cgi?id=84185 - - - Reviewed by Gavin Barraclough. - - Changed LLInt to use a different register. Changed DFG to use one fewer - registers. We should revisit this and switch the DFG to use a different - register instead of r7, but we can do that in a subsequent step since - the performance effect is tiny. - - * dfg/DFGGPRInfo.h: - (GPRInfo): - (JSC::DFG::GPRInfo::toRegister): - (JSC::DFG::GPRInfo::toIndex): - * offlineasm/armv7.rb: - -2012-04-17 Filip Pizlo - - use after free in JSC::DFG::Node::op / JSC::DFG::ByteCodeParser::flushArgument - https://bugs.webkit.org/show_bug.cgi?id=83942 - - - Reviewed by Gavin Barraclough. - - Don't use references to the graph after resizing the graph. - - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::flushArgument): - -2012-04-16 Gavin Barraclough - - Array.prototype.toString should be generic - https://bugs.webkit.org/show_bug.cgi?id=81588 - - Reviewed by Sam Weinig. - - * runtime/ArrayPrototype.cpp: - (JSC::arrayProtoFuncToString): - - check for join function, use fast case if base object is array & join is present & default. - * runtime/CommonIdentifiers.h: - - added 'join'. - -2012-04-16 Carlos Garcia Campos - - Unreviewed. Fix make distcheck issues. - - * GNUmakefile.list.am: Add missing files. - -2012-04-16 Sheriff Bot - - Unreviewed, rolling out r114309. - http://trac.webkit.org/changeset/114309 - https://bugs.webkit.org/show_bug.cgi?id=84097 - - it broke everything (Requested by olliej on #webkit). - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - * bytecode/CodeBlock.h: - * dfg/DFGOperations.cpp: - * interpreter/Interpreter.cpp: - (JSC::Interpreter::getStackTrace): - (JSC::Interpreter::throwException): - * interpreter/Interpreter.h: - (Interpreter): - * jit/JITStubs.cpp: - (JSC::DEFINE_STUB_FUNCTION): - * jsc.cpp: - (functionJSCStack): - * llint/LLIntSlowPaths.cpp: - (JSC::LLInt::handleHostCall): - * parser/Parser.h: - (JSC::::parse): - * runtime/Error.cpp: - (JSC::addErrorInfo): - (JSC::throwError): - * runtime/Error.h: - (JSC): - -2012-04-16 Oliver Hunt - - Exception stack traces aren't complete when the exception starts in native code - https://bugs.webkit.org/show_bug.cgi?id=84073 - - Reviewed by Gavin Barraclough. - - Refactored building the stack trace to so that we can construct - it earlier, and don't rely on any prior work performed in the - exception handling machinery. Also updated LLInt and the DFG to - completely initialise the callframes of host function calls. - - * bytecode/CodeBlock.h: - (JSC::CodeBlock::codeOriginIndexForReturn): - (CodeBlock): - * dfg/DFGOperations.cpp: - * interpreter/Interpreter.cpp: - (JSC::Interpreter::getStackTrace): - (JSC::Interpreter::addStackTraceIfNecessary): - (JSC): - (JSC::Interpreter::throwException): - * interpreter/Interpreter.h: - (Interpreter): - * jit/JITStubs.cpp: - (JSC::DEFINE_STUB_FUNCTION): - * jsc.cpp: - (functionJSCStack): - * llint/LLIntSlowPaths.cpp: - (JSC::LLInt::handleHostCall): - * parser/Parser.h: - (JSC::::parse): - * runtime/Error.cpp: - (JSC::addErrorInfo): - (JSC::throwError): - * runtime/Error.h: - (JSC): - -2012-04-16 Oliver Hunt - - Fix COMMANDLINE_TYPEDARRAYS build - https://bugs.webkit.org/show_bug.cgi?id=84051 - - Reviewed by Gavin Barraclough. - - Update for new putByIndex API and wtf changes. - - * JSCTypedArrayStubs.h: - (JSC): - -2012-04-16 Mark Hahnenberg - - GC in the middle of JSObject::allocatePropertyStorage can cause badness - https://bugs.webkit.org/show_bug.cgi?id=83839 - - Reviewed by Geoffrey Garen. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - * jit/JITStubs.cpp: Making changes to use the new return value of growPropertyStorage. - (JSC::DEFINE_STUB_FUNCTION): - * runtime/JSObject.cpp: - (JSC::JSObject::growPropertyStorage): Renamed to more accurately reflect that we're - growing our already-existing PropertyStorage. - * runtime/JSObject.h: - (JSObject): - (JSC::JSObject::setPropertyStorage): "Atomically" sets the new property storage - and the new structure so that we can be sure a GC never occurs when our Structure - info is out of sync with our PropertyStorage. - (JSC): - (JSC::JSObject::putDirectInternal): Moved the check to see if we should - allocate more backing store before the actual property insertion into - the structure. - (JSC::JSObject::putDirectWithoutTransition): Ditto. - (JSC::JSObject::transitionTo): Ditto. - * runtime/Structure.cpp: - (JSC::Structure::suggestedNewPropertyStorageSize): Added to keep the resize policy - for property backing stores contained within the Structure class. - (JSC): - * runtime/Structure.h: - (JSC::Structure::shouldGrowPropertyStorage): Lets clients know if another insertion - into the Structure would require resizing the property backing store so that they can - preallocate the required storage. - (Structure): - -2012-04-13 Sheriff Bot - - Unreviewed, rolling out r114185. - http://trac.webkit.org/changeset/114185 - https://bugs.webkit.org/show_bug.cgi?id=83967 - - Broke a bunch of JavaScript related tests (Requested by - andersca on #webkit). - - * runtime/ArrayPrototype.cpp: - (JSC::arrayProtoFuncToString): - (JSC::arrayProtoFuncToLocaleString): - * runtime/CommonIdentifiers.h: - * tests/mozilla/ecma/Array/15.4.4.2.js: - (getTestCases): - -2012-04-13 Gavin Barraclough - - Don't rely on fixed offsets to patch calls - https://bugs.webkit.org/show_bug.cgi?id=83966 - - Rubber stamped by Oliver Hunt. - - These aren't being used anywhere! - - * jit/JIT.h: - * jit/JITCall.cpp: - (JSC::JIT::compileOpCall): - * jit/JITCall32_64.cpp: - (JSC::JIT::compileOpCall): - -2012-04-13 Hojong Han - - Array.prototype.toString and Array.prototype.toLocaleString should be generic - https://bugs.webkit.org/show_bug.cgi?id=81588 - - Reviewed by Gavin Barraclough. - - * runtime/ArrayPrototype.cpp: - (JSC::arrayProtoFuncToString): - (JSC::arrayProtoFuncToLocaleString): - * runtime/CommonIdentifiers.h: - * tests/mozilla/ecma/Array/15.4.4.2.js: - (getTestCases.array.item.new.TestCase): - (getTestCases): - -2012-04-13 Gavin Barraclough - - Don't rely on fixed offsets to patch method checks - https://bugs.webkit.org/show_bug.cgi?id=83958 - - Reviewed by Oliver Hunt. - - * bytecode/StructureStubInfo.h: - - Add fields for the method check info. - * jit/JIT.cpp: - (JSC::PropertyStubCompilationInfo::copyToStubInfo): - - Store the offsets on the stub info, instead of asserting. - * jit/JIT.h: - - Delete all the method check related offsets. - * jit/JITPropertyAccess.cpp: - (JSC::JIT::patchMethodCallProto): - - Use the offset from the stubInfo. - * jit/JITStubs.cpp: - (JSC::DEFINE_STUB_FUNCTION): - - Pass the stubInfo to patchMethodCallProto. - -2012-04-13 Gavin Barraclough - - Don't rely on fixed offsets to patch get_by_id/put_by_id - https://bugs.webkit.org/show_bug.cgi?id=83924 - - Reviewed by Oliver Hunt. - - Store offsets in the structure stub info, as we do for the DFG JIT. - - * assembler/AbstractMacroAssembler.h: - (JSC::AbstractMacroAssembler::differenceBetween): - - this method can be static (now used from PropertyStubCompilationInfo::copyToStubInfo, will be removed soon!) - * bytecode/StructureStubInfo.h: - - added new fields for baseline JIT offsets. - * jit/JIT.cpp: - (JSC::PropertyStubCompilationInfo::copyToStubInfo): - - moved out from JIT::privateCompile. - (JSC::JIT::privateCompile): - - moved out code to PropertyStubCompilationInfo::copyToStubInfo. - * jit/JIT.h: - (PropertyStubCompilationInfo): - - added helper functions to initializae PropertyStubCompilationInfo, state to store more offset info. - - removed many offsets. - * jit/JITPropertyAccess.cpp: - (JSC::JIT::emit_op_method_check): - (JSC::JIT::compileGetByIdHotPath): - (JSC::JIT::compileGetByIdSlowCase): - (JSC::JIT::emit_op_put_by_id): - (JSC::JIT::emitSlow_op_put_by_id): - (JSC::JIT::patchGetByIdSelf): - (JSC::JIT::patchPutByIdReplace): - (JSC::JIT::privateCompilePatchGetArrayLength): - (JSC::JIT::privateCompileGetByIdProto): - (JSC::JIT::privateCompileGetByIdSelfList): - (JSC::JIT::privateCompileGetByIdProtoList): - (JSC::JIT::privateCompileGetByIdChainList): - (JSC::JIT::privateCompileGetByIdChain): - (JSC::JIT::resetPatchGetById): - (JSC::JIT::resetPatchPutById): - - changed code generation to use new interface to store info on PropertyStubCompilationInfo. - - changed repatch functions to read offsets from the structure stub info. - * jit/JITPropertyAccess32_64.cpp: - (JSC::JIT::emit_op_method_check): - (JSC::JIT::compileGetByIdHotPath): - (JSC::JIT::compileGetByIdSlowCase): - (JSC::JIT::emit_op_put_by_id): - (JSC::JIT::emitSlow_op_put_by_id): - (JSC::JIT::patchGetByIdSelf): - (JSC::JIT::patchPutByIdReplace): - (JSC::JIT::privateCompilePatchGetArrayLength): - (JSC::JIT::privateCompileGetByIdProto): - (JSC::JIT::privateCompileGetByIdSelfList): - (JSC::JIT::privateCompileGetByIdProtoList): - (JSC::JIT::privateCompileGetByIdChainList): - (JSC::JIT::privateCompileGetByIdChain): - (JSC::JIT::resetPatchGetById): - (JSC::JIT::resetPatchPutById): - - changed code generation to use new interface to store info on PropertyStubCompilationInfo. - - changed repatch functions to read offsets from the structure stub info. - -2012-04-13 Rob Buis - - Fix some compiler warnings (miscellaneous) - https://bugs.webkit.org/show_bug.cgi?id=80790 - - Reviewed by Antonio Gomes. - - Fix signed/unsigned comparison warning. - - * parser/Lexer.cpp: - (JSC::::record16): - -2012-04-12 Benjamin Poulain - - Improve replaceUsingStringSearch() for case of a single character searchValue - https://bugs.webkit.org/show_bug.cgi?id=83738 - - Reviewed by Geoffrey Garen. - - This patch improves replaceUsingStringSearch() with the following: - -Add a special case for single character search, taking advantage of the faster WTF::find(). - -Inline replaceUsingStringSearch(). - -Use StringImpl::create() instead of UString::substringSharingImpl() since we know we are in the bounds - by definition. - - This gives less than 1% improvement for the multicharacter replace. - The single character search show about 9% improvement. - - * runtime/StringPrototype.cpp: - (JSC::replaceUsingStringSearch): - -2012-04-12 Michael Saboff - - StructureStubInfo::reset() causes leaks of PolymorphicAccessStructureList and ExecutableMemoryHandle objects - https://bugs.webkit.org/show_bug.cgi?id=83823 - - Reviewed by Gavin Barraclough. - - Put the clearing of the accessType to after the call to deref() so that - deref() can use the accessType to delete referenced objects as needed. - - * bytecode/StructureStubInfo.h: - (JSC::StructureStubInfo::reset): - -2012-04-12 Balazs Kelemen - - [Qt] Fix WebKit1 build with V8 - https://bugs.webkit.org/show_bug.cgi?id=83322 - - Reviewed by Adam Barth. - - * yarr/yarr.pri: - -2012-04-12 Gavin Barraclough - - https://bugs.webkit.org/show_bug.cgi?id=83821 - Move dfg repatching properties of structure stub info into a union - - Reviewed by Oliver Hunt. - - We want to be able to have similar properties for the baseline JIT, some restructuring to prepare for this. - - * bytecode/StructureStubInfo.h: - (StructureStubInfo): - * dfg/DFGJITCompiler.cpp: - (JSC::DFG::JITCompiler::link): - * dfg/DFGRepatch.cpp: - (JSC::DFG::dfgRepatchByIdSelfAccess): - (JSC::DFG::linkRestoreScratch): - (JSC::DFG::generateProtoChainAccessStub): - (JSC::DFG::tryCacheGetByID): - (JSC::DFG::tryBuildGetByIDList): - (JSC::DFG::tryBuildGetByIDProtoList): - (JSC::DFG::emitPutReplaceStub): - (JSC::DFG::emitPutTransitionStub): - (JSC::DFG::tryCachePutByID): - (JSC::DFG::tryBuildPutByIdList): - (JSC::DFG::dfgResetGetByID): - (JSC::DFG::dfgResetPutByID): - -2012-04-12 Gavin Barraclough - - Delete a bunch of unused, copy & pasted values in JIT.h - https://bugs.webkit.org/show_bug.cgi?id=83822 - - Reviewed by Oliver Hunt. - - The only architecture we support the JSVALUE64 JIT on is x86-64, all the patch offsets for other architectures are just nonsense. - - * jit/JIT.h: - (JIT): - -2012-04-12 Csaba Osztrogonác - - [Qt][ARM] Buildfix after r113934. - - Reviewed by Zoltan Herczeg. - - * assembler/MacroAssemblerARM.h: - (JSC::MacroAssemblerARM::compare8): - (MacroAssemblerARM): - -2012-04-11 Filip Pizlo - - It is incorrect to short-circuit Branch(LogicalNot(@a)) if boolean speculations on @a may fail - https://bugs.webkit.org/show_bug.cgi?id=83744 - - - Reviewed by Andy Estes. - - This does the conservative thing: it only short-circuits Branch(LogicalNot(@a)) if @a is a node - that is statically known to return boolean results. - - * dfg/DFGFixupPhase.cpp: - (JSC::DFG::FixupPhase::fixupNode): - -2012-04-11 Michael Saboff - - Invalid Union Reference in StructureStubInfo.{cpp.h} - https://bugs.webkit.org/show_bug.cgi?id=83735 - - Reviewed by Filip Pizlo. - - Changed the references to u.getByIdProtoList and u.getByIdSelfList - to be consistent. - - * bytecode/StructureStubInfo.cpp: - (JSC::StructureStubInfo::visitWeakReferences): - * bytecode/StructureStubInfo.h: - (JSC::StructureStubInfo::initGetByIdSelfList): - -2012-04-11 Filip Pizlo - - Unreviewed attempting to make Qt's eccentric hardware work. - - * assembler/MacroAssemblerARM.h: - (JSC::MacroAssemblerARM::compare8): - (MacroAssemblerARM): - * assembler/MacroAssemblerMIPS.h: - (JSC::MacroAssemblerMIPS::compare8): - (MacroAssemblerMIPS): - * assembler/MacroAssemblerSH4.h: - (JSC::MacroAssemblerSH4::compare8): - (MacroAssemblerSH4): - -2012-04-11 Filip Pizlo - - op_is_foo should be optimized - https://bugs.webkit.org/show_bug.cgi?id=83666 - - Reviewed by Gavin Barraclough. - - This implements inlining of op_is_undefined, op_is_string, op_is_number, - and op_is_boolean in LLInt and the baseline JIT. op_is_object and - op_is_function are not inlined because they are quite a bit more complex. - - This also implements all of the op_is_foo opcodes in the DFG, but it does - not do any type profiling based optimizations, yet. - - * assembler/MacroAssemblerARMv7.h: - (JSC::MacroAssemblerARMv7::compare8): - (MacroAssemblerARMv7): - * assembler/MacroAssemblerX86Common.h: - (JSC::MacroAssemblerX86Common::compare8): - (MacroAssemblerX86Common): - * assembler/MacroAssemblerX86_64.h: - (MacroAssemblerX86_64): - (JSC::MacroAssemblerX86_64::testPtr): - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::execute): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::parseBlock): - * dfg/DFGCCallHelpers.h: - (JSC::DFG::CCallHelpers::setupArguments): - (CCallHelpers): - * dfg/DFGCSEPhase.cpp: - (JSC::DFG::CSEPhase::performNodeCSE): - * dfg/DFGCapabilities.h: - (JSC::DFG::canCompileOpcode): - * dfg/DFGNodeType.h: - (DFG): - * dfg/DFGOperations.cpp: - * dfg/DFGOperations.h: - * dfg/DFGPredictionPropagationPhase.cpp: - (JSC::DFG::PredictionPropagationPhase::propagate): - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::callOperation): - (JSC::DFG::SpeculativeJIT::appendCallSetResult): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * jit/JIT.cpp: - (JSC::JIT::privateCompileMainPass): - * jit/JIT.h: - (JIT): - * jit/JITOpcodes.cpp: - (JSC::JIT::emit_op_is_undefined): - (JSC): - (JSC::JIT::emit_op_is_boolean): - (JSC::JIT::emit_op_is_number): - (JSC::JIT::emit_op_is_string): - * jit/JITOpcodes32_64.cpp: - (JSC::JIT::emit_op_is_undefined): - (JSC): - (JSC::JIT::emit_op_is_boolean): - (JSC::JIT::emit_op_is_number): - (JSC::JIT::emit_op_is_string): - * jit/JITStubs.cpp: - (JSC): - * llint/LLIntSlowPaths.cpp: - (LLInt): - * llint/LLIntSlowPaths.h: - (LLInt): - * llint/LowLevelInterpreter.asm: - * llint/LowLevelInterpreter32_64.asm: - * llint/LowLevelInterpreter64.asm: - * offlineasm/armv7.rb: - * offlineasm/instructions.rb: - * offlineasm/x86.rb: - -2012-04-11 Filip Pizlo - - If you use an IntegerOperand and want to return it with integerResult, you need to - zero extend to get rid of the box - https://bugs.webkit.org/show_bug.cgi?id=83734 - - - Reviewed by Oliver Hunt. - - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::fillInteger): - (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32): - -2012-04-11 Filip Pizlo - - SpeculativeJIT::fillStorage() should work with all the states that a cell may be in - https://bugs.webkit.org/show_bug.cgi?id=83722 - - Reviewed by Gavin Barraclough. - - It's now possible to do StorageOperand on a cell, in the case that the storage is - inline. But this means that fillStorage() must be able to handle all of the states - that a cell might be in. Previously it didn't. - - With this change, it now does handle all of the states, and moreover, it does so - by preserving the DataFormat of cells and performing all of the cell speculations - that should be performed if you're using a cell as storage. But if you use this on - something that is known to be storage already then it behaves as it did before. - - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::fillStorage): - -2012-04-11 Filip Pizlo - - Global variable predictions should not be coalesced unnecessarily - https://bugs.webkit.org/show_bug.cgi?id=83678 - - Reviewed by Geoff Garen. - - Removed the PredictionTracker and everyone who used it. Converted GetGlobalVar - to have a heapPrediction like a civilized DFG opcode ought to. - - No performance effect. - - * GNUmakefile.list.am: - * JavaScriptCore.xcodeproj/project.pbxproj: - * bytecode/CodeBlock.h: - * bytecode/PredictionTracker.h: Removed. - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::parseBlock): - * dfg/DFGGenerationInfo.h: - * dfg/DFGGraph.cpp: - (JSC::DFG::Graph::dump): - * dfg/DFGGraph.h: - (Graph): - * dfg/DFGNode.h: - (JSC::DFG::Node::hasHeapPrediction): - * dfg/DFGPredictionPropagationPhase.cpp: - (JSC::DFG::PredictionPropagationPhase::propagate): - -2012-04-11 Benjamin Poulain - - Optimize String.split() for 1 character separator - https://bugs.webkit.org/show_bug.cgi?id=83546 - - Reviewed by Gavin Barraclough. - - This patch adds a serie of optimizations to make stringProtoFuncSplit() faster in the common case - where the separator is a single character. - - The two main gains are: - -Use of the find() function with a single character instead of doing a full string matching. - -Use of WTF::find() instead of UString::find() to avoid branching on is8Bit() and have a simpler inline - function. - - The code is also changed to avoid making unnecessary allocations by converting the 8bit string to 16bits. - - This makes String.split() faster by about 13% in that particular case. - - * runtime/StringPrototype.cpp: - (JSC): - (JSC::splitStringByOneCharacterImpl): - (JSC::stringProtoFuncSplit): - -2012-04-10 Carlos Garcia Campos - - Unreviewed. Fix make distcheck issues. - - * GNUmakefile.list.am: Ad missing files. - -2012-04-10 Mark Rowe - - Attempt to fix the Windows build. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - -2012-04-10 Patrick Gansterer - - Cleanup wtf/Platform.h and config.h files - https://bugs.webkit.org/show_bug.cgi?id=83431 - - Reviewed by Eric Seidel. - - The ENABLE() and USE() macros take care about the case when the flag - isn't defined. So there is no need to define anything with 0. - - Also move duplicated code from the config.h files to Platform.h and - merge a few preprocessor commands to make the file more readable. - - * config.h: - -2012-04-10 Filip Pizlo - - DFG should flush SetLocals to arguments - https://bugs.webkit.org/show_bug.cgi?id=83554 - - Reviewed by Gavin Barraclough. - - This is necessary to match baseline JIT argument capture behavior. - - But to make this work right we need to have a story for arguments into - which we store values of different formats. This patch introduces the - notion of an ArgumentPosition - i.e. an argument in a particular inline - call frame - and forces unification of all data pertinent to selecting - the argument's data format. - - Also fixed an amusing bug in the handling of OSR on SetLocals if there - was any insertion/deletion of nodes in the basic block. This is benign - for now but won't be eventually since the DFG is getting smarter. So - better fix it now. - - Also fixed an amusing bug in the handling of OSR on SetLocals if they - are immediately followed by a Flush. I think this bug might have always - been there but now it'll happen more commonly, and it's covered by the - run-javascriptcore-tests. - - * JavaScriptCore.xcodeproj/project.pbxproj: - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::execute): - * dfg/DFGArgumentPosition.h: Added. - (DFG): - (ArgumentPosition): - (JSC::DFG::ArgumentPosition::ArgumentPosition): - (JSC::DFG::ArgumentPosition::addVariable): - (JSC::DFG::ArgumentPosition::mergeArgumentAwareness): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::setLocal): - (JSC::DFG::ByteCodeParser::setArgument): - (InlineStackEntry): - (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): - * dfg/DFGDoubleFormatState.h: Added. - (DFG): - (JSC::DFG::mergeDoubleFormatStates): - (JSC::DFG::mergeDoubleFormatState): - (JSC::DFG::doubleFormatStateToString): - * dfg/DFGGraph.h: - (Graph): - * dfg/DFGPredictionPropagationPhase.cpp: - (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGVariableAccessData.h: - (JSC::DFG::VariableAccessData::VariableAccessData): - (JSC::DFG::VariableAccessData::predict): - (JSC::DFG::VariableAccessData::argumentAwarePrediction): - (VariableAccessData): - (JSC::DFG::VariableAccessData::mergeArgumentAwarePrediction): - (JSC::DFG::VariableAccessData::doubleFormatState): - (JSC::DFG::VariableAccessData::shouldUseDoubleFormat): - (JSC::DFG::VariableAccessData::tallyVotesForShouldUseDoubleFormat): - (JSC::DFG::VariableAccessData::mergeDoubleFormatState): - (JSC::DFG::VariableAccessData::makePredictionForDoubleFormat): - -2012-04-10 Adam Klein - - Remove unused NonNullPassRefPtr from WTF - https://bugs.webkit.org/show_bug.cgi?id=82389 - - Reviewed by Kentaro Hara. - - * JavaScriptCore.order: Remove nonexistent symbols referencing NonNullPassRefPtr. - -2012-04-10 Darin Adler - - Remove unused data member from Lexer class - https://bugs.webkit.org/show_bug.cgi?id=83429 - - Reviewed by Kentaro Hara. - - I noticed that m_delimited was "write-only", so I deleted it. - - * parser/Lexer.cpp: - (JSC::Lexer::setCode): Removed code to set m_delimited. - (JSC::Lexer::parseIdentifier): Ditto. - (JSC::Lexer::parseIdentifierSlowCase): Ditto. - (JSC::Lexer::lex): Ditto. - * parser/Lexer.h: Deleted m_delimited. - -2012-04-10 Patrick Gansterer - - [CMake] Enable USE_FOLDERS property - https://bugs.webkit.org/show_bug.cgi?id=83571 - - Reviewed by Daniel Bates. - - Setting the FOLDER property on targets gives more structure - to the generated Visual Studio solutions. - This does not affect other CMake generators. - - * CMakeLists.txt: - * shell/CMakeLists.txt: - -2012-04-10 Filip Pizlo - - It should be possible to see why a code block was not compiled by the DFG - https://bugs.webkit.org/show_bug.cgi?id=83553 - - Reviewed by Geoff Garen. - - If DFG_ENABLE(DEBUG_VERBOSE) and a code block is rejected, then print the - opcode that caused the rejection. - - * dfg/DFGCapabilities.cpp: - (JSC::DFG::debugFail): - (DFG): - (JSC::DFG::canHandleOpcodes): - -2012-04-09 Gavin Barraclough - - If a callback constructor returns a C++ null, throw a type error. - https://bugs.webkit.org/show_bug.cgi?id=83537 - - Rubber Stamped by Geoff Garen. - - * API/JSCallbackConstructor.cpp: - (JSC::constructJSCallback): - - If a callback constructor returns a C++ null, throw a type error. - * API/tests/testapi.c: - (Base_returnHardNull): - * API/tests/testapi.js: - - Add a test case for callback constructors that return a C++ null. - -2012-04-09 Gavin Barraclough - - If a callback function returns a C++ null, convert to undefined. - https://bugs.webkit.org/show_bug.cgi?id=83534 - - Reviewed by Geoff Garen. - - * API/JSCallbackFunction.cpp: - - If a callback function returns a C++ null, convert to undefined. - (JSC::JSCallbackFunction::call): - * API/tests/testapi.c: - (Base_returnHardNull): - * API/tests/testapi.js: - - Add a test case for callback functions that return a C++ null. - -2012-04-09 Filip Pizlo - - Classic interpreter's GC hooks shouldn't attempt to scan instructions for code blocks that - are currently being generated - https://bugs.webkit.org/show_bug.cgi?id=83531 - - - Reviewed by Gavin Barraclough. - - * bytecode/CodeBlock.cpp: - (JSC::CodeBlock::stronglyVisitStrongReferences): - -2012-04-09 Filip Pizlo - - Unreviewed, modernize and clean up uses of ARM assembly mnemonics in inline asm blocks. - - * dfg/DFGOperations.cpp: - (JSC): - * offlineasm/armv7.rb: - -2012-04-09 Patrick Gansterer - - Remove HAVE_STDINT_H - https://bugs.webkit.org/show_bug.cgi?id=83434 - - Reviewed by Kentaro Hara. - - HAVE_STDINT_H is defined with 1 all the time and we us stdint.h without HAVE(STDINT_H) already. - - * config.h: - -2012-04-08 Filip Pizlo - - DFG should not load the property storage if it is inline. - https://bugs.webkit.org/show_bug.cgi?id=83455 - - Reviewed by Gavin Barraclough. - - We had previously decided to have all property storage accesses go through - the property storage pointer even if they don't "really" have to, because - we were thinking this would help GC barriers somehow. Well, we never ended - up doing anything with that. Hence, doing these wasted loads of the - property storage pointer when the storage is inline is just a waste of CPU - cycles. - - This change makes the DFG's inline property accesses (GetByOffset and - PutByOffset) go directly to the inline property storage if the structure(s) - tell us that it's OK. - - This looks like an across-the-board 1% win. - - * bytecode/StructureSet.h: - (JSC): - (JSC::StructureSet::allAreUsingInlinePropertyStorage): - (StructureSet): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::parseBlock): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::fillStorage): - -2012-04-08 Filip Pizlo - - Command-line jsc's exception handling should be rationalized - https://bugs.webkit.org/show_bug.cgi?id=83437 - - Reviewed by Dan Bernstein. - - - If an exception is thrown during run() execution, it is now propagated, - so that it will terminate program execution unless it is caught. - - - If program execution terminates with an exception, the exception is now - always printed. - - - When printing the exception, the backtrace is now also printed if one is - available. It will only not be available if you use something akin to my - favorite line of code, 'throw "error"', since primitives don't have - properties and hence we cannot attach a "stack" property to them. - - * jsc.cpp: - (functionRun): - (runWithScripts): - -2012-04-04 Filip Pizlo - - Forced OSR exits should lead to recompilation based on count, not rate - https://bugs.webkit.org/show_bug.cgi?id=83247 - - - Reviewed by Geoff Garen. - - Track which OSR exits happen because of inadequate coverage. Count them - separately. If the count reaches a threshold, immediately trigger - reoptimization. - - This is in contrast to the recompilation trigger for all other OSR exits. - Normally recomp is triggered when the exit rate exceeds a certain ratio. - - Looks like a slight V8 speedup (sub 1%). - - * bytecode/CodeBlock.cpp: - (JSC::CodeBlock::CodeBlock): - * bytecode/CodeBlock.h: - (JSC::CodeBlock::forcedOSRExitCounter): - (JSC::CodeBlock::addressOfForcedOSRExitCounter): - (JSC::CodeBlock::offsetOfForcedOSRExitCounter): - (JSC::CodeBlock::shouldReoptimizeNow): - (JSC::CodeBlock::shouldReoptimizeFromLoopNow): - (CodeBlock): - * bytecode/DFGExitProfile.h: - (JSC::DFG::exitKindToString): - * dfg/DFGOSRExitCompiler.cpp: - (JSC::DFG::OSRExitCompiler::handleExitCounts): - (DFG): - * dfg/DFGOSRExitCompiler.h: - (OSRExitCompiler): - * dfg/DFGOSRExitCompiler32_64.cpp: - (JSC::DFG::OSRExitCompiler::compileExit): - * dfg/DFGOSRExitCompiler64.cpp: - (JSC::DFG::OSRExitCompiler::compileExit): - * dfg/DFGOperations.cpp: - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * runtime/Options.cpp: - (Options): - (JSC::Options::initializeOptions): - * runtime/Options.h: - (Options): - -2012-04-06 Benjamin Poulain - - Do not abuse ArrayStorage's m_length for testing array consistency - https://bugs.webkit.org/show_bug.cgi?id=83403 - - Reviewed by Geoffrey Garen. - - Array creation from a list of values is a 3 steps process: - -JSArray::tryCreateUninitialized() - -JSArray::initializeIndex() for each values - -JSArray::completeInitialization() - - Previously, the attribute m_length was not set to the final size - JSArray::tryCreateUninitialized() because it was used to test the array - consistency JSArray::initializeIndex(). - - This caused the initialization loop using JSArray::initializeIndex() maintain - two counters: - -index of the loop - -storage->m_length++ - - This patch fixes this by using the index of the initialization loop for the indinces of - JSArray::initializeIndex(). For testing consistency, the variable m_initializationIndex - is introduced if CHECK_ARRAY_CONSISTENCY is defined. - - The patch also fixes minor unrelated build issue when CHECK_ARRAY_CONSISTENCY is defined. - - This improves the performance of JSArray creation from literals by 8%. - - * runtime/JSArray.cpp: - (JSC::JSArray::tryFinishCreationUninitialized): - (JSC::JSArray::checkConsistency): - * runtime/JSArray.h: - (ArrayStorage): - (JSC::JSArray::initializeIndex): - (JSC::JSArray::completeInitialization): - -2012-04-06 Jon Lee - - Build fix for Windows bots. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: export missing symbol. - -2012-04-06 Geoffrey Garen - - Renamed - - WeakHeap => WeakSet - HandleHeap => HandleSet - - Reviewed by Sam Weinig. - - These sets do have internal allocators, but it's confusing to call them - heaps because they're sub-objects of an object called "heap". - - * heap/HandleHeap.cpp: Removed. - * heap/HandleHeap.h: Removed. - * heap/HandleSet.cpp: Copied from JavaScriptCore/heap/HandleHeap.cpp. - * heap/WeakHeap.cpp: Removed. - * heap/WeakHeap.h: Removed. - * heap/WeakSet.cpp: Copied from JavaScriptCore/heap/WeakHeap.cpp. - * heap/WeakSet.h: Copied from JavaScriptCore/heap/WeakHeap.h. - - Plus global rename using grep. - -2012-04-06 Dan Bernstein - - HiDPI: Have canvas use a hidpi backing store, but downsample upon access - - Reviewed by Sam Weinig. - - * Configurations/FeatureDefines.xcconfig: Added ENABLE_HIGH_DPI_CANVAS. - -2012-04-06 Rob Buis - - Fix cast-align warnings in JSC - https://bugs.webkit.org/show_bug.cgi?id=80790 - - Reviewed by George Staikos. - - * assembler/ARMv7Assembler.h: - (JSC::ARMv7Assembler::computeJumpType): - (JSC::ARMv7Assembler::link): - * assembler/LinkBuffer.h: - (JSC::LinkBuffer::linkCode): - * heap/MarkStack.cpp: - (JSC::SlotVisitor::copyAndAppend): - * runtime/JSArray.cpp: - (JSC::JSArray::visitChildren): - * wtf/RefCountedArray.h: - (WTF::RefCountedArray::Header::payload): - -2012-04-06 Darin Adler - - Streamline strtod and fix some related problems - https://bugs.webkit.org/show_bug.cgi?id=82857 - - Reviewed by Geoffrey Garen. - - * parser/Lexer.cpp: - (JSC::Lexer<>::lex): Use parseDouble. Since we have already scanned the number - and we know it has only correct characters, leading spaces, trailing junk, and - trailing spaces are not a possibility. No need to add a trailing null character. - - * runtime/JSGlobalObjectFunctions.cpp: - (JSC::parseInt): Changed overflow based 10 case to use parseDouble. No need - to allow trailing junk since the code above already allows only numeric digits - in the string. This code path is used only in unusual cases, so it's not - optimized for 8-bit strings, but easily could be. - (JSC::jsStrDecimalLiteral): Removed the allow trailing junk argument to this - function template because all the callers are OK with trailing junk. Use the - parseDouble function. No need to copy the data into a byte buffer, because - parseDouble handles that. - (JSC::toDouble): Got rid of the DisallowTrailingJunk argument to the - jsStrDecimalLiteral function template. That's OK because this function - already checks for trailing junk and handles it appropriately. The old code - path was doing it twice. - (JSC::parseFloat): Got rid of the AllowTrailingJunk argument to the - jsStrDecimalLiteral function template; the template allows junk unconditionally. - - * runtime/LiteralParser.cpp: - (JSC::::Lexer::lexNumber): Use parseDouble. Since we have already scanned the number - and we know it has only correct characters, leading spaces, trailing junk, and - trailing spaces are not a possibility. No need to add a trailing null character. - No need to copy the data into a byte buffer, because parseDouble handles that. - We could optimize the UChar case even more because we know all the characters - are ASCII, but not doing that at this time. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Updated. - -2012-04-06 Patrick Gansterer - - Remove JSC dependency from GregorianDateTime - https://bugs.webkit.org/show_bug.cgi?id=83290 - - Reviewed by Geoffrey Garen. - - This allows us to move it to WTF later. - - * runtime/DateConstructor.cpp: - (JSC::callDate): - * runtime/JSDateMath.h: - -2012-04-05 Michael Saboff - - Call Heap::discardAllCompiledCode() in low memory situations - https://bugs.webkit.org/show_bug.cgi?id=83335 - - Reviewed by Geoffrey Garen. - - Restructured Heap::discardAllCompiledCode() to do the "Is JavaScriptRunning?" - check inline so that it can be called directly without this check. - - * heap/Heap.cpp: - (JSC::Heap::discardAllCompiledCode): - (JSC::Heap::collectAllGarbage): - * heap/Heap.h: Added JS_EXPORT_PRIVATE to discardAllCompiledCode() so it can be - called from WebCore. - (Heap): - * runtime/JSGlobalData.h: Removed unused " void discardAllCompiledCode()" declaration. - (JSGlobalData): - -2012-04-05 Benjamin Poulain - - Speed up the conversion from JSValue to String for bulk operations - https://bugs.webkit.org/show_bug.cgi?id=83243 - - Reviewed by Geoffrey Garen. - - When making operations on primitive types, we loose some time converting - values to JSString in order to extract the string. - - This patch speeds up some basic Array operations by avoiding the creation - of intermediary JSString when possible. - - For the cases where we need to convert a lot of JSValue in a tight loop, - an inline conversion is used. - - * runtime/ArrayPrototype.cpp: - (JSC::arrayProtoFuncToString): - (JSC::arrayProtoFuncToLocaleString): - (JSC::arrayProtoFuncJoin): - (JSC::arrayProtoFuncPush): - (JSC::arrayProtoFuncSort): - * runtime/CommonIdentifiers.h: - * runtime/JSArray.cpp: - (JSC::JSArray::sort): - * runtime/JSString.h: - (JSC::JSValue::toUString): - (JSC): - (JSC::inlineJSValueNotStringtoUString): - (JSC::JSValue::toUStringInline): - * runtime/JSValue.cpp: - (JSC::JSValue::toUStringSlowCase): - (JSC): - * runtime/JSValue.h: - (JSValue): - -2012-04-05 Benjamin Poulain - - Use QuickSort when sorting primitive values by string representation - https://bugs.webkit.org/show_bug.cgi?id=83312 - - Reviewed by Gavin Barraclough. - - When the value we are sorting are all primitive values, we do not need to - ensure a stable sort as two values with equal string representation are - indistinguishable from JavaScript. - - This gives about 16% performance increase when sorting primitive values. - - * runtime/JSArray.cpp: - (JSC::JSArray::sort): - -2012-04-05 Oliver Hunt - - SIGILL in JavaScriptCore on a Geode processor - https://bugs.webkit.org/show_bug.cgi?id=82496 - - Reviewed by Gavin Barraclough. - - Don't attempt to use the DFG when SSE2 is not available. - - * dfg/DFGCapabilities.cpp: - (JSC::DFG::canCompileOpcodes): - -2012-04-05 Oliver Hunt - - Fix 32-bit build. - - * API/APICast.h: - (toJS): - -2012-04-05 Oliver Hunt - - Replace static_cast with jsCast when casting JSCell subclasses in JSC - https://bugs.webkit.org/show_bug.cgi?id=83307 - - Reviewed by Gavin Barraclough. - - Replace all usage of static_cast with jsCast<> in JavaScriptCore. - This results in assertions when unsafe casts are performed, but simply leaves - a static_cast<> in release builds. - - * API/APICast.h: - (toJS): - * API/JSCallbackConstructor.cpp: - (JSC::constructJSCallback): - * API/JSCallbackFunction.cpp: - (JSC::JSCallbackFunction::call): - * API/JSCallbackObjectFunctions.h: - (JSC::::asCallbackObject): - (JSC::::finishCreation): - (JSC::::construct): - (JSC::::call): - * API/JSObjectRef.cpp: - (JSObjectGetPrivate): - (JSObjectSetPrivate): - (JSObjectGetPrivateProperty): - (JSObjectSetPrivateProperty): - (JSObjectDeletePrivateProperty): - * API/JSValueRef.cpp: - (JSValueIsObjectOfClass): - * API/JSWeakObjectMapRefPrivate.cpp: - * bytecompiler/BytecodeGenerator.cpp: - (JSC::BytecodeGenerator::resolve): - (JSC::BytecodeGenerator::resolveConstDecl): - * debugger/DebuggerActivation.cpp: - (JSC::DebuggerActivation::finishCreation): - * dfg/DFGOperations.cpp: - * interpreter/Interpreter.cpp: - (JSC::Interpreter::execute): - (JSC::Interpreter::privateExecute): - * jit/JITStubs.cpp: - (JSC::DEFINE_STUB_FUNCTION): - * runtime/Executable.h: - (JSC::isHostFunction): - * runtime/JSActivation.h: - (JSC::asActivation): - * runtime/JSArray.cpp: - (JSC::JSArray::defineOwnProperty): - * runtime/JSArray.h: - (JSC::asArray): - * runtime/JSBoundFunction.cpp: - (JSC::boundFunctionCall): - (JSC::boundFunctionConstruct): - * runtime/JSByteArray.h: - (JSC::asByteArray): - * runtime/JSCell.cpp: - (JSC::JSCell::toObject): - * runtime/JSCell.h: - (JSC::jsCast): - * runtime/JSGlobalObject.h: - (JSC::asGlobalObject): - * runtime/JSGlobalObjectFunctions.cpp: - (JSC::globalFuncEval): - * runtime/JSObject.cpp: - (JSC::JSObject::setPrototypeWithCycleCheck): - (JSC::JSObject::allowsAccessFrom): - (JSC::JSObject::toThisObject): - (JSC::JSObject::unwrappedObject): - * runtime/JSObject.h: - (JSC::asObject): - * runtime/JSPropertyNameIterator.h: - (JSC::Register::propertyNameIterator): - * runtime/JSString.h: - (JSC::asString): - (JSC::JSValue::toString): - * runtime/StringPrototype.cpp: - (JSC::stringProtoFuncSubstr): - -2012-04-05 Benjamin Poulain - - Make something faster than JSStringBuilder for joining an array of JSValue - https://bugs.webkit.org/show_bug.cgi?id=83180 - - Reviewed by Geoffrey Garen. - - This patch add the class JSStringJoiner optimized for join() operations. - - This class makes stricter constraints than JSStringBuilder in order avoid - memory allocations. - - In the best case, the class allocate memory only twice: - -Allocate an array to keep a list of UString to join. - -Allocate the final string. - - We also avoid the conversion from 8bits strings to 16bits strings since - they are costly and unlikly to help for subsequent calls. - - * CMakeLists.txt: - * GNUmakefile.list.am: - * JavaScriptCore.gypi: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: - * JavaScriptCore.xcodeproj/project.pbxproj: - * Target.pri: - * runtime/ArrayPrototype.cpp: - (JSC::arrayProtoFuncToLocaleString): - (JSC::arrayProtoFuncJoin): - * runtime/JSStringJoiner.cpp: Added. - (JSC): - (JSC::appendStringToData): - (JSC::joinStrings): - (JSC::JSStringJoiner::build): - * runtime/JSStringJoiner.h: Added. - (JSC): - (JSStringJoiner): - (JSC::JSStringJoiner::JSStringJoiner): - (JSC::JSStringJoiner::append): - -2012-04-05 Gavin Barraclough - - https://bugs.webkit.org/show_bug.cgi?id=77293 - [Un]Reserve 'let' - - Rubber stamped by Oliver Hunt. - - Revert r106198. - This does break the web - e.g. https://bvi.bnc.ca/index/bnc/indexen.html - If we're going to reserve let, we're going to have to do so in a more - circumspect fashion. - - * parser/Keywords.table: - -2012-04-05 Michael Saboff - - Rolling out http://trac.webkit.org/changeset/113262. - Original code was fine. - - Rubber-stamped by Oliver Hunt. - - * assembler/MacroAssembler.h: - (JSC::MacroAssembler::additionBlindedConstant): - -2012-04-05 Patrick Gansterer - - [WinCE] Remove unnecessary function decleration - https://bugs.webkit.org/show_bug.cgi?id=83155 - - Reviewed by Kentaro Hara. - - * runtime/JSDateMath.cpp: - -2012-04-04 Patrick Gansterer - - Add WTF::getCurrentLocalTime() - https://bugs.webkit.org/show_bug.cgi?id=83164 - - Reviewed by Alexey Proskuryakov. - - Replace the calls to WTF::getLocalTime() with time(0) with the new function. - This allows us to use Win32 API on windows to get the same result in a next step. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - * runtime/DateConstructor.cpp: - (JSC::callDate): - -2012-04-04 Oliver Hunt - - Parser fails to revert some state after parsing expression and object literals. - https://bugs.webkit.org/show_bug.cgi?id=83236 - - Reviewed by Gavin Barraclough. - - Reset left hand side counter after parsing the literals. - - * parser/Parser.cpp: - (JSC::::parseObjectLiteral): - (JSC::::parseStrictObjectLiteral): - (JSC::::parseArrayLiteral): - -2012-04-04 Filip Pizlo - - DFG InstanceOf should not uselessly speculate cell - https://bugs.webkit.org/show_bug.cgi?id=83234 - - Reviewed by Oliver Hunt. - - If InstanceOf is the only user of its child then don't speculate cell, since - the not-cell case is super easy to handle. - - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compileInstanceOf): - -2012-04-04 Michael Saboff - - Fixed minor error: "& 3" should be "& 2". - - Rubber-stamped by Oliver Hunt. - - * assembler/MacroAssembler.h: - (JSC::MacroAssembler::additionBlindedConstant): - -2012-04-04 Michael Saboff - - Constant Blinding for add/sub immediate crashes in ArmV7 when dest is SP - https://bugs.webkit.org/show_bug.cgi?id=83191 - - Reviewed by Oliver Hunt. - - Make are that blinded constant pairs are similarly aligned to the - original immediate values so that instructions that expect that - alignment work correctly. One example is ARMv7 add/sub imm to SP. - - * assembler/ARMv7Assembler.h: - (JSC::ARMv7Assembler::add): Added ASSERT that immediate is word aligned. - (JSC::ARMv7Assembler::sub): Added ASSERT that immediate is word aligned. - (JSC::ARMv7Assembler::sub_S): Added ASSERT that immediate is word aligned. - * assembler/MacroAssembler.h: - (JSC::MacroAssembler::additionBlindedConstant): - -2012-04-04 Filip Pizlo - - DFG should short-circuit Branch(LogicalNot(...)) - https://bugs.webkit.org/show_bug.cgi?id=83181 - - Reviewed by Geoff Garen. - - Slight (sub 1%) speed-up on V8. - - * dfg/DFGFixupPhase.cpp: - (JSC::DFG::FixupPhase::fixupNode): - -2012-04-04 Geoffrey Garen - - [Qt] REGRESSION(r113141): All tests assert on 32 bit debug mode - https://bugs.webkit.org/show_bug.cgi?id=83139 - - Reviewed by Sam Weinig. - - * heap/PassWeak.h: - (JSC::::get): 32-bit JSValue treats JSValue(nullptr).asCell() as an error, - so work around that here. (Long-term, we should make 32-bit and 64-bit - agree on the right behavior.) - -2012-04-03 Geoffrey Garen - - Updated JSC expected test results to reflect recent bug fixes . - - Reviewed by Sam Weinig. - - * tests/mozilla/expected.html: - -2012-03-29 Geoffrey Garen - - First step toward incremental Weak finalization - https://bugs.webkit.org/show_bug.cgi?id=82670 - - Reviewed by Filip Pizlo. - - This patch implements a Weak heap that is compatible with incremental - finalization, while making as few behavior changes as possible. The behavior - changes it makes are: - - (*) Weak's raw JSValue no longer reverts to JSValue() automatically -- - instead, a separate flag indicates that the JSValue is no longer valid. - (This is required so that the JSValue can be preserved for later finalization.) - Objects dealing with WeakImpls directly must change to check the flag. - - (*) Weak is no longer a subclass of Handle. - - (*) DOM GC performance is different -- 9% faster in the geometric mean, - but 15% slower in one specific case: - gc-dom1.html: 6% faster - gc-dom2.html: 23% faster - gc-dom3.html: 17% faster - gc-dom4.html: 15% *slower* - - The key features of this new heap are: - - (*) Each block knows its own state, independent of any other blocks. - - (*) Each block caches its own sweep result. - - (*) The heap visits dead Weaks at the end of GC. (It doesn't - mark them yet, since that would be a behavior change.) - - * API/JSCallbackObject.cpp: - (JSC::JSCallbackObjectData::finalize): - * API/JSCallbackObjectFunctions.h: - (JSC::::init): Updated to use the new WeakHeap API. - - * CMakeLists.txt: - * GNUmakefile.list.am: - * JavaScriptCore.gypi: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: - * JavaScriptCore.xcodeproj/project.pbxproj: - * Target.pri: Paid the build system tax since I added some new files. - - * heap/Handle.h: Made WeakBlock a friend and exposed slot() as public, - so we can keep passing a Handle to finalizers, to avoid more surface - area change in this patch. A follow-up patch should change the type we - pass to finalizers. - - * heap/HandleHeap.cpp: - (JSC): - (JSC::HandleHeap::writeBarrier): - (JSC::HandleHeap::isLiveNode): - * heap/HandleHeap.h: - (JSC): - (HandleHeap): - (Node): - (JSC::HandleHeap::Node::Node): Removed all code related to Weak, since - we have a separate WeakHeap now. - - * heap/Heap.cpp: - (JSC::Heap::Heap): Removed m_extraCost because extra cost is accounted - for through our watermark now. Removed m_waterMark because it was unused. - - (JSC::Heap::destroy): Updated for addition of WeakHeap. - - (JSC::Heap::reportExtraMemoryCostSlowCase): Changed from using its own - variable to participating in the watermark strategy. I wanted to standardize - WeakHeap and all other Heap clients on this strategy, to make sure it's - accurate. - - (JSC::Heap::markRoots): Updated for addition of WeakHeap. Added WeakHeap - dead visit pass, as explained above. - - (JSC::Heap::collect): - (JSC::Heap::resetAllocators): Updated for addition of WeakHeap. - - (JSC::Heap::addFinalizer): - (JSC::Heap::FinalizerOwner::finalize): Updated for new Weak API. - - * heap/Heap.h: - (JSC::Heap::weakHeap): - (Heap): - (JSC::Heap::addToWaterMark): Added a way to participate in the watermarking - strategy, since this is the best way for WeakHeap to report its memory - cost. (I plan to update this in a follow-up patch to make it more accurate, - but for now it is not less accurate than it used to be.) - - * heap/MarkedSpace.cpp: - (JSC::MarkedSpace::MarkedSpace): - (JSC::MarkedSpace::resetAllocators): - * heap/MarkedSpace.h: - (MarkedSpace): - (JSC::MarkedSpace::addToWaterMark): - (JSC::MarkedSpace::didConsumeFreeList): Removed m_nurseryWaterMark because - it was unused, and I didn't want to update WeakHeap to keep an usused - variable working. Added API for above. - - * heap/PassWeak.h: - (JSC): - (WeakImplAccessor): - (PassWeak): - (JSC::::operator): - (JSC::::get): - (JSC::::was): - (JSC::::PassWeak): - (JSC::::~PassWeak): - (JSC::UnspecifiedBoolType): - (JSC::::leakImpl): - (JSC::adoptWeak): - * heap/Strong.h: - (JSC::Strong::operator!): - (Strong): - (JSC::Strong::operator UnspecifiedBoolType*): - (JSC::Strong::get): - * heap/Weak.h: - (Weak): - (JSC::::Weak): - (JSC): - (JSC::::isHashTableDeletedValue): - (JSC::::~Weak): - (JSC::::swap): - (JSC::=): - (JSC::::operator): - (JSC::UnspecifiedBoolType): - (JSC::::release): - (JSC::::clear): - (JSC::::hashTableDeletedValue): Lots of code changes here, but they boil - down to two things: - - (*) Allocate WeakImpls from the WeakHeap instead of Handles from the HandleHeap. - - (*) Explicitly check WeakImpl::state() for non-liveness before returning - a value (explained above). - - These files implement the new Weak heap behavior described above: - - * heap/WeakBlock.cpp: Added. - * heap/WeakBlock.h: Added. - * heap/WeakHandleOwner.cpp: Added. - * heap/WeakHandleOwner.h: Added. - * heap/WeakHeap.cpp: Added. - * heap/WeakHeap.h: Added. - * heap/WeakImpl.h: Added. - - One interesting difference from the old heap is that we don't allow - clients to overwrite a WeakImpl after allocating it, and we don't recycle - WeakImpls prior to garbage collection. This is required for lazy finalization, - but it will also help us esablish a useful invariant in the future: allocating - a WeakImpl will be a binding contract to run a finalizer at some point in the - future, even if the WeakImpl is later deallocated. - - * jit/JITStubs.cpp: - (JSC::JITThunks::hostFunctionStub): Check the Weak for ! instead of - its JSValue, since that's our API contract now, and the JSValue might - be stale. - - * runtime/JSCell.h: - (JSC::jsCast): Allow casting NULL pointers because it's useful and harmless. - - * runtime/Structure.cpp: - (JSC::StructureTransitionTable::add): I can't remember why I did this. - - * runtime/StructureTransitionTable.h: - * runtime/WeakGCMap.h: I had to update these classes because they allocate - and deallocate weak pointers manually. They should probably stop doing that. - -2012-04-03 Keishi Hattori - - Disable ENABLE_DATALIST for now - https://bugs.webkit.org/show_bug.cgi?id=82871 - - Reviewed by Kent Tamura. - - * Configurations/FeatureDefines.xcconfig: Disabled ENABLE_DATALIST. - -2012-04-02 Filip Pizlo - - jsr/sret should be removed - https://bugs.webkit.org/show_bug.cgi?id=82986 - - - Reviewed by Sam Weinig and Geoff Garen. - - Replaces jsr/sret with finally block inlining. - - * bytecode/CodeBlock.cpp: - (JSC::CodeBlock::dump): - * bytecode/Opcode.h: - (JSC): - (JSC::padOpcodeName): - * bytecompiler/BytecodeGenerator.cpp: - (JSC::BytecodeGenerator::pushFinallyContext): - (JSC::BytecodeGenerator::emitComplexJumpScopes): - (JSC): - * bytecompiler/BytecodeGenerator.h: - (FinallyContext): - (BytecodeGenerator): - * bytecompiler/NodesCodegen.cpp: - (JSC::TryNode::emitBytecode): - * interpreter/Interpreter.cpp: - (JSC::Interpreter::privateExecute): - * jit/JIT.cpp: - (JSC::JIT::privateCompileMainPass): - (JSC::JIT::privateCompile): - * jit/JIT.h: - (JIT): - * jit/JITOpcodes.cpp: - (JSC): - * jit/JITOpcodes32_64.cpp: - (JSC): - * llint/LowLevelInterpreter32_64.asm: - * llint/LowLevelInterpreter64.asm: - -2012-04-03 Mark Rowe - - Make it possible to install the JavaScriptCore test tools. - - Part of . - - Reviewed by Filip Pizlo. - - * JavaScriptCore.xcodeproj/project.pbxproj: Introduce an aggregate target named - Test Tools that builds testapi, minidom and testRegExp. Switch All from depending on - those targets individually to depending on the new aggregate target. - -2012-04-03 Filip Pizlo - - Offlineasm ARM backend has a very convoluted way of saying it wants to emit a - three-operand multiply instruction - https://bugs.webkit.org/show_bug.cgi?id=83100 - - Reviewed by Darin Adler. - - Changed the "muli"/"mulp" case to call emitArmV7() since that helper method was - already smart enough to do the Right Thing for multiply. - - * offlineasm/armv7.rb: - -2012-04-03 Filip Pizlo - - Offlineasm ARM backend uses the wrong mnemonic for multiply - https://bugs.webkit.org/show_bug.cgi?id=83098 - - - Reviewed by Gavin Barraclough. - - Use "mul" instead of "muls" since we're passing three operands, not two. - - * offlineasm/armv7.rb: - -2012-04-03 Gavin Barraclough - - Linux crashes during boot - https://bugs.webkit.org/show_bug.cgi?id=83096 - - Reviewed by Filip Pizlo. - - The bug here is that we add empty JSValues to the sparse map, and then set them - - but a GC may occur before doing so (due to a call to reportExtraMemory cost). - We may want to consider making it safe to mark empty JSValues, but the simple & - contained fix to this specific bug is to just initialize these values to - something other than JSValue(). - - * runtime/JSArray.cpp: - (JSC::SparseArrayValueMap::add): - - Initialize sparse map entries. - -2012-04-02 Oliver Hunt - - Incorrect liveness information when inlining - https://bugs.webkit.org/show_bug.cgi?id=82985 - - Reviewed by Filip Pizlo. - - Don't remap register numbers that have already been remapped. - - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::handleInlining): - -2012-04-02 Filip Pizlo - - Activation tear-off neglects to copy the callee and scope chain, leading to crashes if we - try to create an arguments object from the activation - https://bugs.webkit.org/show_bug.cgi?id=82947 - - - Reviewed by Gavin Barraclough. - - We now copy the entire call frame header just to be sure. This is mostly perf-netural, - except for a 3.7% slow-down in V8/earley. - - * runtime/JSActivation.cpp: - (JSC::JSActivation::visitChildren): - * runtime/JSActivation.h: - (JSC::JSActivation::tearOff): - -2012-04-02 Daniel Bates - - Remove Source/JavaScriptCore/wtf and its empty subdirectories - - Rubber-stamped by Eric Seidel. - - Following the move of WTF from Source/JavaScriptCore/wtf to Source/WTF - (https://bugs.webkit.org/show_bug.cgi?id=75673), remove directory - Source/JavaScriptCore/wtf and its empty subdirectories. - - * wtf: Removed. - * wtf/android: Removed. - * wtf/blackberry: Removed. - * wtf/chromium: Removed. - * wtf/dtoa: Removed. - * wtf/efl: Removed. - * wtf/gobject: Removed. - * wtf/gtk: Removed. - * wtf/mac: Removed. - * wtf/qt: Removed. - * wtf/qt/compat: Removed. - * wtf/tests: Removed. - * wtf/text: Removed. - * wtf/threads: Removed. - * wtf/threads/win: Removed. - * wtf/unicode: Removed. - * wtf/unicode/glib: Removed. - * wtf/unicode/icu: Removed. - * wtf/unicode/qt4: Removed. - * wtf/unicode/wince: Removed. - * wtf/url: Removed. - * wtf/url/api: Removed. - * wtf/url/src: Removed. - * wtf/win: Removed. - * wtf/wince: Removed. - * wtf/wx: Removed. - -2012-04-02 Carlos Garcia Campos - - Unreviewed. Fix make distcheck issues. - - * GNUmakefile.list.am: Add missing file. - -2012-04-01 Darin Adler - - Fix incorrect path for libWTF.a in Mac project file. - - * JavaScriptCore.xcodeproj/project.pbxproj: Removed the "../Release" prefix that - would cause other configurations to try to link with the "Release" version of - libWTF.a instead of the correct version. - -2012-03-29 Filip Pizlo - - DFG should optimize a==b for a being an object and b being either an object or - null/undefined, and vice versa - https://bugs.webkit.org/show_bug.cgi?id=82656 - - Reviewed by Oliver Hunt. - - Implements additional object equality optimizations for the case that one - operand is predicted to be an easily speculated object (like FinalObject or - Array) and the other is either an easily speculated object or Other, i.e. - Null or Undefined. - - 2-5% speed-up on V8/raytrace, leading to a sub-1% progression on V8. - - I also took the opportunity to clean up the control flow for the speculation - decisions in the various Compare opcodes. And to fix a build bug in SamplingTool. - And to remove debug cruft I stupidly committed in my last patch. - - * bytecode/SamplingTool.h: - (SamplingRegion): - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::execute): - * dfg/DFGOperations.cpp: - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch): - (JSC::DFG::SpeculativeJIT::compare): - * dfg/DFGSpeculativeJIT.h: - (SpeculativeJIT): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch): - (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality): - (DFG): - (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch): - (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality): - (DFG): - (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality): - -2012-03-30 David Barr - - Split up top-level .gitignore and .gitattributes - https://bugs.webkit.org/show_bug.cgi?id=82687 - - Reviewed by Tor Arne Vestbø. - - * JavaScriptCore.gyp/.gitignore: Added. - -2012-03-30 Steve Falkenburg - - Windows (make based) build fix. - - * JavaScriptCore.vcproj/JavaScriptCore.make: Copy WTF header files into a place where JavaScriptCore build can see them. - -2012-03-30 Keishi Hattori - - Change ENABLE_INPUT_COLOR to ENABLE_INPUT_TYPE_COLOR and enable it for chromium - https://bugs.webkit.org/show_bug.cgi?id=80972 - - Reviewed by Kent Tamura. - - * Configurations/FeatureDefines.xcconfig: - -2012-03-29 Mark Hahnenberg - - Refactor recompileAllJSFunctions() to be less expensive - https://bugs.webkit.org/show_bug.cgi?id=80330 - - Reviewed by Filip Pizlo. - - This change is performance neutral on the JS benchmarks we track. It's mostly to improve page - load performance, which currently does at least a couple full GCs per navigation. - - * heap/Heap.cpp: - (JSC::Heap::discardAllCompiledCode): Rename recompileAllJSFunctions to discardAllCompiledCode - because the function doesn't actually recompile anything (and never did); it simply throws code - away for it to be recompiled later if we determine we should do so. - (JSC): - (JSC::Heap::collectAllGarbage): - (JSC::Heap::addFunctionExecutable): Adds a newly created FunctionExecutable to the Heap's list. - (JSC::Heap::removeFunctionExecutable): Removes the specified FunctionExecutable from the Heap's list. - * heap/Heap.h: - (JSC): - (Heap): - * runtime/Executable.cpp: Added next and prev fields to FunctionExecutables so that they can - be used in DoublyLinkedLists. - (JSC::FunctionExecutable::FunctionExecutable): - (JSC::FunctionExecutable::finalize): Removes the FunctionExecutable from the Heap's list. - * runtime/Executable.h: - (FunctionExecutable): - (JSC::FunctionExecutable::create): Adds the FunctionExecutable to the Heap's list. - * runtime/JSGlobalData.cpp: Remove recompileAllJSFunctions, as it's the Heap's job to own and manage - the list of FunctionExecutables. - * runtime/JSGlobalData.h: - (JSGlobalData): - * runtime/JSGlobalObject.cpp: - (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope): Use the new discardAllCompiledCode. - -2012-03-29 Filip Pizlo - - Unreviewed build fix for non-x86 platforms. - - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compileSoftModulo): - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::callOperation): - * jit/JITArithmetic32_64.cpp: - (JSC::JIT::emitSlow_op_mod): - -2012-03-29 Gavin Barraclough - - Windows build fix p2. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - -2012-03-29 Gavin Barraclough - - Windows build fix p1. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - -2012-03-29 Gavin Barraclough - - Template the Yarr::Interpreter on the character type - https://bugs.webkit.org/show_bug.cgi?id=82637 - - Reviewed by Sam Weinig. - - We should be able to call to the interpreter after having already checked the character type, - without having to re-package the character pointer back up into a string! - - * runtime/RegExp.cpp: - (JSC::RegExp::match): - (JSC::RegExp::matchCompareWithInterpreter): - - Don't pass length. - * yarr/Yarr.h: - - moved function declarations to YarrInterpreter.h. - * yarr/YarrInterpreter.cpp: - (Yarr): - (Interpreter): - (JSC::Yarr::Interpreter::InputStream::InputStream): - (InputStream): - (JSC::Yarr::Interpreter::Interpreter): - (JSC::Yarr::interpret): - - templated Interpreter class on CharType. - * yarr/YarrInterpreter.h: - (Yarr): - - added function declarations. - -2012-03-29 David Kilzer - - Don't use a flattened framework path when building on OS X - - Reviewed by Mark Rowe. - - * Configurations/ToolExecutable.xcconfig: Use REAL_PLATFORM_NAME - to select different INSTALL_PATH values. - -2012-03-29 Kevin Ollivier - - [wx] Unreviewed build fix, add Win-specific sources - the wx port needs after WTF move. - - * wscript: - -2012-03-29 Andy Estes - - Remove an unused variable that breaks the build with newer versions of clang. - - Rubber stamped by Gavin Barraclough. - - * yarr/YarrJIT.cpp: - (JSC::Yarr::YarrGenerator::backtrackCharacterClassNonGreedy): - -2012-03-29 Caio Marcelo de Oliveira Filho - - HashMap<>::add should return a more descriptive object - https://bugs.webkit.org/show_bug.cgi?id=71063 - - Reviewed by Ryosuke Niwa. - - Update code to use AddResult instead of a pair. Note that since WeakGCMap wraps - the iterator type, there's a need for its own AddResult type -- instantiated from - HashTableAddResult template class. - - * API/JSCallbackObject.h: - (JSC::JSCallbackObjectData::JSPrivatePropertyMap::setPrivateProperty): - * API/JSClassRef.cpp: - (OpaqueJSClass::contextData): - * bytecompiler/BytecodeGenerator.cpp: - (JSC::BytecodeGenerator::addVar): - (JSC::BytecodeGenerator::addGlobalVar): - (JSC::BytecodeGenerator::addConstant): - (JSC::BytecodeGenerator::addConstantValue): - (JSC::BytecodeGenerator::emitLoad): - (JSC::BytecodeGenerator::addStringConstant): - (JSC::BytecodeGenerator::emitLazyNewFunction): - * bytecompiler/NodesCodegen.cpp: - (JSC::PropertyListNode::emitBytecode): - * debugger/Debugger.cpp: - * dfg/DFGAssemblyHelpers.cpp: - (JSC::DFG::AssemblyHelpers::decodedCodeMapFor): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::cellConstant): - (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): - * jit/JITStubs.cpp: - (JSC::JITThunks::ctiStub): - (JSC::JITThunks::hostFunctionStub): - * parser/Parser.cpp: - (JSC::::parseStrictObjectLiteral): - * parser/Parser.h: - (JSC::Scope::declareParameter): - * runtime/Identifier.cpp: - (JSC::Identifier::add): - (JSC::Identifier::add8): - (JSC::Identifier::addSlowCase): - * runtime/Identifier.h: - (JSC::Identifier::add): - (JSC::IdentifierTable::add): - * runtime/JSArray.cpp: - (JSC::SparseArrayValueMap::add): - (JSC::SparseArrayValueMap::put): - (JSC::SparseArrayValueMap::putDirect): - (JSC::JSArray::enterDictionaryMode): - (JSC::JSArray::defineOwnNumericProperty): - * runtime/JSArray.h: - (SparseArrayValueMap): - * runtime/PropertyNameArray.cpp: - (JSC::PropertyNameArray::add): - * runtime/StringRecursionChecker.h: - (JSC::StringRecursionChecker::performCheck): - * runtime/Structure.cpp: - (JSC::StructureTransitionTable::add): - * runtime/WeakGCMap.h: - (WeakGCMap): - (JSC::WeakGCMap::add): - (JSC::WeakGCMap::set): - * tools/ProfileTreeNode.h: - (JSC::ProfileTreeNode::sampleChild): - -2012-03-29 Patrick Gansterer - - Build fix for !ENABLE(YARR_JIT) after r112454. - - * runtime/RegExp.cpp: - (JSC::RegExp::invalidateCode): - -2012-03-28 Filip Pizlo - - DFG object equality speculations should be simplified - https://bugs.webkit.org/show_bug.cgi?id=82557 - - Reviewed by Gavin Barraclough. - - * dfg/DFGNode.h: - (JSC::DFG::Node::shouldSpeculateFinalObject): - (JSC::DFG::Node::shouldSpeculateArray): - -2012-03-28 David Kilzer - - minidom configurations should be based on ToolExecutable.xcconfig - - - Reviewed by Mark Rowe. - - Note that this patch changes minidom from being installed in - /usr/local/bin to JavaScriptCore.framework/Resources. - - * Configurations/ToolExecutable.xcconfig: Add semi-colon. - * JavaScriptCore.xcodeproj/project.pbxproj: Base minidom - configurations on ToolExecutable.xcconfig. Remove redundant - PRODUCT_NAME and SKIP_INSTALL variables. - -2012-03-28 Gavin Barraclough - - Build fix - some compiles generating NORETURN related warnings. - - * yarr/YarrJIT.cpp: - (JSC::Yarr::YarrGenerator::setSubpatternStart): - (JSC::Yarr::YarrGenerator::setSubpatternEnd): - (JSC::Yarr::YarrGenerator::clearSubpatternStart): - -2012-03-28 Kevin Ollivier - - [wx] Unreviewed. Build fix, move WTF back into JSCore target - until issues with JSCore not linking in all WTF symbols are resolved. - - * wscript: - -2012-03-28 Gavin Barraclough - - Yarr: if we're not using the output array, don't populate it! - https://bugs.webkit.org/show_bug.cgi?id=82519 - - Reviewed by Sam Weinig. - - * runtime/RegExp.cpp: - (JSC): - - Missed review comment! - didn't fully remove RegExpRepresentation. - -2012-03-28 Gavin Barraclough - - Yarr: if we're not using the output array, don't populate it! - https://bugs.webkit.org/show_bug.cgi?id=82519 - - Reviewed by Sam Weinig. - - Add a new variant of the match method to RegExp that returns a MatchResult, - and modify YarrJIT to be able to compile code that doesn't use an output vector. - - This is a 3% progression on v8-regexp. - - * JavaScriptCore.xcodeproj/project.pbxproj: - - Moved MatchResult into its own header. - * assembler/AbstractMacroAssembler.h: - - Added missing include. - * runtime/MatchResult.h: Added. - (MatchResult::MatchResult): - (MatchResult): - (MatchResult::failed): - (MatchResult::operator bool): - (MatchResult::empty): - - Moved MatchResult into its own header. - * runtime/RegExp.cpp: - (JSC::RegExp::compile): - (JSC::RegExp::compileIfNecessary): - (JSC::RegExp::match): - - Changed due to execute & representation changes. - (JSC::RegExp::compileMatchOnly): - (JSC::RegExp::compileIfNecessaryMatchOnly): - - Added helper to compile MatchOnly code. - (JSC::RegExp::invalidateCode): - (JSC::RegExp::matchCompareWithInterpreter): - (JSC::RegExp::printTraceData): - - Changed due representation changes. - * runtime/RegExp.h: - (RegExp): - (JSC::RegExp::hasCode): - - Made YarrCodeBlock a member. - * runtime/RegExpConstructor.h: - (RegExpConstructor): - (JSC::RegExpConstructor::performMatch): - - Added no-ovector form. - * runtime/RegExpMatchesArray.cpp: - (JSC::RegExpMatchesArray::reifyAllProperties): - - Match now takes a reference to ovector, not a pointer. - * runtime/RegExpObject.h: - (JSC): - - Moved MatchResult into its own header. - * runtime/StringPrototype.cpp: - (JSC::stringProtoFuncSplit): - - Match now takes a reference to ovector, not a pointer. - * testRegExp.cpp: - (testOneRegExp): - - Match now takes a reference to ovector, not a pointer. - * yarr/YarrJIT.cpp: - (Yarr): - (YarrGenerator): - (JSC::Yarr::YarrGenerator::initCallFrame): - (JSC::Yarr::YarrGenerator::removeCallFrame): - (JSC::Yarr::YarrGenerator::setSubpatternStart): - (JSC::Yarr::YarrGenerator::setSubpatternEnd): - (JSC::Yarr::YarrGenerator::clearSubpatternStart): - (JSC::Yarr::YarrGenerator::setMatchStart): - (JSC::Yarr::YarrGenerator::getMatchStart): - - Added helper functions to intermediate access to output. - (JSC::Yarr::YarrGenerator::generateDotStarEnclosure): - (JSC::Yarr::YarrGenerator::generate): - (JSC::Yarr::YarrGenerator::backtrack): - (JSC::Yarr::YarrGenerator::generateEnter): - (JSC::Yarr::YarrGenerator::compile): - - Changed to use the new helpers, only generate subpatterns if IncludeSubpatterns. - (JSC::Yarr::jitCompile): - - Needs to template of MatchOnly or IncludeSubpatterns. - * yarr/YarrJIT.h: - (YarrCodeBlock): - (JSC::Yarr::YarrCodeBlock::set8BitCode): - (JSC::Yarr::YarrCodeBlock::set16BitCode): - (JSC::Yarr::YarrCodeBlock::has8BitCodeMatchOnly): - (JSC::Yarr::YarrCodeBlock::has16BitCodeMatchOnly): - (JSC::Yarr::YarrCodeBlock::set8BitCodeMatchOnly): - (JSC::Yarr::YarrCodeBlock::set16BitCodeMatchOnly): - (JSC::Yarr::YarrCodeBlock::execute): - (JSC::Yarr::YarrCodeBlock::clear): - - Added a second set of CodeRefs, so that we can compile RexExps with/without subpattern matching. - -2012-03-27 Filip Pizlo - - DFG OSR exit should not generate an exit for variables of inlinees if the - inlinees are not in scope - https://bugs.webkit.org/show_bug.cgi?id=82312 - - Reviewed by Oliver Hunt. - - * bytecode/CodeBlock.h: - (JSC::baselineCodeBlockForInlineCallFrame): - (JSC): - (JSC::baselineCodeBlockForOriginAndBaselineCodeBlock): - * dfg/DFGOSRExit.cpp: - (JSC::DFG::computeNumVariablesForCodeOrigin): - (DFG): - (JSC::DFG::OSRExit::OSRExit): - -2012-03-27 Matt Lilek - - Stop compiling Interpreter.cpp with -fno-var-tracking - https://bugs.webkit.org/show_bug.cgi?id=82299 - - Reviewed by Anders Carlsson. - - * JavaScriptCore.xcodeproj/project.pbxproj: - -2012-03-27 Pratik Solanki - - Compiler warning when JIT is not enabled - https://bugs.webkit.org/show_bug.cgi?id=82352 - - Reviewed by Filip Pizlo. - - * runtime/JSFunction.cpp: - (JSC::JSFunction::create): - -2012-03-26 Thouraya ANDOLSI - - Unaligned userspace access for SH4 platforms - https://bugs.webkit.org/show_bug.cgi?id=79104 - - Reviewed by Gavin Barraclough. - - * assembler/AbstractMacroAssembler.h: - (Jump): - (JSC::AbstractMacroAssembler::Jump::Jump): - (JSC::AbstractMacroAssembler::Jump::link): - * assembler/MacroAssemblerSH4.h: - (JSC::MacroAssemblerSH4::load16Unaligned): - (JSC::MacroAssemblerSH4::load32WithUnalignedHalfWords): - (JSC::MacroAssemblerSH4::branchDouble): - (JSC::MacroAssemblerSH4::branchTrue): - (JSC::MacroAssemblerSH4::branchFalse): - * assembler/SH4Assembler.h: - (JSC::SH4Assembler::extraInstrForBranch): - (SH4Assembler): - (JSC::SH4Assembler::bra): - (JSC::SH4Assembler::linkJump): - * jit/JIT.h: - (JIT): - * yarr/YarrJIT.cpp: - (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce): - -2012-03-26 Ryosuke Niwa - - cssText should use shorthand notations - https://bugs.webkit.org/show_bug.cgi?id=81737 - - Reviewed by Enrica Casucci. - - Export symbols of BitVector on Windows. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - -2012-03-26 Filip Pizlo - - DFG should assert that argument value recoveries can only be - AlreadyInRegisterFile or Constant - https://bugs.webkit.org/show_bug.cgi?id=82249 - - Reviewed by Michael Saboff. - - Made the assertions that the DFG makes for argument value recoveries match - what Arguments expects. - - * bytecode/ValueRecovery.h: - (JSC::ValueRecovery::isConstant): - (ValueRecovery): - (JSC::ValueRecovery::isAlreadyInRegisterFile): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compile): - -2012-03-26 Dan Bernstein - - Tried to fix the Windows build. - - * yarr/YarrPattern.cpp: - (JSC::Yarr::CharacterClassConstructor::putRange): - -2012-03-26 Gavin Barraclough - - Unreviewed - speculative Windows build fix. - - * yarr/YarrCanonicalizeUCS2.h: - (JSC::Yarr::getCanonicalPair): - -2012-03-26 Dan Bernstein - - Fixed builds with assertions disabled. - - * yarr/YarrCanonicalizeUCS2.h: - (JSC::Yarr::areCanonicallyEquivalent): - -2012-03-26 Gavin Barraclough - - Unreviewed - errk! - accidentally the whole pbxproj. - - * JavaScriptCore.xcodeproj/project.pbxproj: - -2012-03-25 Gavin Barraclough - - Greek sigma is handled wrong in case independent regexp. - https://bugs.webkit.org/show_bug.cgi?id=82063 - - Reviewed by Oliver Hunt. - - The bug here is that we assume that any given codepoint has at most one additional value it - should match under a case insensitive match, and that the pair of codepoints that match (if - a codepoint does not only match itself) can be determined by calling toUpper/toLower on the - given codepoint). Life is not that simple. - - Instead, pre-calculate a set of tables mapping from a UCS2 codepoint to the set of characters - it may match, under the ES5.1 case-insensitive matching rules. Since unicode is fairly regular - we can pack this table quite nicely, and get it down to 364 entries. This means we can use a - simple binary search to find an entry in typically eight compares. - - * CMakeLists.txt: - * GNUmakefile.list.am: - * JavaScriptCore.gypi: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: - * JavaScriptCore.xcodeproj/project.pbxproj: - * yarr/yarr.pri: - - Added new files to build systems. - * yarr/YarrCanonicalizeUCS2.cpp: Added. - - New - autogenerated, UCS2 canonicalized comparison tables. - * yarr/YarrCanonicalizeUCS2.h: Added. - (JSC::Yarr::rangeInfoFor): - - Look up the canonicalization info for a UCS2 character. - (JSC::Yarr::getCanonicalPair): - - For a UCS2 character with a single equivalent value, look it up. - (JSC::Yarr::isCanonicallyUnique): - - Returns true if no other UCS2 code points are canonically equal. - (JSC::Yarr::areCanonicallyEquivalent): - - Compare two values, under canonicalization rules. - * yarr/YarrCanonicalizeUCS2.js: Added. - - script used to generate YarrCanonicalizeUCS2.cpp. - * yarr/YarrInterpreter.cpp: - (JSC::Yarr::Interpreter::tryConsumeBackReference): - - Use isCanonicallyUnique, rather than Unicode toUpper/toLower. - * yarr/YarrJIT.cpp: - (JSC::Yarr::YarrGenerator::jumpIfCharNotEquals): - (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce): - (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed): - - Use isCanonicallyUnique, rather than Unicode toUpper/toLower. - * yarr/YarrPattern.cpp: - (JSC::Yarr::CharacterClassConstructor::putChar): - - Updated to determine canonical equivalents correctly. - (JSC::Yarr::CharacterClassConstructor::putUnicodeIgnoreCase): - - Added, used to put a non-ascii, non-unique character in a case-insensitive match. - (JSC::Yarr::CharacterClassConstructor::putRange): - - Updated to determine canonical equivalents correctly. - (JSC::Yarr::YarrPatternConstructor::atomPatternCharacter): - - Changed to call putUnicodeIgnoreCase, instead of putChar, avoid a double lookup of rangeInfo. - -2012-03-26 Kevin Ollivier - - [wx] Unreviewed build fix. Add the build outputs dir to the list of build dirs, - so we make sure it finds the API headers on all platforms. - - * wscript: - -2012-03-26 Patrick Gansterer - - Build fix for WinCE after r112039. - - * interpreter/Register.h: - (Register): Removed inline keyword from decleration since - there is an ALWAYS_INLINE at the definition anyway. - -2012-03-26 Carlos Garcia Campos - - Unreviewed. Fix make distcheck. - - * GNUmakefile.list.am: Add missing files. - -2012-03-25 Kevin Ollivier - - [wx] Unreviewed build fix. Move WTF to its own static lib build. - - * wscript: - -2012-03-25 Filip Pizlo - - DFG int-to-double conversion should be revealed to CSE - https://bugs.webkit.org/show_bug.cgi?id=82135 - - Reviewed by Oliver Hunt. - - This introduces the notion of an Int32ToDouble node, which is injected - into the graph anytime we know that we have a double use of a node that - was predicted integer. The Int32ToDouble simplifies double speculation - on integers by skipping the path that would unbox doubles, if we know - that the value is already proven to be an integer. It allows integer to - double conversions to be subjected to common subexpression elimination - (CSE) by allowing the CSE phase to see where these conversions are - occurring. Finally, it allows us to see when a constant is being used - as both a double and an integer. This is a bit odd, since it means that - sometimes a double use of a constant will not refer directly to the - constant. This should not cause problems, for now, but it may require - some canonizalization in the future if we want to support strength - reductions of double operations based on constants. - - To allow injection of nodes into the graph, this change introduces the - DFG::InsertionSet, which is a way of lazily inserting elements into a - list. This allows the FixupPhase to remain O(N) despite performing - multiple injections in a single basic block. Without the InsertionSet, - each injection would require performing an insertion into a vector, - which is O(N), leading to O(N^2) performance overall. With the - InsertionSet, each injection simply records what insertion would have - been performed, and all insertions are performed at once (via - InsertionSet::execute) after processing of a basic block is completed. - - * JavaScriptCore.xcodeproj/project.pbxproj: - * bytecode/PredictedType.h: - (JSC::isActionableIntMutableArrayPrediction): - (JSC): - (JSC::isActionableFloatMutableArrayPrediction): - (JSC::isActionableTypedMutableArrayPrediction): - (JSC::isActionableMutableArrayPrediction): - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::execute): - * dfg/DFGCSEPhase.cpp: - (JSC::DFG::CSEPhase::performNodeCSE): - * dfg/DFGCommon.h: - (JSC::DFG::useKindToString): - (DFG): - * dfg/DFGFixupPhase.cpp: - (JSC::DFG::FixupPhase::run): - (JSC::DFG::FixupPhase::fixupBlock): - (FixupPhase): - (JSC::DFG::FixupPhase::fixupNode): - (JSC::DFG::FixupPhase::fixDoubleEdge): - * dfg/DFGGraph.cpp: - (JSC::DFG::Graph::dump): - * dfg/DFGInsertionSet.h: Added. - (DFG): - (Insertion): - (JSC::DFG::Insertion::Insertion): - (JSC::DFG::Insertion::index): - (JSC::DFG::Insertion::element): - (InsertionSet): - (JSC::DFG::InsertionSet::InsertionSet): - (JSC::DFG::InsertionSet::append): - (JSC::DFG::InsertionSet::execute): - * dfg/DFGNodeType.h: - (DFG): - * dfg/DFGPredictionPropagationPhase.cpp: - (JSC::DFG::PredictionPropagationPhase::propagate): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): - (JSC::DFG::SpeculativeJIT::compileValueToInt32): - (JSC::DFG::SpeculativeJIT::compileInt32ToDouble): - (DFG): - * dfg/DFGSpeculativeJIT.h: - (SpeculativeJIT): - (JSC::DFG::IntegerOperand::IntegerOperand): - (JSC::DFG::DoubleOperand::DoubleOperand): - (JSC::DFG::JSValueOperand::JSValueOperand): - (JSC::DFG::StorageOperand::StorageOperand): - (JSC::DFG::SpeculateIntegerOperand::SpeculateIntegerOperand): - (JSC::DFG::SpeculateStrictInt32Operand::SpeculateStrictInt32Operand): - (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand): - (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand): - (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - -2012-03-25 Filip Pizlo - - DFGOperands should be moved out of the DFG and into bytecode - https://bugs.webkit.org/show_bug.cgi?id=82151 - - Reviewed by Dan Bernstein. - - * GNUmakefile.list.am: - * JavaScriptCore.xcodeproj/project.pbxproj: - * bytecode/Operands.h: Copied from Source/JavaScriptCore/dfg/DFGOperands.h. - * dfg/DFGBasicBlock.h: - * dfg/DFGNode.h: - * dfg/DFGOSREntry.h: - * dfg/DFGOSRExit.h: - * dfg/DFGOperands.h: Removed. - * dfg/DFGVariableAccessData.h: - -2012-03-24 Filip Pizlo - - DFG 64-bit Branch implementation should not be creating a JSValueOperand that - it isn't going to use - https://bugs.webkit.org/show_bug.cgi?id=82136 - - Reviewed by Geoff Garen. - - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::emitBranch): - -2012-03-24 Kevin Ollivier - - [wx] Unreviewed. Fix the build after WTF move. - - * wscript: - -2012-03-23 Filip Pizlo - - DFG double voting may be overzealous in the case of variables that end up - being used as integers - https://bugs.webkit.org/show_bug.cgi?id=82008 - - Reviewed by Oliver Hunt. - - Cleaned up propagation, making the intent more explicit in most places. - Back-propagate NodeUsedAsInt for cases where a node was used in a context - that is known to strongly prefer integers. - - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::handleCall): - (JSC::DFG::ByteCodeParser::parseBlock): - * dfg/DFGGraph.cpp: - (JSC::DFG::Graph::dumpCodeOrigin): - (JSC::DFG::Graph::dump): - * dfg/DFGGraph.h: - (Graph): - * dfg/DFGNodeFlags.cpp: - (JSC::DFG::nodeFlagsAsString): - * dfg/DFGNodeFlags.h: - (DFG): - * dfg/DFGPredictionPropagationPhase.cpp: - (JSC::DFG::PredictionPropagationPhase::run): - (JSC::DFG::PredictionPropagationPhase::propagate): - (PredictionPropagationPhase): - (JSC::DFG::PredictionPropagationPhase::mergeDefaultFlags): - (JSC::DFG::PredictionPropagationPhase::vote): - (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting): - (JSC::DFG::PredictionPropagationPhase::fixupNode): - * dfg/DFGVariableAccessData.h: - (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote): - -2012-03-24 Filip Pizlo - - DFG::Node::shouldNotSpeculateInteger() should be eliminated - https://bugs.webkit.org/show_bug.cgi?id=82123 - - Reviewed by Geoff Garen. - - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::execute): - * dfg/DFGNode.h: - (Node): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray): - (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): - -2012-03-24 Yong Li - - Increase getByIdSlowCase ConstantSpace/InstructionSpace for CPU(ARM_TRADITIONAL) - https://bugs.webkit.org/show_bug.cgi?id=81521 - - Increase sequenceGetByIdSlowCaseConstantSpace and sequenceGetByIdSlowCaseInstructionSpace - for CPU(ARM_TRADITIONAL) to fit actual need. - - Reviewed by Oliver Hunt. - - * jit/JIT.h: - (JIT): - -2012-03-23 Filip Pizlo - - DFG Fixup should be able to short-circuit trivial ValueToInt32's - https://bugs.webkit.org/show_bug.cgi?id=82030 - - Reviewed by Michael Saboff. - - Takes the fixup() method of the prediction propagation phase and makes it - into its own phase. Adds the ability to short-circuit trivial ValueToInt32 - nodes, and mark pure ValueToInt32's as such. - - * CMakeLists.txt: - * GNUmakefile.list.am: - * JavaScriptCore.xcodeproj/project.pbxproj: - * Target.pri: - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::makeSafe): - (JSC::DFG::ByteCodeParser::handleCall): - (JSC::DFG::ByteCodeParser::parseBlock): - * dfg/DFGCommon.h: - * dfg/DFGDriver.cpp: - (JSC::DFG::compile): - * dfg/DFGFixupPhase.cpp: Added. - (DFG): - (FixupPhase): - (JSC::DFG::FixupPhase::FixupPhase): - (JSC::DFG::FixupPhase::run): - (JSC::DFG::FixupPhase::fixupNode): - (JSC::DFG::FixupPhase::fixIntEdge): - (JSC::DFG::performFixup): - * dfg/DFGFixupPhase.h: Added. - (DFG): - * dfg/DFGPredictionPropagationPhase.cpp: - (JSC::DFG::PredictionPropagationPhase::run): - (PredictionPropagationPhase): - -2012-03-23 Mark Hahnenberg - - tryReallocate could break the zero-ed memory invariant of CopiedBlocks - https://bugs.webkit.org/show_bug.cgi?id=82087 - - Reviewed by Filip Pizlo. - - Removing this optimization turned out to be ~1% regression on kraken, so I simply - undid the modification to the current block if we fail. - - * heap/CopiedSpace.cpp: - (JSC::CopiedSpace::tryReallocate): Undid the reset in the CopiedAllocator if we fail - to reallocate from the current block. - -2012-03-23 Alexey Proskuryakov - - [Mac] No need for platform-specific ENABLE_BLOB values - https://bugs.webkit.org/show_bug.cgi?id=82102 - - Reviewed by David Kilzer. - - * Configurations/FeatureDefines.xcconfig: - -2012-03-23 Michael Saboff - - DFG::compileValueToInt32 Sometime Generates GPR to FPR reg back to GPR - https://bugs.webkit.org/show_bug.cgi?id=81805 - - Reviewed by Filip Pizlo. - - Added SpeculativeJIT::checkGeneratedType() to determine the current format - of an operand. Used that information in SpeculativeJIT::compileValueToInt32 - to generate code that will use integer and JSValue types in integer - format directly without a conversion to double. - - * JavaScriptCore.xcodeproj/project.pbxproj: - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::checkGeneratedType): - (DFG): - (JSC::DFG::SpeculativeJIT::compileValueToInt32): - * dfg/DFGSpeculativeJIT.h: - (DFG): - (SpeculativeJIT): - -2012-03-23 Steve Falkenburg - - Update Apple Windows build files for WTF move - https://bugs.webkit.org/show_bug.cgi?id=82069 - - Reviewed by Jessie Berlin. - - * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: Removed WTF and WTFGenerated. - -2012-03-23 Dean Jackson - - Disable CSS_SHADERS in Apple builds - https://bugs.webkit.org/show_bug.cgi?id=81996 - - Reviewed by Simon Fraser. - - Remove ENABLE_CSS_SHADERS from FeatureDefines. It's now in Platform.h. - - * Configurations/FeatureDefines.xcconfig: - -2012-03-23 Gavin Barraclough - - RexExp constructor last match properties should not rely on previous ovector - https://bugs.webkit.org/show_bug.cgi?id=82077 - - Reviewed by Oliver Hunt. - - This change simplifies matching, and will enable subpattern results to be fully lazily generated in the future. - - This patch changes the scheme used to lazily generate the last match properties of the RegExp object. - Instead of relying on the results in the ovector, we can instead lazily generate the subpatters using - a RegExpMatchesArray. To do so we just need to store the input, the regexp matched, and the match - location (the MatchResult). When the match is accessed or the input is set, we reify results. We use - a special value of setting the saved result to MatchResult::failed() to indicated that we're in a - reified state. This means that next time a match is performed, the store of the result will - automatically blow away the reified value. - - * JavaScriptCore.xcodeproj/project.pbxproj: - - Added new files. - * runtime/RegExp.cpp: - (JSC::RegExpFunctionalTestCollector::outputOneTest): - - changed 'subPattern' -> 'subpattern' (there was a mix in JSC, 'subpattern' was more common). - * runtime/RegExpCachedResult.cpp: Added. - (JSC::RegExpCachedResult::visitChildren): - (JSC::RegExpCachedResult::lastResult): - (JSC::RegExpCachedResult::setInput): - - New methods, mark GC objects, lazily create the matches array, and record a user provided input (via assignment to RegExp.inupt). - * runtime/RegExpCachedResult.h: Added. - (RegExpCachedResult): - - Added new class. - (JSC::RegExpCachedResult::RegExpCachedResult): - (JSC::RegExpCachedResult::record): - (JSC::RegExpCachedResult::input): - - Initialize the object, record the result of a RegExp match, access the stored input property. - * runtime/RegExpConstructor.cpp: - (JSC::RegExpConstructor::RegExpConstructor): - - Initialize m_result/m_multiline properties. - (JSC::RegExpConstructor::visitChildren): - - Make sure the cached results (or lazy source for them) are marked. - (JSC::RegExpConstructor::getBackref): - (JSC::RegExpConstructor::getLastParen): - (JSC::RegExpConstructor::getLeftContext): - (JSC::RegExpConstructor::getRightContext): - - Moved from RegExpConstructor, moved to RegExpCachedResult, and using new caching scheme. - (JSC::regExpConstructorInput): - (JSC::setRegExpConstructorInput): - - Changed to use RegExpCachedResult. - * runtime/RegExpConstructor.h: - (JSC::RegExpConstructor::create): - (RegExpConstructor): - (JSC::RegExpConstructor::setMultiline): - (JSC::RegExpConstructor::multiline): - - Move multiline property onto the constructor object; it is not affected by the last match. - (JSC::RegExpConstructor::setInput): - (JSC::RegExpConstructor::input): - - These defer to RegExpCachedResult. - (JSC::RegExpConstructor::performMatch): - * runtime/RegExpMatchesArray.cpp: Added. - (JSC::RegExpMatchesArray::visitChildren): - - Eeeep! added missing visitChildren! - (JSC::RegExpMatchesArray::finishCreation): - (JSC::RegExpMatchesArray::reifyAllProperties): - (JSC::RegExpMatchesArray::reifyMatchProperty): - - Moved from RegExpConstructor.cpp. - (JSC::RegExpMatchesArray::leftContext): - (JSC::RegExpMatchesArray::rightContext): - - Since the match start/ - * runtime/RegExpMatchesArray.h: - (RegExpMatchesArray): - - Declare new methods & structure flags. - * runtime/RegExpObject.cpp: - (JSC::RegExpObject::match): - - performMatch now requires the JSString input, to cache. - * runtime/StringPrototype.cpp: - (JSC::removeUsingRegExpSearch): - (JSC::replaceUsingRegExpSearch): - (JSC::stringProtoFuncMatch): - (JSC::stringProtoFuncSearch): - - performMatch now requires the JSString input, to cache. - -2012-03-23 Tony Chang - - [chromium] rename newwtf target back to wtf - https://bugs.webkit.org/show_bug.cgi?id=82064 - - Reviewed by Adam Barth. - - * JavaScriptCore.gyp/JavaScriptCore.gyp: - -2012-03-23 Mark Hahnenberg - - Simplify memory usage tracking in CopiedSpace - https://bugs.webkit.org/show_bug.cgi?id=80705 - - Reviewed by Filip Pizlo. - - * heap/CopiedAllocator.h: - (CopiedAllocator): Rename currentUtilization to currentSize. - (JSC::CopiedAllocator::currentCapacity): - * heap/CopiedBlock.h: - (CopiedBlock): - (JSC::CopiedBlock::payload): Move the implementation of payload() out of the class - declaration. - (JSC): - (JSC::CopiedBlock::size): Add new function to calculate the block's size. - (JSC::CopiedBlock::capacity): Ditto for capacity. - * heap/CopiedSpace.cpp: - (JSC::CopiedSpace::CopiedSpace): Remove old bogus memory stats fields and add a new - field for the water mark. - (JSC::CopiedSpace::init): - (JSC::CopiedSpace::tryAllocateSlowCase): When we fail to allocate from the current - block, we need to update our current water mark with the size of the block. - (JSC::CopiedSpace::tryAllocateOversize): When we allocate a new oversize block, we - need to update our current water mark with the size of the used portion of the block. - (JSC::CopiedSpace::tryReallocate): We don't need to update the water mark when - reallocating because it will either get accounted for when we fill up the block later - in the case of being able to reallocate in the current block or it will get picked up - immediately because we'll have to get a new block. - (JSC::CopiedSpace::tryReallocateOversize): We do, however, need to update in when - realloc-ing an oversize block because we deallocate the old block and allocate a brand - new one. - (JSC::CopiedSpace::doneFillingBlock): Update the water mark as blocks are returned to - the CopiedSpace by the SlotVisitors. - (JSC::CopiedSpace::doneCopying): Add in any pinned blocks to the water mark. - (JSC::CopiedSpace::getFreshBlock): We use the Heap's new function to tell us whether or - not we should collect now instead of doing the calculation ourself. - (JSC::CopiedSpace::destroy): - (JSC): - (JSC::CopiedSpace::size): Manually calculate the size of the CopiedSpace, similar to how - MarkedSpace does. - (JSC::CopiedSpace::capacity): Ditto for capacity. - * heap/CopiedSpace.h: - (JSC::CopiedSpace::waterMark): - (CopiedSpace): - * heap/CopiedSpaceInlineMethods.h: - (JSC::CopiedSpace::startedCopying): Reset water mark to 0 when we start copying during a - collection. - (JSC::CopiedSpace::allocateNewBlock): - (JSC::CopiedSpace::fitsInBlock): - (JSC::CopiedSpace::allocateFromBlock): - * heap/Heap.cpp: - (JSC::Heap::size): Incorporate size of CopiedSpace into the total size of the Heap. - (JSC::Heap::capacity): Ditto for capacity. - (JSC::Heap::collect): - * heap/Heap.h: - (Heap): - (JSC::Heap::shouldCollect): New function for other sub-parts of the Heap to use to - determine whether they should initiate a collection or continue to allocate new blocks. - (JSC): - (JSC::Heap::waterMark): Now is the sum of the water marks of the two sub-parts of the - Heap (MarkedSpace and CopiedSpace). - * heap/MarkedAllocator.cpp: - (JSC::MarkedAllocator::allocateSlowCase): Changed to use the Heap's new shouldCollect() function. - -2012-03-23 Ryosuke Niwa - - BitVector::resizeOutOfLine doesn't memset when converting an inline buffer - https://bugs.webkit.org/show_bug.cgi?id=82012 - - Reviewed by Filip Pizlo. - - Initialize out-of-line buffers while extending an inline buffer. Also export symbols to be used in WebCore. - - * wtf/BitVector.cpp: - (WTF::BitVector::resizeOutOfLine): - * wtf/BitVector.h: - (BitVector): - (OutOfLineBits): - -2012-03-22 Michael Saboff - - ExecutableAllocator::memoryPressureMultiplier() might can return NaN - https://bugs.webkit.org/show_bug.cgi?id=82002 - - Reviewed by Filip Pizlo. - - Guard against divide by zero and then make sure the return - value is >= 1.0. - - * jit/ExecutableAllocator.cpp: - (JSC::ExecutableAllocator::memoryPressureMultiplier): - * jit/ExecutableAllocatorFixedVMPool.cpp: - (JSC::ExecutableAllocator::memoryPressureMultiplier): - -2012-03-22 Jessie Berlin - - Windows build fix after r111778. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: - Don't include and try to build files owned by WTF. - Also, let VS have its way with the vcproj in terms of file ordering. - -2012-03-22 Raphael Kubo da Costa - - [CMake] Unreviewed build fix after r111778. - - * CMakeLists.txt: Move ${WTF_DIR} after ${JAVASCRIPTCORE_DIR} in - the include paths so that the right config.h is used. - -2012-03-22 Tony Chang - - Unreviewed, fix chromium build after wtf move. - - Remove old wtf_config and wtf targets. - - * JavaScriptCore.gyp/JavaScriptCore.gyp: - -2012-03-22 Martin Robinson - - Fixed the GTK+ WTF/JavaScriptCore build after r111778. - - * GNUmakefile.list.am: Removed an extra trailing backslash. - -2012-03-22 Mark Rowe - - Fix the build. - - * Configurations/JavaScriptCore.xcconfig: Tell the linker to pull in all members from static libraries - rather than only those that contain symbols that JavaScriptCore itself uses. - * JavaScriptCore.xcodeproj/project.pbxproj: Remove some bogus settings that crept in to the Xcode project. - -2012-03-22 Filip Pizlo - - DFG NodeFlags has some duplicate code and naming issues - https://bugs.webkit.org/show_bug.cgi?id=81975 - - Reviewed by Gavin Barraclough. - - Removed most references to "ArithNodeFlags" since those are now just part - of the node flags. Fixed some renaming goofs (EdgedAsNum is once again - NodeUsedAsNum). Got rid of setArithNodeFlags() and mergeArithNodeFlags() - because the former was never called and the latter did the same things as - mergeFlags(). - - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::makeSafe): - (JSC::DFG::ByteCodeParser::makeDivSafe): - (JSC::DFG::ByteCodeParser::handleIntrinsic): - * dfg/DFGGraph.cpp: - (JSC::DFG::Graph::dump): - * dfg/DFGNode.h: - (JSC::DFG::Node::arithNodeFlags): - (Node): - * dfg/DFGNodeFlags.cpp: - (JSC::DFG::nodeFlagsAsString): - * dfg/DFGNodeFlags.h: - (DFG): - (JSC::DFG::nodeUsedAsNumber): - * dfg/DFGPredictionPropagationPhase.cpp: - (JSC::DFG::PredictionPropagationPhase::propagate): - (JSC::DFG::PredictionPropagationPhase::mergeDefaultArithFlags): - -2012-03-22 Eric Seidel - - Actually move WTF files to their new home - https://bugs.webkit.org/show_bug.cgi?id=81844 - - Unreviewed. The details of the port-specific changes - have been seen by contributors from those ports, but - the whole 5MB change isn't very reviewable as-is. - - * GNUmakefile.am: - * GNUmakefile.list.am: - * JSCTypedArrayStubs.h: - * JavaScriptCore.gypi: - * JavaScriptCore.xcodeproj/project.pbxproj: - * jsc.cpp: - -2012-03-22 Kevin Ollivier - - [wx] Unreviewed. Adding Source/WTF to the build. - - * wscript: - -2012-03-22 Gavin Barraclough - - Add JSValue::isFunction - https://bugs.webkit.org/show_bug.cgi?id=81935 - - Reviewed by Geoff Garen. - - This would be useful in the WebCore bindings code. - Also, remove asFunction, replace with jsCast. - - * API/JSContextRef.cpp: - * debugger/Debugger.cpp: - * debugger/DebuggerCallFrame.cpp: - (JSC::DebuggerCallFrame::functionName): - * dfg/DFGGraph.h: - (JSC::DFG::Graph::valueOfFunctionConstant): - * dfg/DFGOperations.cpp: - * interpreter/CallFrame.cpp: - (JSC::CallFrame::isInlineCallFrameSlow): - * interpreter/Interpreter.cpp: - (JSC::Interpreter::privateExecute): - * jit/JITStubs.cpp: - (JSC::DEFINE_STUB_FUNCTION): - (JSC::jitCompileFor): - (JSC::lazyLinkFor): - * llint/LLIntSlowPaths.cpp: - (JSC::LLInt::traceFunctionPrologue): - (JSC::LLInt::LLINT_SLOW_PATH_DECL): - (JSC::LLInt::setUpCall): - * runtime/Arguments.h: - (JSC::Arguments::finishCreation): - * runtime/ArrayPrototype.cpp: - (JSC::arrayProtoFuncFilter): - (JSC::arrayProtoFuncMap): - (JSC::arrayProtoFuncEvery): - (JSC::arrayProtoFuncForEach): - (JSC::arrayProtoFuncSome): - (JSC::arrayProtoFuncReduce): - (JSC::arrayProtoFuncReduceRight): - * runtime/CommonSlowPaths.h: - (JSC::CommonSlowPaths::arityCheckFor): - * runtime/Executable.h: - (JSC::FunctionExecutable::compileFor): - (JSC::FunctionExecutable::compileOptimizedFor): - * runtime/FunctionPrototype.cpp: - (JSC::functionProtoFuncToString): - * runtime/JSArray.cpp: - (JSC::JSArray::sort): - * runtime/JSFunction.cpp: - (JSC::JSFunction::argumentsGetter): - (JSC::JSFunction::callerGetter): - (JSC::JSFunction::lengthGetter): - * runtime/JSFunction.h: - (JSC): - (JSC::asJSFunction): - (JSC::JSValue::isFunction): - * runtime/JSGlobalData.cpp: - (WTF::Recompiler::operator()): - (JSC::JSGlobalData::releaseExecutableMemory): - * runtime/JSValue.h: - * runtime/StringPrototype.cpp: - (JSC::replaceUsingRegExpSearch): - -2012-03-21 Filip Pizlo - - DFG speculation on booleans should be rationalized - https://bugs.webkit.org/show_bug.cgi?id=81840 - - Reviewed by Gavin Barraclough. - - This removes isKnownBoolean() and replaces it with AbstractState-based - optimization, and cleans up the control flow in code gen methods for - Branch and LogicalNot. Also fixes a goof in Node::shouldSpeculateNumber, - and removes isKnownNotBoolean() since that method appeared to be a - helper used solely by 32_64's speculateBooleanOperation(). - - This is performance-neutral. - - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::execute): - * dfg/DFGNode.h: - (JSC::DFG::Node::shouldSpeculateNumber): - * dfg/DFGSpeculativeJIT.cpp: - (DFG): - * dfg/DFGSpeculativeJIT.h: - (SpeculativeJIT): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean): - (JSC::DFG::SpeculativeJIT::compileLogicalNot): - (JSC::DFG::SpeculativeJIT::emitBranch): - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compileLogicalNot): - (JSC::DFG::SpeculativeJIT::emitBranch): - (JSC::DFG::SpeculativeJIT::compile): - -2012-03-21 Mark Rowe - - Fix the build. - - * wtf/MetaAllocator.h: - (MetaAllocator): Export the destructor. - -2012-03-21 Eric Seidel - - Fix remaining WTF includes in JavaScriptCore in preparation for moving WTF headers out of JavaScriptCore - https://bugs.webkit.org/show_bug.cgi?id=81834 - - Reviewed by Adam Barth. - - * jsc.cpp: - * os-win32/WinMain.cpp: - * runtime/JSDateMath.cpp: - * runtime/TimeoutChecker.cpp: - * testRegExp.cpp: - * tools/CodeProfiling.cpp: - -2012-03-21 Eric Seidel - - WTF::MetaAllocator has a weak vtable (discovered when building wtf as a static library) - https://bugs.webkit.org/show_bug.cgi?id=81838 - - Reviewed by Geoffrey Garen. - - My understanding is that weak vtables happen when the compiler/linker cannot - determine which compilation unit should constain the vtable. In this case - because there were only pure virtual functions as well as an "inline" - virtual destructor (thus the virtual destructor was defined in many compilation - units). Since you can't actually "inline" a virtual function (it still has to - bounce through the vtable), the "inline" on this virutal destructor doesn't - actually help performance, and is only serving to confuse the compiler here. - I've moved the destructor implementation to the .cpp file, thus making - it clear to the compiler where the vtable should be stored, and solving the error. - - * wtf/MetaAllocator.cpp: - (WTF::MetaAllocator::~MetaAllocator): - (WTF): - * wtf/MetaAllocator.h: - -2012-03-20 Gavin Barraclough - - RegExpMatchesArray should not copy the ovector - https://bugs.webkit.org/show_bug.cgi?id=81742 - - Reviewed by Michael Saboff. - - Currently, all RegExpMatchesArray object contain Vector, used to hold any sub-pattern results. - This makes allocation/construction/destruction of these objects more expensive. Instead, just store the - main match, and recreate the sub-pattern ranges only if necessary (these are often only used for grouping, - and the results never accessed). - If the main match (index 0) of the RegExpMatchesArray is accessed, reify that value alone. - - * dfg/DFGOperations.cpp: - - RegExpObject match renamed back to test (test returns a bool). - * runtime/RegExpConstructor.cpp: - (JSC): - - Removed RegExpResult, RegExpMatchesArray constructor, destroy method. - (JSC::RegExpMatchesArray::finishCreation): - - Removed RegExpConstructorPrivate parameter. - (JSC::RegExpMatchesArray::reifyAllProperties): - - (Was fillArrayInstance) Reify all properties of the RegExpMatchesArray. - If there are sub-pattern properties, the RegExp is re-run to generate their values. - (JSC::RegExpMatchesArray::reifyMatchProperty): - - Reify just the match (index 0) property of the RegExpMatchesArray. - * runtime/RegExpConstructor.h: - (RegExpConstructor): - (JSC::RegExpConstructor::performMatch): - - performMatch now returns a MatchResult, rather than using out-parameters. - * runtime/RegExpMatchesArray.h: - (JSC::RegExpMatchesArray::RegExpMatchesArray): - - Moved from .cpp, stores the input/regExp/result to use when lazily reifying properties. - (RegExpMatchesArray): - (JSC::RegExpMatchesArray::create): - - Now passed the input string matched against, the RegExp, and the MatchResult. - (JSC::RegExpMatchesArray::reifyAllPropertiesIfNecessary): - (JSC::RegExpMatchesArray::reifyMatchPropertyIfNecessary): - - Helpers to conditionally reify properties. - (JSC::RegExpMatchesArray::getOwnPropertySlot): - (JSC::RegExpMatchesArray::getOwnPropertySlotByIndex): - (JSC::RegExpMatchesArray::getOwnPropertyDescriptor): - (JSC::RegExpMatchesArray::put): - (JSC::RegExpMatchesArray::putByIndex): - (JSC::RegExpMatchesArray::deleteProperty): - (JSC::RegExpMatchesArray::deletePropertyByIndex): - (JSC::RegExpMatchesArray::getOwnPropertyNames): - (JSC::RegExpMatchesArray::defineOwnProperty): - - Changed to use reifyAllPropertiesIfNecessary/reifyMatchPropertyIfNecessary - (getOwnPropertySlotByIndex calls reifyMatchPropertyIfNecessary if index is 0). - * runtime/RegExpObject.cpp: - (JSC::RegExpObject::exec): - (JSC::RegExpObject::match): - - match now returns a MatchResult. - * runtime/RegExpObject.h: - (JSC::MatchResult::MatchResult): - - Added the result of a match is a start & end tuple. - (JSC::MatchResult::failed): - - A failure is indicated by (notFound, 0). - (JSC::MatchResult::operator bool): - - Evaluates to false if the match failed. - (JSC::MatchResult::empty): - - Evaluates to true if the match succeeded with length 0. - (JSC::RegExpObject::test): - - Now returns a bool. - * runtime/RegExpPrototype.cpp: - (JSC::regExpProtoFuncTest): - - RegExpObject match renamed back to test (test returns a bool). - * runtime/StringPrototype.cpp: - (JSC::removeUsingRegExpSearch): - (JSC::replaceUsingRegExpSearch): - (JSC::stringProtoFuncMatch): - (JSC::stringProtoFuncSearch): - - performMatch now returns a MatchResult, rather than using out-parameters. - -2012-03-21 Hojong Han - - Fix out of memory by allowing overcommit - https://bugs.webkit.org/show_bug.cgi?id=81743 - - Reviewed by Geoffrey Garen. - - Garbage collection is not triggered and new blocks are added - because overcommit is allowed by MAP_NORESERVE flag when high water mark is big enough. - - * wtf/OSAllocatorPosix.cpp: - (WTF::OSAllocator::reserveAndCommit): - -2012-03-21 Jessie Berlin - - More Windows build fixing. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops: - Fix the order of the include directories to look in include/private first before looking - in include/private/JavaScriptCore. - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops: - Look in the Production output directory (where the wtf headers will be). This is the same - thing that is done for jsc and testRegExp in ReleasePGO. - -2012-03-21 Jessie Berlin - - WTF headers should be in $(ConfigurationBuildDir)\include\private\wtf, not - $(ConfigurationBuildDir)\include\private\JavaScriptCore\wtf. - https://bugs.webkit.org/show_bug.cgi?id=81739 - - Reviewed by Dan Bernstein. - - * JavaScriptCore.vcproj/jsc/jsc.vcproj: - Look for AtomicString.cpp, StringBuilder.cpp, StringImpl.cpp, and WTFString.cpp in the wtf - subdirectory of the build output, not the JavaScriptCore/wtf subdirectory. - * JavaScriptCore.vcproj/testRegExp/testRegExp.vcproj: - Ditto. - - * JavaScriptCore.vcproj/testRegExp/testRegExpReleasePGO.vsprops: - Get the headers for those 4 files from the wtf subdirectory of the build output, not the - JavaScriptCore/wtf subdirectory. - * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops: - Ditto. - -2012-03-20 Eric Seidel - - Move wtf/Platform.h from JavaScriptCore to Source/WTF/wtf - https://bugs.webkit.org/show_bug.cgi?id=80911 - - Reviewed by Adam Barth. - - Update the various build systems to depend on Source/WTF headers - as well as remove references to Platform.h (since it's now moved). - - * CMakeLists.txt: - * JavaScriptCore.pri: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops: - * JavaScriptCore.xcodeproj/project.pbxproj: - * wtf/CMakeLists.txt: - -2012-03-20 Filip Pizlo - - op_mod fails on many interesting corner cases - https://bugs.webkit.org/show_bug.cgi?id=81648 - - Reviewed by Oliver Hunt. - - Removed most strength reduction for op_mod, and fixed the integer handling - to do the right thing for corner cases. Oddly, this revealed bugs in OSR, - which this patch also fixes. - - This patch is performance neutral on all of the major benchmarks we track. - - * dfg/DFGOperations.cpp: - * dfg/DFGOperations.h: - * dfg/DFGSpeculativeJIT.cpp: - (DFG): - (JSC::DFG::SpeculativeJIT::compileSoftModulo): - (JSC::DFG::SpeculativeJIT::compileArithMod): - * jit/JIT.h: - (JIT): - * jit/JITArithmetic.cpp: - (JSC): - (JSC::JIT::emit_op_mod): - (JSC::JIT::emitSlow_op_mod): - * jit/JITArithmetic32_64.cpp: - (JSC::JIT::emit_op_mod): - (JSC::JIT::emitSlow_op_mod): - * jit/JITOpcodes32_64.cpp: - (JSC::JIT::privateCompileCTIMachineTrampolines): - (JSC): - * jit/JITStubs.h: - (TrampolineStructure): - (JSC::JITThunks::ctiNativeConstruct): - * llint/LowLevelInterpreter64.asm: - * wtf/Platform.h: - * wtf/SimpleStats.h: - (WTF::SimpleStats::variance): - -2012-03-20 Steve Falkenburg - - Windows (make based) build fix. - - - * JavaScriptCore.vcproj/JavaScriptCore.make: devenv /rebuild doesn't work with JavaScriptCore.vcproj. Use /clean and /build instead. - -2012-03-20 Steve Falkenburg - - Move WTF-related Windows project files out of JavaScriptCore - https://bugs.webkit.org/show_bug.cgi?id=80680 - - This change only moves the vcproj and related files from JavaScriptCore/JavaScriptCore.vcproj/WTF. - It does not move any source code. This is in preparation for the WTF source move out of - JavaScriptCore. - - Reviewed by Jessie Berlin. - - * JavaScriptCore.vcproj/JavaScriptCore.sln: - * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: - * JavaScriptCore.vcproj/WTF: Removed. - * JavaScriptCore.vcproj/WTF/WTF.vcproj: Removed. - * JavaScriptCore.vcproj/WTF/WTFCommon.vsprops: Removed. - * JavaScriptCore.vcproj/WTF/WTFDebug.vsprops: Removed. - * JavaScriptCore.vcproj/WTF/WTFDebugAll.vsprops: Removed. - * JavaScriptCore.vcproj/WTF/WTFDebugCairoCFLite.vsprops: Removed. - * JavaScriptCore.vcproj/WTF/WTFGenerated.make: Removed. - * JavaScriptCore.vcproj/WTF/WTFGenerated.vcproj: Removed. - * JavaScriptCore.vcproj/WTF/WTFGeneratedCommon.vsprops: Removed. - * JavaScriptCore.vcproj/WTF/WTFGeneratedDebug.vsprops: Removed. - * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugAll.vsprops: Removed. - * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugCairoCFLite.vsprops: Removed. - * JavaScriptCore.vcproj/WTF/WTFGeneratedProduction.vsprops: Removed. - * JavaScriptCore.vcproj/WTF/WTFGeneratedRelease.vsprops: Removed. - * JavaScriptCore.vcproj/WTF/WTFGeneratedReleaseCairoCFLite.vsprops: Removed. - * JavaScriptCore.vcproj/WTF/WTFPostBuild.cmd: Removed. - * JavaScriptCore.vcproj/WTF/WTFPreBuild.cmd: Removed. - * JavaScriptCore.vcproj/WTF/WTFProduction.vsprops: Removed. - * JavaScriptCore.vcproj/WTF/WTFRelease.vsprops: Removed. - * JavaScriptCore.vcproj/WTF/WTFReleaseCairoCFLite.vsprops: Removed. - * JavaScriptCore.vcproj/WTF/build-generated-files.sh: Removed. - * JavaScriptCore.vcproj/WTF/copy-files.cmd: Removed. - * JavaScriptCore.vcproj/WTF/work-around-vs-dependency-tracking-bugs.py: Removed. - -2012-03-20 Benjamin Poulain - - Cache the type string of JavaScript object - https://bugs.webkit.org/show_bug.cgi?id=81446 - - Reviewed by Geoffrey Garen. - - Instead of creating the JSString every time, we create - lazily the strings in JSGlobalData. - - This avoid the construction of the StringImpl and of the JSString, - which gives some performance improvements. - - * runtime/CommonIdentifiers.h: - * runtime/JSValue.cpp: - (JSC::JSValue::toStringSlowCase): - * runtime/Operations.cpp: - (JSC::jsTypeStringForValue): - * runtime/SmallStrings.cpp: - (JSC::SmallStrings::SmallStrings): - (JSC::SmallStrings::finalizeSmallStrings): - (JSC::SmallStrings::initialize): - (JSC): - * runtime/SmallStrings.h: - (SmallStrings): - -2012-03-20 Oliver Hunt - - Allow LLINT to work even when executable allocation fails. - https://bugs.webkit.org/show_bug.cgi?id=81693 - - Reviewed by Gavin Barraclough. - - Don't crash if executable allocation fails if we can fall back on LLINT - - * jit/ExecutableAllocatorFixedVMPool.cpp: - (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator): - * wtf/OSAllocatorPosix.cpp: - (WTF::OSAllocator::reserveAndCommit): - -2012-03-20 Csaba Osztrogonác - - Division optimizations fail to infer cases of truncated division and mishandle -2147483648/-1 - https://bugs.webkit.org/show_bug.cgi?id=81428 - - 32 bit buildfix after r111355. - - 2147483648 (2^31) isn't valid int literal in ISO C90, because 2147483647 (2^31-1) is the biggest int. - The smallest int is -2147483648 (-2^31) == -2147483647 - 1 == -INT32_MAX-1 == INT32_MIN (stdint.h). - - Reviewed by Zoltan Herczeg. - - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForX86): - -2012-03-19 Jochen Eisinger - - Split WTFReportBacktrace into WTFReportBacktrace and WTFPrintBacktrace - https://bugs.webkit.org/show_bug.cgi?id=80983 - - Reviewed by Darin Adler. - - This allows printing a backtrace acquired by an earlier WTFGetBacktrace - call which is useful for local debugging. - - * wtf/Assertions.cpp: - * wtf/Assertions.h: - -2012-03-19 Benjamin Poulain - - Do not copy the script source in the SourceProvider, just reference the existing string - https://bugs.webkit.org/show_bug.cgi?id=81466 - - Reviewed by Geoffrey Garen. - - * parser/SourceCode.h: Remove the unused, and incorrect, function data(). - * parser/SourceProvider.h: Add OVERRIDE for clarity. - -2012-03-19 Filip Pizlo - - Division optimizations fail to infer cases of truncated division and - mishandle -2147483648/-1 - https://bugs.webkit.org/show_bug.cgi?id=81428 - - - Reviewed by Oliver Hunt. - - If you're a division over integers and you're only used as an integer, then you're - an integer division and remainder checks become unnecessary. If you're dividing - -2147483648 by -1, don't crash. - - * assembler/MacroAssemblerX86Common.h: - (MacroAssemblerX86Common): - (JSC::MacroAssemblerX86Common::add32): - * dfg/DFGSpeculativeJIT.cpp: - (DFG): - (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForX86): - * dfg/DFGSpeculativeJIT.h: - (SpeculativeJIT): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * llint/LowLevelInterpreter64.asm: - -2012-03-19 Benjamin Poulain - - Simplify SmallStrings - https://bugs.webkit.org/show_bug.cgi?id=81445 - - Reviewed by Gavin Barraclough. - - SmallStrings had two methods that should not be public: count() and clear(). - - The method clear() is effectively replaced by finalizeSmallStrings(). The body - of the method was moved to the constructor since the code is obvious. - - The method count() is unused. - - * runtime/SmallStrings.cpp: - (JSC::SmallStrings::SmallStrings): - * runtime/SmallStrings.h: - (SmallStrings): - -2012-03-19 Filip Pizlo - - DFG can no longer compile V8-v4/regexp in debug mode - https://bugs.webkit.org/show_bug.cgi?id=81592 - - Reviewed by Gavin Barraclough. - - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - -2012-03-19 Filip Pizlo - - Prediction propagation for UInt32ToNumber incorrectly assumes that outs outcome does not - change throughout the fixpoint - https://bugs.webkit.org/show_bug.cgi?id=81583 - - Reviewed by Michael Saboff. - - * dfg/DFGPredictionPropagationPhase.cpp: - (JSC::DFG::PredictionPropagationPhase::propagate): - -2012-03-19 Filip Pizlo - - GC should not attempt to clear LLInt instruction inline caches for code blocks that are in - the process of being generated - https://bugs.webkit.org/show_bug.cgi?id=81565 - - Reviewed by Oliver Hunt. - - * bytecode/CodeBlock.cpp: - (JSC::CodeBlock::finalizeUnconditionally): - -2012-03-19 Eric Seidel - - Fix WTF header include discipline in Chromium WebKit - https://bugs.webkit.org/show_bug.cgi?id=81281 - - Reviewed by James Robinson. - - * JavaScriptCore.gyp/JavaScriptCore.gyp: - * wtf/unicode/icu/CollatorICU.cpp: - -2012-03-19 Filip Pizlo - - DFG NodeUse should be called Edge and NodeReferenceBlob should be called AdjacencyList - https://bugs.webkit.org/show_bug.cgi?id=81556 - - Rubber stamped by Gavin Barraclough. - - * GNUmakefile.list.am: - * JavaScriptCore.xcodeproj/project.pbxproj: - * dfg/DFGAbstractState.h: - (JSC::DFG::AbstractState::forNode): - * dfg/DFGAdjacencyList.h: Copied from Source/JavaScriptCore/dfg/DFGNodeReferenceBlob.h. - (JSC::DFG::AdjacencyList::AdjacencyList): - (JSC::DFG::AdjacencyList::child): - (JSC::DFG::AdjacencyList::setChild): - (JSC::DFG::AdjacencyList::child1): - (JSC::DFG::AdjacencyList::child2): - (JSC::DFG::AdjacencyList::child3): - (JSC::DFG::AdjacencyList::setChild1): - (JSC::DFG::AdjacencyList::setChild2): - (JSC::DFG::AdjacencyList::setChild3): - (JSC::DFG::AdjacencyList::child1Unchecked): - (JSC::DFG::AdjacencyList::initialize): - (AdjacencyList): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::addVarArgChild): - (JSC::DFG::ByteCodeParser::processPhiStack): - * dfg/DFGCSEPhase.cpp: - (JSC::DFG::CSEPhase::canonicalize): - (JSC::DFG::CSEPhase::performSubstitution): - * dfg/DFGEdge.h: Copied from Source/JavaScriptCore/dfg/DFGNodeUse.h. - (DFG): - (JSC::DFG::Edge::Edge): - (JSC::DFG::Edge::operator==): - (JSC::DFG::Edge::operator!=): - (Edge): - (JSC::DFG::operator==): - (JSC::DFG::operator!=): - * dfg/DFGGraph.h: - (JSC::DFG::Graph::operator[]): - (JSC::DFG::Graph::at): - (JSC::DFG::Graph::ref): - (JSC::DFG::Graph::deref): - (JSC::DFG::Graph::clearAndDerefChild1): - (JSC::DFG::Graph::clearAndDerefChild2): - (JSC::DFG::Graph::clearAndDerefChild3): - (Graph): - * dfg/DFGJITCompiler.h: - (JSC::DFG::JITCompiler::getPrediction): - * dfg/DFGNode.h: - (JSC::DFG::Node::Node): - (JSC::DFG::Node::child1): - (JSC::DFG::Node::child1Unchecked): - (JSC::DFG::Node::child2): - (JSC::DFG::Node::child3): - (Node): - * dfg/DFGNodeFlags.cpp: - (JSC::DFG::arithNodeFlagsAsString): - * dfg/DFGNodeFlags.h: - (DFG): - (JSC::DFG::nodeUsedAsNumber): - * dfg/DFGNodeReferenceBlob.h: Removed. - * dfg/DFGNodeUse.h: Removed. - * dfg/DFGPredictionPropagationPhase.cpp: - (JSC::DFG::PredictionPropagationPhase::propagate): - (JSC::DFG::PredictionPropagationPhase::mergeDefaultArithFlags): - (JSC::DFG::PredictionPropagationPhase::vote): - (JSC::DFG::PredictionPropagationPhase::fixupNode): - * dfg/DFGScoreBoard.h: - (JSC::DFG::ScoreBoard::use): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::useChildren): - (JSC::DFG::SpeculativeJIT::writeBarrier): - (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray): - (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): - (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): - (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant): - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::at): - (JSC::DFG::SpeculativeJIT::canReuse): - (JSC::DFG::SpeculativeJIT::use): - (SpeculativeJIT): - (JSC::DFG::SpeculativeJIT::speculationCheck): - (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution): - (JSC::DFG::IntegerOperand::IntegerOperand): - (JSC::DFG::DoubleOperand::DoubleOperand): - (JSC::DFG::JSValueOperand::JSValueOperand): - (JSC::DFG::StorageOperand::StorageOperand): - (JSC::DFG::SpeculateIntegerOperand::SpeculateIntegerOperand): - (JSC::DFG::SpeculateStrictInt32Operand::SpeculateStrictInt32Operand): - (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand): - (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand): - (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::cachedPutById): - (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull): - (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull): - (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull): - (JSC::DFG::SpeculativeJIT::emitCall): - (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot): - (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::cachedPutById): - (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull): - (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull): - (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull): - (JSC::DFG::SpeculativeJIT::emitCall): - (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot): - (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): - -2012-03-19 Gavin Barraclough - - Object.freeze broken on latest Nightly - https://bugs.webkit.org/show_bug.cgi?id=80577 - - Reviewed by Oliver Hunt. - - * runtime/Arguments.cpp: - (JSC::Arguments::defineOwnProperty): - - defineOwnProperty was checking for correct behaviour, provided that length/callee hadn't - been overrridden. instead, just reify length/callee & rely on JSObject::defineOwnProperty. - * runtime/JSFunction.cpp: - (JSC::JSFunction::defineOwnProperty): - - for arguments/caller/length properties, defineOwnProperty was incorrectly asserting that - the object must be extensible; this is incorrect since these properties should already exist - on the object. In addition, it was asserting that the arguments/caller values must match the - corresponding magic data properties, but for strict mode function this is incorrect. Instead, - just reify the arguments/caller accessor & defer to JSObject::defineOwnProperty. - -2012-03-19 Filip Pizlo - - LLInt get_by_pname slow path incorrectly assumes that the operands are not constants - https://bugs.webkit.org/show_bug.cgi?id=81559 - - Reviewed by Michael Saboff. - - * llint/LLIntSlowPaths.cpp: - (JSC::LLInt::LLINT_SLOW_PATH_DECL): - -2012-03-19 Yong Li - - [BlackBerry] Implement OSAllocator::commit/decommit in the correct way - https://bugs.webkit.org/show_bug.cgi?id=77013 - - We should use mmap(PROT_NONE, MAP_LAZY) instead of posix_madvise() to - implement memory decommitting for QNX. - - Reviewed by Rob Buis. - - * wtf/OSAllocatorPosix.cpp: - (WTF::OSAllocator::reserveUncommitted): - (WTF::OSAllocator::commit): - (WTF::OSAllocator::decommit): - -2012-03-19 Gavin Barraclough - - Unreviewed - revent a couple of files accidentally committed. - - * runtime/Arguments.cpp: - (JSC::Arguments::defineOwnProperty): - * runtime/JSFunction.cpp: - (JSC::JSFunction::defineOwnProperty): - -2012-03-19 Jessie Berlin - - Another Windows build fix after r111129. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - -2012-03-19 Raphael Kubo da Costa - - Cross-platform processor core counter: fix build on FreeBSD. - https://bugs.webkit.org/show_bug.cgi?id=81482 - - Reviewed by Zoltan Herczeg. - - The documentation of sysctl(3) shows that should be - included before (sys/types.h tends to be the first - included header in general). - - This should fix the build on FreeBSD and other systems where - sysctl.h really depends on types defined in types.h. - - * wtf/NumberOfCores.cpp: - -2012-03-19 Jessie Berlin - - Windows build fix after r111129. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - -2012-03-19 Gavin Barraclough - - JSCallbackFunction::toStringCallback/valueOfCallback do not handle 0 return value from convertToType - https://bugs.webkit.org/show_bug.cgi?id=81468 - - Reviewed by Oliver Hunt. - - The API specifies that convertToType may opt not to handle a conversion: - "@result The objects's converted value, or NULL if the object was not converted." - In which case, it would propagate first up the JSClass hierarchy, calling its superclass's - conversion functions, and failing that call the JSObject::defaultValue function. - - Unfortunately this behaviour was removed in bug#69677/bug#69858, and instead we now rely on - the toStringCallback/valueOfCallback function introduced in bug#69156. Even after a fix in - bug#73368, these will return the result from the first convertToType they find, regardless - of whether this result is null, and if no convertToType method is found in the api class - hierarchy (possible if toStringCallback/valueOfCallback was accessed off the prototype - chain), they will also return a null pointer. This is unsafe. - - It would be easy to make the approach based around toStringCallback/valueOfCallback continue - to walk the api class hierarchy, but making the fallback to defaultValue would be problematic - (since defaultValue calls toStringCallback/valueOfCallback, this would infinitely recurse). - Making the fallback work with toString/valueOf methods attached to api objects is probably - not the right thing to do – instead, we should just implement the defaultValue trap for api - objects. - - In addition, this bug highlights that fact that JSCallbackFunction::call will allow a hard - null to be returned from C to JavaScript - this is not okay. Handle with an exception. - - * API/JSCallbackFunction.cpp: - (JSC::JSCallbackFunction::call): - - Should be null checking the return value. - (JSC): - - Remove toStringCallback/valueOfCallback. - * API/JSCallbackFunction.h: - (JSCallbackFunction): - - Remove toStringCallback/valueOfCallback. - * API/JSCallbackObject.h: - (JSCallbackObject): - - Add defaultValue mthods to JSCallbackObject. - * API/JSCallbackObjectFunctions.h: - (JSC::::defaultValue): - - Add defaultValue mthods to JSCallbackObject. - * API/JSClassRef.cpp: - (OpaqueJSClass::prototype): - - Remove toStringCallback/valueOfCallback. - * API/tests/testapi.js: - - Revert this test, now we no longer artificially introduce a toString method onto the api object. - -2012-03-18 Raphael Kubo da Costa - - [EFL] Include ICU_INCLUDE_DIRS when building. - https://bugs.webkit.org/show_bug.cgi?id=81483 - - Reviewed by Daniel Bates. - - So far, only the ICU libraries were being included when building - JavaScriptCore, however the include path is also needed, otherwise the - build will fail when ICU is installed into a non-standard location. - - * PlatformEfl.cmake: Include ${ICU_INCLUDE_DIRS}. - -2012-03-17 Gavin Barraclough - - Strength reduction, RegExp.exec -> RegExp.test - https://bugs.webkit.org/show_bug.cgi?id=81459 - - Reviewed by Sam Weinig. - - RegExp.prototype.exec & RegExp.prototype.test can both be used to test a regular - expression for a match against a string - however exec is more expensive, since - it allocates a matches array object. In cases where the result is consumed in a - boolean context the allocation of the matches array can be trivially elided. - - For example: - function f() - { - for (i =0; i < 10000000; ++i) - if(!/a/.exec("a")) - err = true; - } - - This is a 2.5x speedup on this example microbenchmark loop. - - In a more advanced form of this optimization, we may be able to avoid allocating - the array where access to the array can be observed. - - * create_hash_table: - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::execute): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::handleIntrinsic): - * dfg/DFGNode.h: - (JSC::DFG::Node::hasHeapPrediction): - * dfg/DFGNodeType.h: - (DFG): - * dfg/DFGOperations.cpp: - * dfg/DFGOperations.h: - * dfg/DFGPredictionPropagationPhase.cpp: - (JSC::DFG::PredictionPropagationPhase::propagate): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compileRegExpExec): - (DFG): - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::callOperation): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * jsc.cpp: - (GlobalObject::addConstructableFunction): - * runtime/Intrinsic.h: - * runtime/JSFunction.cpp: - (JSC::JSFunction::create): - (JSC): - * runtime/JSFunction.h: - (JSFunction): - * runtime/Lookup.cpp: - (JSC::setUpStaticFunctionSlot): - * runtime/RegExpObject.cpp: - (JSC::RegExpObject::exec): - (JSC::RegExpObject::match): - * runtime/RegExpObject.h: - (RegExpObject): - * runtime/RegExpPrototype.cpp: - (JSC::regExpProtoFuncTest): - (JSC::regExpProtoFuncExec): - -2012-03-16 Michael Saboff - - Improve diagnostic benefit of JSGlobalData::m_isInitializingObject - https://bugs.webkit.org/show_bug.cgi?id=81244 - - Rubber stamped by Filip Pizlo. - - Changed type and name of JSGlobalData::m_isInitializingObject to - ClassInfo* and m_initializingObjectClass. - Changed JSGlobalData::setInitializingObject to - JSGlobalData::setInitializingObjectClass. This pointer can be used within - the debugger to determine what type of object is being initialized. - - * runtime/JSCell.h: - (JSC::JSCell::finishCreation): - (JSC::allocateCell): - * runtime/JSGlobalData.cpp: - (JSC::JSGlobalData::JSGlobalData): - * runtime/JSGlobalData.h: - (JSGlobalData): - (JSC::JSGlobalData::isInitializingObject): - (JSC::JSGlobalData::setInitializingObjectClass): - * runtime/Structure.h: - (JSC::JSCell::finishCreation): - -2012-03-16 Mark Rowe - - Build fix. Do not preserve owner and group information when installing the WTF headers. - - * JavaScriptCore.xcodeproj/project.pbxproj: - -2012-03-15 David Dorwin - - Make the array pointer parameters in the Typed Array create() methods const. - https://bugs.webkit.org/show_bug.cgi?id=81147 - - Reviewed by Kenneth Russell. - - This allows const arrays to be passed to these methods. - They use PassRefPtr create(), which already has a const parameter. - - * wtf/Int16Array.h: - (Int16Array): - (WTF::Int16Array::create): - * wtf/Int32Array.h: - (Int32Array): - (WTF::Int32Array::create): - * wtf/Int8Array.h: - (Int8Array): - (WTF::Int8Array::create): - * wtf/Uint16Array.h: - (Uint16Array): - (WTF::Uint16Array::create): - * wtf/Uint32Array.h: - (Uint32Array): - (WTF::Uint32Array::create): - * wtf/Uint8Array.h: - (Uint8Array): - (WTF::Uint8Array::create): - * wtf/Uint8ClampedArray.h: - (Uint8ClampedArray): - (WTF::Uint8ClampedArray::create): - -2012-03-15 Myles Maxfield - - CopiedSpace::tryAllocateOversize assumes system page size - https://bugs.webkit.org/show_bug.cgi?id=80615 - - Reviewed by Geoffrey Garen. - - * heap/CopiedSpace.cpp: - (JSC::CopiedSpace::tryAllocateOversize): - * heap/CopiedSpace.h: - (CopiedSpace): - * heap/CopiedSpaceInlineMethods.h: - (JSC::CopiedSpace::oversizeBlockFor): - * wtf/BumpPointerAllocator.h: - (WTF::BumpPointerPool::create): - * wtf/StdLibExtras.h: - (WTF::roundUpToMultipleOf): - -2012-03-15 Mark Hahnenberg - - Fixing Windows build breakage - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - -2012-03-15 Patrick Gansterer - - [EFL] Make zlib a general build requirement - https://bugs.webkit.org/show_bug.cgi?id=80153 - - Reviewed by Hajime Morita. - - After r109538 WebSocket module needs zlib to support deflate-frame extension. - - * wtf/Platform.h: - -2012-03-15 Benjamin Poulain - - NumericStrings should be inlined - https://bugs.webkit.org/show_bug.cgi?id=81183 - - Reviewed by Gavin Barraclough. - - NumericStrings is not always inlined. When it is not, the class is not faster - than using UString::number() directly. - - * runtime/NumericStrings.h: - (JSC::NumericStrings::add): - (JSC::NumericStrings::lookupSmallString): - -2012-03-15 Andras Becsi - - Fix ARM build after r110792. - - Unreviewed build fix. - - * jit/ExecutableAllocator.h: - (JSC::ExecutableAllocator::cacheFlush): - Remove superfluous curly brackets. - -2012-03-15 Gavin Barraclough - - ARMv7: prefer vmov(gpr,gpr->double) over vmov(gpr->single) - https://bugs.webkit.org/show_bug.cgi?id=81256 - - Reviewed by Oliver Hunt. - - This is a 0.5% sunspider progression. - - * assembler/MacroAssemblerARMv7.h: - (JSC::MacroAssemblerARMv7::convertInt32ToDouble): - - switch which form of vmov we use. - -2012-03-15 YoungTaeck Song - - [EFL] Add OwnPtr specialization for Ecore_Timer. - https://bugs.webkit.org/show_bug.cgi?id=80119 - - Reviewed by Hajime Morita. - - Add an overload for deleteOwnedPtr(Ecore_Timer*) on EFL port. - - * wtf/OwnPtrCommon.h: - (WTF): - * wtf/efl/OwnPtrEfl.cpp: - (WTF::deleteOwnedPtr): - (WTF): - -2012-03-15 Hojong Han - - Linux has madvise enough to support OSAllocator::commit/decommit - https://bugs.webkit.org/show_bug.cgi?id=80505 - - Reviewed by Geoffrey Garen. - - * wtf/OSAllocatorPosix.cpp: - (WTF::OSAllocator::reserveUncommitted): - (WTF::OSAllocator::commit): - (WTF::OSAllocator::decommit): - -2012-03-15 Steve Falkenburg - - Windows build fix. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGOOptimize.vsprops: - * JavaScriptCore.vcproj/WTF/copy-files.cmd: - * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops: - -2012-03-15 Steve Falkenburg - - Windows build fix. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj: - -2012-03-15 Kevin Ollivier - - Move wx port to using export macros - https://bugs.webkit.org/show_bug.cgi?id=77279 - - Reviewed by Hajime Morita. - - * wscript: - * wtf/Platform.h: - -2012-03-14 Benjamin Poulain - - Avoid StringImpl::getData16SlowCase() when sorting array - https://bugs.webkit.org/show_bug.cgi?id=81070 - - Reviewed by Geoffrey Garen. - - The function codePointCompare() is used intensively when sorting strings. - This patch improves its performance by: - -Avoiding character conversion. - -Inlining the function. - - This makes Peacekeeper's arrayCombined test 30% faster. - - * wtf/text/StringImpl.cpp: - * wtf/text/StringImpl.h: - (WTF): - (WTF::codePointCompare): - (WTF::codePointCompare8): - (WTF::codePointCompare16): - (WTF::codePointCompare8To16): - -2012-03-14 Hojong Han - - Fix memory allocation failed by fastmalloc - https://bugs.webkit.org/show_bug.cgi?id=79614 - - Reviewed by Geoffrey Garen. - - Memory allocation failed even if the heap grows successfully. - It is wrong to get the span only from the large list after the heap grows, - because new span could be added in the normal list. - - * wtf/FastMalloc.cpp: - (WTF::TCMalloc_PageHeap::New): - -2012-03-14 Hojong Han - - Run cacheFlush page by page to assure of flushing all the requested ranges - https://bugs.webkit.org/show_bug.cgi?id=77712 - - Reviewed by Geoffrey Garen. - - Current MetaAllocator concept, always coalesces adjacent free spaces, - doesn't meet memory management of Linux kernel. - In a certain case Linux kernel doesn't regard contiguous virtual memory areas as one but two. - Therefore cacheFlush page by page guarantees a flush-requested range. - - * jit/ExecutableAllocator.h: - (JSC::ExecutableAllocator::cacheFlush): - -2012-03-14 Oliver Hunt - - Make ARMv7 work again - https://bugs.webkit.org/show_bug.cgi?id=81157 - - Reviewed by Geoffrey Garen. - - We were trying to use the ARMv7 dataRegister as a scratch register in a scenario - where we the ARMv7MacroAssembler would also try to use dataRegister for its own - nefarious purposes. - - * assembler/MacroAssembler.h: - (JSC::MacroAssembler::store32): - * assembler/MacroAssemblerARMv7.h: - (MacroAssemblerARMv7): - -2012-03-14 Mark Hahnenberg - - Heap::destroy leaks CopiedSpace - https://bugs.webkit.org/show_bug.cgi?id=81055 - - Reviewed by Geoffrey Garen. - - Added a destroy() function to CopiedSpace that moves all normal size - CopiedBlocks from the CopiedSpace to the Heap's list of free blocks - as well as deallocates all of the oversize blocks in the CopiedSpace. - This function is now called in Heap::destroy(). - - * heap/CopiedSpace.cpp: - (JSC::CopiedSpace::destroy): - (JSC): - * heap/CopiedSpace.h: - (CopiedSpace): - * heap/Heap.cpp: - (JSC::Heap::destroy): - -2012-03-14 Andrew Lo - - [BlackBerry] Implement REQUEST_ANIMATION_FRAME_DISPLAY_MONITOR using AnimationFrameRateController - https://bugs.webkit.org/show_bug.cgi?id=81000 - - Enable WTF_USE_REQUEST_ANIMATION_FRAME_DISPLAY_MONITOR for BlackBerry. - - Reviewed by Antonio Gomes. - - * wtf/Platform.h: - -2012-03-13 Filip Pizlo - - ValueToInt32 speculation will cause OSR exits even when it does not have to - https://bugs.webkit.org/show_bug.cgi?id=81068 - - - Reviewed by Anders Carlsson. - - Two related changes: - 1) ValueToInt32 will now always just defer to the non-speculative path, instead - of exiting, if it doesn't know what speculations to perform. - 2) ValueToInt32 will speculate boolean if it sees this to be profitable. - - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::execute): - * dfg/DFGNode.h: - (JSC::DFG::Node::shouldSpeculateBoolean): - (Node): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compileValueToInt32): - -2012-03-13 Mark Hahnenberg - - More Windows build fixing - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - -2012-03-13 Mark Hahnenberg - - Windows build fix - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - -2012-03-13 Mark Hahnenberg - - Type conversion of exponential part failed - https://bugs.webkit.org/show_bug.cgi?id=80673 - - Reviewed by Geoffrey Garen. - - * parser/Lexer.cpp: - (JSC::::lex): - * runtime/JSGlobalObjectFunctions.cpp: - (JSC::parseInt): - (JSC): - (JSC::jsStrDecimalLiteral): Added another template argument that exposes whether or not - we accept trailing junk to clients of jsStrDecimalLiteral. Also added additional template - parameter for strtod to allow trailing spaces. - (JSC::toDouble): - (JSC::parseFloat): Accept trailing junk, as per the ECMA 262 spec (15.1.2.3). - * runtime/LiteralParser.cpp: - (JSC::::Lexer::lexNumber): - * tests/mozilla/expected.html: Update the expected page for run-javascriptcore-tests so that - we will run ecma/TypeConversion/9.3.1-3.js as a regression test now. - * wtf/dtoa.cpp: - (WTF): - (WTF::strtod): We also needed to sometimes accept trailing spaces to pass a few other tests that were - broken by changing the default allowance of trailing junk in jsStrDecimalLiteral. - * wtf/dtoa.h: - * wtf/dtoa/double-conversion.cc: When the AdvanceToNonspace function was lifted out of the - Chromium codebase, the person porting it only thought to check for spaces when skipping whitespace. - A few of our JSC tests check for other types of trailing whitespace, so I've added checks for those - here to cover those cases (horizontal tab, vertical tab, carriage return, form feed, and line feed). - * wtf/text/WTFString.cpp: - (WTF::toDoubleType): Disallow trailing spaces, as this breaks form input verification stuff. - -2012-03-13 Filip Pizlo - - Unreviewed, build fix since is_pod<> includes some header that I didn't know about. - Removing the assert for now. - - * dfg/DFGOperations.h: - * llint/LLIntSlowPaths.h: - -2012-03-13 Filip Pizlo - - Functions with C linkage should return POD types - https://bugs.webkit.org/show_bug.cgi?id=81061 - - Reviewed by Mark Rowe. - - * dfg/DFGOperations.h: - * llint/LLIntSlowPaths.h: - (LLInt): - (SlowPathReturnType): - (JSC::LLInt::encodeResult): - -2012-03-13 Filip Pizlo - - Loads from UInt32Arrays should not result in a double up-convert if it isn't necessary - https://bugs.webkit.org/show_bug.cgi?id=80979 - - - Reviewed by Oliver Hunt. - - Also improved DFG IR dumping to include type information in a somewhat more - intuitive way. - - * bytecode/PredictedType.cpp: - (JSC::predictionToAbbreviatedString): - (JSC): - * bytecode/PredictedType.h: - (JSC): - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::execute): - * dfg/DFGGraph.cpp: - (JSC::DFG::Graph::dump): - * dfg/DFGPredictionPropagationPhase.cpp: - (JSC::DFG::PredictionPropagationPhase::propagate): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber): - (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck): - -2012-03-13 George Staikos - - The callback is only used if SA_RESTART is defined. Compile it out - otherwise to avoid a warning. - https://bugs.webkit.org/show_bug.cgi?id=80926 - - Reviewed by Alexey Proskuryakov. - - * heap/MachineStackMarker.cpp: - (JSC): - -2012-03-13 Hojong Han - - Dump the generated code for ARM_TRADITIONAL - https://bugs.webkit.org/show_bug.cgi?id=80975 - - Reviewed by Gavin Barraclough. - - * assembler/LinkBuffer.h: - (JSC::LinkBuffer::dumpCode): - -2012-03-13 Adam Barth && Benjamin Poulain - - Always enable ENABLE(CLIENT_BASED_GEOLOCATION) - https://bugs.webkit.org/show_bug.cgi?id=78853 - - Reviewed by Adam Barth. - - * Configurations/FeatureDefines.xcconfig: - * wtf/Platform.h: - -2012-03-13 Kwonjin Jeong - - Remove SlotVisitor::copy() method. - https://bugs.webkit.org/show_bug.cgi?id=80973 - - Reviewed by Geoffrey Garen. - - SlotVisitor::copy() method isn't called anywhere. - - * heap/MarkStack.cpp: Remove definition of SlotVisitor::copy() method. - * heap/SlotVisitor.h: Remove declaration of SlotVisitor::copy() method. - -2012-03-12 Hojong Han - - Fix test cases for RegExp multiline - https://bugs.webkit.org/show_bug.cgi?id=80822 - - Reviewed by Gavin Barraclough. - - * tests/mozilla/js1_2/regexp/RegExp_multiline.js: - * tests/mozilla/js1_2/regexp/RegExp_multiline_as_array.js: - * tests/mozilla/js1_2/regexp/beginLine.js: - * tests/mozilla/js1_2/regexp/endLine.js: - -2012-03-12 Filip Pizlo - - Arithmetic use inference should be procedure-global and should run in tandem - with type propagation - https://bugs.webkit.org/show_bug.cgi?id=80819 - - - Reviewed by Gavin Barraclough. - - * CMakeLists.txt: - * GNUmakefile.list.am: - * JavaScriptCore.xcodeproj/project.pbxproj: - * Target.pri: - * dfg/DFGArithNodeFlagsInferencePhase.cpp: Removed. - * dfg/DFGArithNodeFlagsInferencePhase.h: Removed. - * dfg/DFGDriver.cpp: - (JSC::DFG::compile): - * dfg/DFGPredictionPropagationPhase.cpp: - (JSC::DFG::PredictionPropagationPhase::isNotNegZero): - (PredictionPropagationPhase): - (JSC::DFG::PredictionPropagationPhase::isNotZero): - (JSC::DFG::PredictionPropagationPhase::propagate): - (JSC::DFG::PredictionPropagationPhase::mergeDefaultArithFlags): - * dfg/DFGVariableAccessData.h: - (JSC::DFG::VariableAccessData::VariableAccessData): - (JSC::DFG::VariableAccessData::flags): - (VariableAccessData): - (JSC::DFG::VariableAccessData::mergeFlags): - -2012-03-12 Filip Pizlo - - Node::op and Node::flags should be private - https://bugs.webkit.org/show_bug.cgi?id=80824 - - - Reviewed by Gavin Barraclough. - - * CMakeLists.txt: - * GNUmakefile.list.am: - * JavaScriptCore.xcodeproj/project.pbxproj: - * Target.pri: - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::initialize): - (JSC::DFG::AbstractState::execute): - (JSC::DFG::AbstractState::mergeStateAtTail): - (JSC::DFG::AbstractState::mergeToSuccessors): - * dfg/DFGArithNodeFlagsInferencePhase.cpp: - (JSC::DFG::ArithNodeFlagsInferencePhase::propagate): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::injectLazyOperandPrediction): - (JSC::DFG::ByteCodeParser::getLocal): - (JSC::DFG::ByteCodeParser::getArgument): - (JSC::DFG::ByteCodeParser::flushArgument): - (JSC::DFG::ByteCodeParser::toInt32): - (JSC::DFG::ByteCodeParser::isJSConstant): - (JSC::DFG::ByteCodeParser::makeSafe): - (JSC::DFG::ByteCodeParser::makeDivSafe): - (JSC::DFG::ByteCodeParser::handleInlining): - (JSC::DFG::ByteCodeParser::parseBlock): - (JSC::DFG::ByteCodeParser::processPhiStack): - (JSC::DFG::ByteCodeParser::linkBlock): - * dfg/DFGCFAPhase.cpp: - (JSC::DFG::CFAPhase::performBlockCFA): - * dfg/DFGCSEPhase.cpp: - (JSC::DFG::CSEPhase::canonicalize): - (JSC::DFG::CSEPhase::endIndexForPureCSE): - (JSC::DFG::CSEPhase::pureCSE): - (JSC::DFG::CSEPhase::byValIsPure): - (JSC::DFG::CSEPhase::clobbersWorld): - (JSC::DFG::CSEPhase::impureCSE): - (JSC::DFG::CSEPhase::globalVarLoadElimination): - (JSC::DFG::CSEPhase::getByValLoadElimination): - (JSC::DFG::CSEPhase::checkFunctionElimination): - (JSC::DFG::CSEPhase::checkStructureLoadElimination): - (JSC::DFG::CSEPhase::getByOffsetLoadElimination): - (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination): - (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination): - (JSC::DFG::CSEPhase::getScopeChainLoadElimination): - (JSC::DFG::CSEPhase::performNodeCSE): - * dfg/DFGGraph.cpp: - (JSC::DFG::Graph::dump): - (DFG): - * dfg/DFGGraph.h: - (JSC::DFG::Graph::addShouldSpeculateInteger): - (JSC::DFG::Graph::negateShouldSpeculateInteger): - (JSC::DFG::Graph::methodOfGettingAValueProfileFor): - * dfg/DFGNode.cpp: Removed. - * dfg/DFGNode.h: - (DFG): - (JSC::DFG::Node::Node): - (Node): - (JSC::DFG::Node::op): - (JSC::DFG::Node::flags): - (JSC::DFG::Node::setOp): - (JSC::DFG::Node::setFlags): - (JSC::DFG::Node::mergeFlags): - (JSC::DFG::Node::filterFlags): - (JSC::DFG::Node::clearFlags): - (JSC::DFG::Node::setOpAndDefaultFlags): - (JSC::DFG::Node::mustGenerate): - (JSC::DFG::Node::isConstant): - (JSC::DFG::Node::isWeakConstant): - (JSC::DFG::Node::valueOfJSConstant): - (JSC::DFG::Node::hasVariableAccessData): - (JSC::DFG::Node::hasIdentifier): - (JSC::DFG::Node::resolveGlobalDataIndex): - (JSC::DFG::Node::hasArithNodeFlags): - (JSC::DFG::Node::arithNodeFlags): - (JSC::DFG::Node::setArithNodeFlag): - (JSC::DFG::Node::mergeArithNodeFlags): - (JSC::DFG::Node::hasConstantBuffer): - (JSC::DFG::Node::hasRegexpIndex): - (JSC::DFG::Node::hasVarNumber): - (JSC::DFG::Node::hasScopeChainDepth): - (JSC::DFG::Node::hasResult): - (JSC::DFG::Node::hasInt32Result): - (JSC::DFG::Node::hasNumberResult): - (JSC::DFG::Node::hasJSResult): - (JSC::DFG::Node::hasBooleanResult): - (JSC::DFG::Node::isJump): - (JSC::DFG::Node::isBranch): - (JSC::DFG::Node::isTerminal): - (JSC::DFG::Node::hasHeapPrediction): - (JSC::DFG::Node::hasFunctionCheckData): - (JSC::DFG::Node::hasStructureTransitionData): - (JSC::DFG::Node::hasStructureSet): - (JSC::DFG::Node::hasStorageAccessData): - (JSC::DFG::Node::hasFunctionDeclIndex): - (JSC::DFG::Node::hasFunctionExprIndex): - (JSC::DFG::Node::child1): - (JSC::DFG::Node::child2): - (JSC::DFG::Node::child3): - (JSC::DFG::Node::firstChild): - (JSC::DFG::Node::numChildren): - * dfg/DFGNodeFlags.cpp: Copied from Source/JavaScriptCore/dfg/DFGNode.cpp. - * dfg/DFGNodeFlags.h: Added. - (DFG): - (JSC::DFG::nodeUsedAsNumber): - (JSC::DFG::nodeCanTruncateInteger): - (JSC::DFG::nodeCanIgnoreNegativeZero): - (JSC::DFG::nodeMayOverflow): - (JSC::DFG::nodeCanSpeculateInteger): - * dfg/DFGNodeType.h: Added. - (DFG): - (JSC::DFG::defaultFlags): - * dfg/DFGPredictionPropagationPhase.cpp: - (JSC::DFG::PredictionPropagationPhase::propagate): - (JSC::DFG::PredictionPropagationPhase::vote): - (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting): - (JSC::DFG::PredictionPropagationPhase::fixupNode): - * dfg/DFGRedundantPhiEliminationPhase.cpp: - (JSC::DFG::RedundantPhiEliminationPhase::run): - (JSC::DFG::RedundantPhiEliminationPhase::replacePhiChild): - (JSC::DFG::RedundantPhiEliminationPhase::updateBlockVariableInformation): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::useChildren): - (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch): - (JSC::DFG::SpeculativeJIT::compileMovHint): - (JSC::DFG::SpeculativeJIT::compile): - (JSC::DFG::SpeculativeJIT::checkArgumentTypes): - (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): - (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber): - (JSC::DFG::SpeculativeJIT::compileAdd): - (JSC::DFG::SpeculativeJIT::compare): - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::emitCall): - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::emitCall): - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGVirtualRegisterAllocationPhase.cpp: - (JSC::DFG::VirtualRegisterAllocationPhase::run): - -2012-03-12 Laszlo Gombos - - Minor DataLog fixes - https://bugs.webkit.org/show_bug.cgi?id=80826 - - Reviewed by Andreas Kling. - - * bytecode/ExecutionCounter.cpp: - Do not include DataLog.h, it is not used. - - * jit/ExecutableAllocator.cpp: - Ditto. - - * wtf/DataLog.cpp: - (WTF::initializeLogFileOnce): - Add missing semi-colon to the code path where DATA_LOG_FILENAME is defined. - - * wtf/HashTable.cpp: - Include DataLog as it is used. - -2012-03-12 SangGyu Lee - - Integer overflow check code in arithmetic operation in classic interpreter - https://bugs.webkit.org/show_bug.cgi?id=80465 - - Reviewed by Gavin Barraclough. - - * interpreter/Interpreter.cpp: - (JSC::Interpreter::privateExecute): - -2012-03-12 Zeno Albisser - - [Qt][Mac] Build fails after enabling LLINT when JIT is disabled (r109863) - https://bugs.webkit.org/show_bug.cgi?id=80827 - - Qt on Mac uses OS(DARWIN) as well, but we do not want to enable LLINT. - - Reviewed by Simon Hausmann. - - * wtf/Platform.h: - -2012-03-12 Simon Hausmann - - Unreviewed prospective Qt/Mac build fix - - * runtime/JSGlobalData.cpp: use #USE(CF) instead of PLATFORM(MAC) to determine - whether to include CoreFoundation headers, used for JIT configuration in JSGlobalData - constructor. - -2012-03-12 Filip Pizlo - - All DFG nodes should have a mutable set of flags - https://bugs.webkit.org/show_bug.cgi?id=80779 - - - Reviewed by Gavin Barraclough. - - Got rid of NodeId, and placed all of the flags that distinguished NodeId - from NodeType into a separate Node::flags field. Combined what was previously - ArithNodeFlags into Node::flags. - - In the process of debugging, I found that the debug support in the virtual - register allocator was lacking, so I improved it. I also realized that the - virtual register allocator was assuming that the nodes in a basic block were - contiguous, which is no longer the case. So I fixed that. The fix also made - it natural to have more extreme assertions, so I added them. I suspect this - will make it easier to catch virtual register allocation bugs in the future. - - This is mostly performance neutral; if anything it looks like a slight - speed-up. - - This patch does leave some work for future refactorings; for example, Node::op - is unencapsulated. This was already the case, though now it feels even more - like it should be. I avoided doing that because this patch has already grown - way bigger than I wanted. - - Finally, this patch creates a DFGNode.cpp file and makes a slight effort to - move some unnecessarily inline stuff out of DFGNode.h. - - * CMakeLists.txt: - * GNUmakefile.list.am: - * JavaScriptCore.xcodeproj/project.pbxproj: - * Target.pri: - * dfg/DFGArithNodeFlagsInferencePhase.cpp: - (JSC::DFG::ArithNodeFlagsInferencePhase::propagate): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::addToGraph): - (JSC::DFG::ByteCodeParser::makeSafe): - (JSC::DFG::ByteCodeParser::makeDivSafe): - (JSC::DFG::ByteCodeParser::handleMinMax): - (JSC::DFG::ByteCodeParser::handleIntrinsic): - (JSC::DFG::ByteCodeParser::parseBlock): - * dfg/DFGCFAPhase.cpp: - (JSC::DFG::CFAPhase::performBlockCFA): - * dfg/DFGCSEPhase.cpp: - (JSC::DFG::CSEPhase::endIndexForPureCSE): - (JSC::DFG::CSEPhase::pureCSE): - (JSC::DFG::CSEPhase::clobbersWorld): - (JSC::DFG::CSEPhase::impureCSE): - (JSC::DFG::CSEPhase::setReplacement): - (JSC::DFG::CSEPhase::eliminate): - (JSC::DFG::CSEPhase::performNodeCSE): - (JSC::DFG::CSEPhase::performBlockCSE): - (CSEPhase): - * dfg/DFGGraph.cpp: - (JSC::DFG::Graph::opName): - (JSC::DFG::Graph::dump): - (DFG): - * dfg/DFGNode.cpp: Added. - (DFG): - (JSC::DFG::arithNodeFlagsAsString): - * dfg/DFGNode.h: - (DFG): - (JSC::DFG::nodeUsedAsNumber): - (JSC::DFG::nodeCanTruncateInteger): - (JSC::DFG::nodeCanIgnoreNegativeZero): - (JSC::DFG::nodeMayOverflow): - (JSC::DFG::nodeCanSpeculateInteger): - (JSC::DFG::defaultFlags): - (JSC::DFG::Node::Node): - (Node): - (JSC::DFG::Node::setOpAndDefaultFlags): - (JSC::DFG::Node::mustGenerate): - (JSC::DFG::Node::arithNodeFlags): - (JSC::DFG::Node::setArithNodeFlag): - (JSC::DFG::Node::mergeArithNodeFlags): - (JSC::DFG::Node::hasResult): - (JSC::DFG::Node::hasInt32Result): - (JSC::DFG::Node::hasNumberResult): - (JSC::DFG::Node::hasJSResult): - (JSC::DFG::Node::hasBooleanResult): - (JSC::DFG::Node::isJump): - (JSC::DFG::Node::isBranch): - (JSC::DFG::Node::isTerminal): - (JSC::DFG::Node::child1): - (JSC::DFG::Node::child2): - (JSC::DFG::Node::child3): - (JSC::DFG::Node::firstChild): - (JSC::DFG::Node::numChildren): - * dfg/DFGPredictionPropagationPhase.cpp: - (JSC::DFG::PredictionPropagationPhase::propagate): - (JSC::DFG::PredictionPropagationPhase::vote): - (JSC::DFG::PredictionPropagationPhase::fixupNode): - * dfg/DFGScoreBoard.h: - (ScoreBoard): - (JSC::DFG::ScoreBoard::~ScoreBoard): - (JSC::DFG::ScoreBoard::assertClear): - (JSC::DFG::ScoreBoard::use): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::useChildren): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGVirtualRegisterAllocationPhase.cpp: - (JSC::DFG::VirtualRegisterAllocationPhase::run): - -2012-03-10 Filip Pizlo - - LLInt should support JSVALUE64 - https://bugs.webkit.org/show_bug.cgi?id=79609 - - - Reviewed by Gavin Barraclough and Oliver Hunt. - - Ported the LLInt, which previously only worked on 32-bit, to 64-bit. This - patch moves a fair bit of code from LowLevelInterpreter32_64.asm to the common - file, LowLevelInterpreter.asm. About 1/3 of the LLInt did not have to be - specialized for value representation. - - Also made some minor changes to offlineasm and the slow-paths. - - * llint/LLIntData.cpp: - (JSC::LLInt::Data::performAssertions): - * llint/LLIntEntrypoints.cpp: - * llint/LLIntSlowPaths.cpp: - (LLInt): - (JSC::LLInt::llint_trace_value): - (JSC::LLInt::LLINT_SLOW_PATH_DECL): - (JSC::LLInt::jitCompileAndSetHeuristics): - * llint/LLIntSlowPaths.h: - (LLInt): - (SlowPathReturnType): - (JSC::LLInt::SlowPathReturnType::SlowPathReturnType): - (JSC::LLInt::encodeResult): - * llint/LLIntThunks.cpp: - * llint/LowLevelInterpreter.asm: - * llint/LowLevelInterpreter32_64.asm: - * llint/LowLevelInterpreter64.asm: - * offlineasm/armv7.rb: - * offlineasm/asm.rb: - * offlineasm/ast.rb: - * offlineasm/backends.rb: - * offlineasm/instructions.rb: - * offlineasm/parser.rb: - * offlineasm/registers.rb: - * offlineasm/transform.rb: - * offlineasm/x86.rb: - * wtf/Platform.h: - -2012-03-10 Yong Li - - Web Worker crashes with WX_EXCLUSIVE - https://bugs.webkit.org/show_bug.cgi?id=80532 - - Let each JS global object own a meta allocator - for WX_EXCLUSIVE to avoid conflicts from Web Worker. - Also fix a mutex leak in MetaAllocator's dtor. - - Reviewed by Filip Pizlo. - - * jit/ExecutableAllocator.cpp: - (JSC::DemandExecutableAllocator::DemandExecutableAllocator): - (JSC::DemandExecutableAllocator::~DemandExecutableAllocator): - (JSC::DemandExecutableAllocator::bytesAllocatedByAllAllocators): - (DemandExecutableAllocator): - (JSC::DemandExecutableAllocator::bytesCommittedByAllocactors): - (JSC::DemandExecutableAllocator::dumpProfileFromAllAllocators): - (JSC::DemandExecutableAllocator::allocateNewSpace): - (JSC::DemandExecutableAllocator::allocators): - (JSC::DemandExecutableAllocator::allocatorsMutex): - (JSC): - (JSC::ExecutableAllocator::initializeAllocator): - (JSC::ExecutableAllocator::ExecutableAllocator): - (JSC::ExecutableAllocator::underMemoryPressure): - (JSC::ExecutableAllocator::memoryPressureMultiplier): - (JSC::ExecutableAllocator::allocate): - (JSC::ExecutableAllocator::committedByteCount): - (JSC::ExecutableAllocator::dumpProfile): - * jit/ExecutableAllocator.h: - (JSC): - (ExecutableAllocator): - (JSC::ExecutableAllocator::allocator): - * wtf/MetaAllocator.h: - (WTF::MetaAllocator::~MetaAllocator): Finalize the spin lock. - * wtf/TCSpinLock.h: - (TCMalloc_SpinLock::Finalize): Add empty Finalize() to some implementations. - -2012-03-09 Gavin Barraclough - - Object.freeze broken on latest Nightly - https://bugs.webkit.org/show_bug.cgi?id=80577 - - Reviewed by Oliver Hunt. - - The problem here is that deleteProperty rejects deletion of prototype. - This is correct in most cases, however defineOwnPropery is presently - implemented internally to ensure the attributes change by deleting the - old property, and creating a new one. - - * runtime/JSFunction.cpp: - (JSC::JSFunction::deleteProperty): - - If deletePropery is called via defineOwnPropery, allow old prototype to be removed. - -2012-03-09 Gavin Barraclough - - Array.prototype.toLocaleString visits elements in wrong order under certain conditions - https://bugs.webkit.org/show_bug.cgi?id=80663 - - Reviewed by Michael Saboff. - - The bug here is actually that we're continuing to process the array after an exception - has been thrown, and that the second value throw is overriding the first. - - * runtime/ArrayPrototype.cpp: - (JSC::arrayProtoFuncToLocaleString): - -2012-03-09 Ryosuke Niwa - - WebKit compiled by gcc (Xcode 3.2.6) hangs while running DOM/Accessors.html - https://bugs.webkit.org/show_bug.cgi?id=80080 - - Reviewed by Filip Pizlo. - - * bytecode/SamplingTool.cpp: - (JSC::SamplingRegion::Locker::Locker): - (JSC::SamplingRegion::Locker::~Locker): - * bytecode/SamplingTool.h: - (JSC::SamplingRegion::exchangeCurrent): - * wtf/Atomics.h: - (WTF): - (WTF::weakCompareAndSwap): - (WTF::weakCompareAndSwapUIntPtr): - -2012-03-09 Gavin Barraclough - - REGRESSION: Date.parse("Tue Nov 23 20:40:05 2010 GMT") returns NaN - https://bugs.webkit.org/show_bug.cgi?id=49989 - - Reviewed by Oliver Hunt. - - Patch originally by chris reiss , - allow the year to appear before the timezone in date strings. - - * wtf/DateMath.cpp: - (WTF::parseDateFromNullTerminatedCharacters): - -2012-03-09 Mark Rowe - - Ensure that the WTF headers are copied at installhdrs time. - - Reviewed by Dan Bernstein and Jessie Berlin. - - * Configurations/JavaScriptCore.xcconfig: Set INSTALLHDRS_SCRIPT_PHASE = YES - so that our script phases are invoked at installhdrs time. The only one that - does any useful work at that time is the one that installs WTF headers. - -2012-03-09 Jon Lee - - Add support for ENABLE(LEGACY_NOTIFICATIONS) - https://bugs.webkit.org/show_bug.cgi?id=80497 - - Reviewed by Adam Barth. - - Prep for b80472: Update API for Web Notifications - * Configurations/FeatureDefines.xcconfig: - -2012-03-09 Ashod Nakashian - - Bash scripts should support LF endings only - https://bugs.webkit.org/show_bug.cgi?id=79509 - - Reviewed by David Kilzer. - - * gyp/generate-derived-sources.sh: Added property svn:eol-style. - * gyp/run-if-exists.sh: Added property svn:eol-style. - * gyp/update-info-plist.sh: Added property svn:eol-style. - -2012-03-09 Jessie Berlin - - Windows debug build fix. - - * assembler/MacroAssembler.h: - (JSC::MacroAssembler::shouldBlind): - Fix unreachable code warnings (which we treat as errors). - -2012-03-09 Thouraya ANDOLSI - - Reviewed by Zoltan Herczeg. - - [Qt] Fix the SH4 build after r109834 - https://bugs.webkit.org/show_bug.cgi?id=80492 - - * assembler/MacroAssemblerSH4.h: - (JSC::MacroAssemblerSH4::branchAdd32): - (JSC::MacroAssemblerSH4::branchSub32): - -2012-03-09 Andy Wingo - - Refactor code feature analysis in the parser - https://bugs.webkit.org/show_bug.cgi?id=79112 - - Reviewed by Geoffrey Garen. - - This commit refactors the parser to more uniformly propagate flag - bits down and up the parse process, as the parser descends and - returns into nested blocks. Some flags get passed town to - subscopes, some apply to specific scopes only, and some get - unioned up after parsing subscopes. - - The goal is to eventually be very precise with scoping - information, once we have block scopes: one block scope might use - `eval', which would require the emission of a symbol table within - that block and containing blocks, whereas another block in the - same function might not, allowing us to not emit a symbol table. - - * parser/Nodes.h: - (JSC::ScopeFlags): Rename from CodeFeatures. - (JSC::ScopeNode::addScopeFlags): - (JSC::ScopeNode::scopeFlags): New accessors for m_scopeFlags. - (JSC::ScopeNode::isStrictMode): - (JSC::ScopeNode::usesEval): - (JSC::ScopeNode::usesArguments): - (JSC::ScopeNode::setUsesArguments): - (JSC::ScopeNode::usesThis): - (JSC::ScopeNode::needsActivationForMoreThanVariables): - (JSC::ScopeNode::needsActivation): Refactor these accessors to - operate on the m_scopeFlags member. - (JSC::ScopeNode::source): - (JSC::ScopeNode::sourceURL): - (JSC::ScopeNode::sourceID): Shuffle these definitions around; no - semantic change. - (JSC::ScopeNode::ScopeNode) - (JSC::ProgramNode::ProgramNode) - (JSC::EvalNode::EvalNode) - (JSC::FunctionBodyNode::FunctionBodyNode): Have these constructors - take a ScopeFlags as an argument, instead of a bool inStrictContext. - - * parser/Nodes.cpp: - (JSC::ScopeNode::ScopeNode): - (JSC::ProgramNode::ProgramNode): - (JSC::ProgramNode::create): - (JSC::EvalNode::EvalNode): - (JSC::EvalNode::create): - (JSC::FunctionBodyNode::FunctionBodyNode): - (JSC::FunctionBodyNode::create): Adapt constructors to change. - - * parser/ASTBuilder.h: - (JSC::ASTBuilder::ASTBuilder): - (JSC::ASTBuilder::thisExpr): - (JSC::ASTBuilder::createResolve): - (JSC::ASTBuilder::createFunctionBody): - (JSC::ASTBuilder::createFuncDeclStatement): - (JSC::ASTBuilder::createTryStatement): - (JSC::ASTBuilder::createWithStatement): - (JSC::ASTBuilder::addVar): - (JSC::ASTBuilder::Scope::Scope): - (Scope): - (ASTBuilder): - (JSC::ASTBuilder::makeFunctionCallNode): Don't track scope - features here. Instead rely on the base Parser mechanism to track - features. - - * parser/NodeInfo.h (NodeInfo, NodeDeclarationInfo): "ScopeFlags". - - * parser/Parser.h: - (JSC::Scope::Scope): Manage scope through flags, not - bit-booleans. This lets us uniformly propagate them up and down. - (JSC::Scope::declareWrite): - (JSC::Scope::declareParameter): - (JSC::Scope::useVariable): - (JSC::Scope::collectFreeVariables): - (JSC::Scope::getCapturedVariables): - (JSC::Scope::saveFunctionInfo): - (JSC::Scope::restoreFunctionInfo): - (JSC::Parser::pushScope): Adapt to use scope flags and their - accessors instead of bit-booleans. - * parser/Parser.cpp: - (JSC::::Parser): - (JSC::::parseInner): - (JSC::::didFinishParsing): - (JSC::::parseSourceElements): - (JSC::::parseVarDeclarationList): - (JSC::::parseConstDeclarationList): - (JSC::::parseWithStatement): - (JSC::::parseTryStatement): - (JSC::::parseFunctionBody): - (JSC::::parseFunctionInfo): - (JSC::::parseFunctionDeclaration): - (JSC::::parsePrimaryExpression): Hoist some of the flag handling - out of the "context" (ASTBuilder or SyntaxChecker) and to here. - Does not seem to have a performance impact. - - * parser/SourceProviderCacheItem.h (SourceProviderCacheItem): - Cache the scopeflags. - * parser/SyntaxChecker.h: Remove evalCount() decl. - - * runtime/Executable.cpp: - (JSC::EvalExecutable::compileInternal): - (JSC::ProgramExecutable::compileInternal): - (JSC::FunctionExecutable::produceCodeBlockFor): - * runtime/Executable.h: - (JSC::ScriptExecutable::ScriptExecutable): - (JSC::ScriptExecutable::usesEval): - (JSC::ScriptExecutable::usesArguments): - (JSC::ScriptExecutable::needsActivation): - (JSC::ScriptExecutable::isStrictMode): - (JSC::ScriptExecutable::recordParse): - (ScriptExecutable): ScopeFlags, not features. - -2012-03-08 Benjamin Poulain - - Build fix for MSVC after r110266 - - Unreviewed. A #ifdef for MSVC was left over in r110266. - - * runtime/RegExpObject.h: - (RegExpObject): - -2012-03-08 Benjamin Poulain - - Allocate the RegExpObject's data with the Cell - https://bugs.webkit.org/show_bug.cgi?id=80654 - - Reviewed by Gavin Barraclough. - - This patch removes the creation of RegExpObject's data to avoid the overhead - create by the allocation and destruction. - - We RegExp are created repeatedly, this provides some performance improvment. - The PeaceKeeper test stringDetectBrowser improves by 10%. - - * runtime/RegExpObject.cpp: - (JSC::RegExpObject::RegExpObject): - (JSC::RegExpObject::visitChildren): - (JSC::RegExpObject::getOwnPropertyDescriptor): - (JSC::RegExpObject::defineOwnProperty): - (JSC::RegExpObject::match): - * runtime/RegExpObject.h: - (JSC::RegExpObject::setRegExp): - (JSC::RegExpObject::regExp): - (JSC::RegExpObject::setLastIndex): - (JSC::RegExpObject::getLastIndex): - (RegExpObject): - -2012-03-08 Steve Falkenburg - - Separate WTF parts of JavaScriptCoreGenerated into WTFGenerated for Windows build - https://bugs.webkit.org/show_bug.cgi?id=80657 - - Preparation for WTF separation from JavaScriptCore. - The "Generated" vcproj files on Windows are necessary so Visual Studio can calculate correct - dependencies for generated files. - - This also removes the PGO build targets from the WTF code, since we can't build instrumentation/optimization - versions of the WTF code independent of the JavaScriptCore code. - - Reviewed by Jessie Berlin. - - * JavaScriptCore.vcproj/JavaScriptCore.sln: Add WTFGenerated, update dependent projects. - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make: Removed WTF specific parts. - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj: Removed WTF specific parts. - * JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh: Removed WTF specific parts. - * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: Removed WTF specific parts. - * JavaScriptCore.vcproj/JavaScriptCore/work-around-vs-dependency-tracking-bugs.py: Removed. - * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: Add WTFGenerated, update dependent projects. - * JavaScriptCore.vcproj/WTF/WTF.vcproj: Remove PGO targets from WTF. - * JavaScriptCore.vcproj/WTF/WTFGenerated.make: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make. - * JavaScriptCore.vcproj/WTF/WTFGenerated.vcproj: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj. - * JavaScriptCore.vcproj/WTF/WTFGeneratedCommon.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedCommon.vsprops. - * JavaScriptCore.vcproj/WTF/WTFGeneratedDebug.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebug.vsprops. - * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugAll.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugAll.vsprops. - * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugCairoCFLite.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugCairoCFLite.vsprops. - * JavaScriptCore.vcproj/WTF/WTFGeneratedProduction.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedProduction.vsprops. - * JavaScriptCore.vcproj/WTF/WTFGeneratedRelease.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedRelease.vsprops. - * JavaScriptCore.vcproj/WTF/WTFGeneratedReleaseCairoCFLite.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleaseCairoCFLite.vsprops. - * JavaScriptCore.vcproj/WTF/WTFReleasePGO.vsprops: Removed. - * JavaScriptCore.vcproj/WTF/build-generated-files.sh: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh. - * JavaScriptCore.vcproj/WTF/copy-files.cmd: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd. - * JavaScriptCore.vcproj/WTF/work-around-vs-dependency-tracking-bugs.py: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/work-around-vs-dependency-tracking-bugs.py. - -2012-03-08 Benjamin Poulain - - Fix the build of WebKit with WTFURL following the removal of ForwardingHeaders/wtf - https://bugs.webkit.org/show_bug.cgi?id=80652 - - Reviewed by Eric Seidel. - - Fix the header, URLSegments.h is not part of the API. - - * wtf/url/api/ParsedURL.h: - -2012-03-08 Ryosuke Niwa - - Mac build fix for micro data API. - - * Configurations/FeatureDefines.xcconfig: - -2012-03-08 Gavin Barraclough - - String.prototype.match and replace do not clear global regexp lastIndex per ES5.1 15.5.4.10 - https://bugs.webkit.org/show_bug.cgi?id=26890 - - Reviewed by Oliver Hunt. - - Per 15.10.6.2 step 9.a.1 called via the action of the last iteration of 15.5.4.10 8.f.i. - - * runtime/StringPrototype.cpp: - (JSC::replaceUsingRegExpSearch): - (JSC::stringProtoFuncMatch): - - added calls to setLastIndex. - -2012-03-08 Matt Lilek - - Don't enable VIDEO_TRACK on all OS X platforms - https://bugs.webkit.org/show_bug.cgi?id=80635 - - Reviewed by Eric Carlson. - - * Configurations/FeatureDefines.xcconfig: - -2012-03-08 Oliver Hunt - - Build fix. That day is not today. - - * assembler/MacroAssembler.h: - (JSC::MacroAssembler::shouldBlind): - * assembler/MacroAssemblerX86Common.h: - (MacroAssemblerX86Common): - (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch): - -2012-03-08 Oliver Hunt - - Build fix. One of these days I'll manage to commit something that works everywhere. - - * assembler/AbstractMacroAssembler.h: - (AbstractMacroAssembler): - * assembler/MacroAssemblerARMv7.h: - (MacroAssemblerARMv7): - * assembler/MacroAssemblerX86Common.h: - (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch): - (MacroAssemblerX86Common): - -2012-03-08 Chao-ying Fu - - Update MIPS patchOffsetGetByIdSlowCaseCall - https://bugs.webkit.org/show_bug.cgi?id=80302 - - Reviewed by Oliver Hunt. - - * jit/JIT.h: - (JIT): - -2012-03-08 Oliver Hunt - - Missing some places where we should be blinding 64bit values (and blinding something we shouldn't) - https://bugs.webkit.org/show_bug.cgi?id=80633 - - Reviewed by Gavin Barraclough. - - Add 64-bit trap for shouldBlindForSpecificArch, so that we always blind - if there isn't a machine specific implementation (otherwise the 64bit value - got truncated and 32bit checks were used -- leaving 32bits untested). - Also add a bit of logic to ensure that we don't try to blind a few common - constants that go through the ImmPtr paths -- encoded numeric JSValues and - unencoded doubles with common "safe" values. - - * assembler/AbstractMacroAssembler.h: - (JSC::AbstractMacroAssembler::shouldBlindForSpecificArch): - * assembler/MacroAssembler.h: - (JSC::MacroAssembler::shouldBlindDouble): - (MacroAssembler): - (JSC::MacroAssembler::shouldBlind): - * assembler/MacroAssemblerX86Common.h: - (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch): - -2012-03-08 Mark Rowe - - Ensure that the staged frameworks path is in the search path for JavaScriptCore - - Reviewed by Dan Bernstein. - - * Configurations/Base.xcconfig: - -2012-03-08 Steve Falkenburg - - Fix line endings for copy-files.cmd. - - If a cmd file doesn't have Windows line endings, it doesn't work properly. - In this case, the label :clean wasn't found, breaking the clean build. - - Reviewed by Jessie Berlin. - - * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: - -2012-03-07 Filip Pizlo - - DFG CFA incorrectly handles ValueToInt32 - https://bugs.webkit.org/show_bug.cgi?id=80568 - - Reviewed by Gavin Barraclough. - - Changed it match exactly the decision pattern used in - DFG::SpeculativeJIT::compileValueToInt32 - - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::execute): - -2012-03-08 Viatcheslav Ostapenko - - [Qt] [WK2] Webkit fails to link when compiled with force_static_libs_as_shared - https://bugs.webkit.org/show_bug.cgi?id=80524 - - Reviewed by Simon Hausmann. - - Move IdentifierTable methods defintion to WTFThreadData.cpp to fix linking - of WTF library. - - * runtime/Identifier.cpp: - * wtf/WTFThreadData.cpp: - (JSC): - (JSC::IdentifierTable::~IdentifierTable): - (JSC::IdentifierTable::add): - -2012-03-08 Filip Pizlo - - DFG instruction count threshold should be lifted to 10000 - https://bugs.webkit.org/show_bug.cgi?id=80579 - - Reviewed by Gavin Barraclough. - - * runtime/Options.cpp: - (JSC::Options::initializeOptions): - -2012-03-07 Filip Pizlo - - Incorrect tracking of abstract values of variables forced double - https://bugs.webkit.org/show_bug.cgi?id=80566 - - - Reviewed by Gavin Barraclough. - - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::mergeStateAtTail): - -2012-03-07 Chao-yng Fu - - [Qt] Fix the MIPS/SH4 build after r109834 - https://bugs.webkit.org/show_bug.cgi?id=80492 - - Reviewed by Oliver Hunt. - - Implement three-argument branch(Add,Sub)32. - - * assembler/MacroAssemblerMIPS.h: - (JSC::MacroAssemblerMIPS::add32): - (MacroAssemblerMIPS): - (JSC::MacroAssemblerMIPS::sub32): - (JSC::MacroAssemblerMIPS::branchAdd32): - (JSC::MacroAssemblerMIPS::branchSub32): - -2012-03-07 Sheriff Bot - - Unreviewed, rolling out r110127. - http://trac.webkit.org/changeset/110127 - https://bugs.webkit.org/show_bug.cgi?id=80562 - - compile failed on AppleWin (Requested by ukai on #webkit). - - * heap/Heap.cpp: - (JSC::Heap::collectAllGarbage): - * heap/Heap.h: - (JSC): - (Heap): - * runtime/Executable.cpp: - (JSC::FunctionExecutable::FunctionExecutable): - (JSC::FunctionExecutable::finalize): - * runtime/Executable.h: - (FunctionExecutable): - (JSC::FunctionExecutable::create): - * runtime/JSGlobalData.cpp: - (WTF): - (Recompiler): - (WTF::Recompiler::operator()): - (JSC::JSGlobalData::recompileAllJSFunctions): - (JSC): - * runtime/JSGlobalData.h: - (JSGlobalData): - * runtime/JSGlobalObject.cpp: - (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope): - -2012-03-07 Hojong Han - - The end atom of the marked block considered to filter invalid cells - https://bugs.webkit.org/show_bug.cgi?id=79191 - - Reviewed by Geoffrey Garen. - - Register file could have stale pointers beyond the end atom of marked block. - Those pointers can weasel out of filtering in-middle-of-cell pointer. - - * heap/MarkedBlock.h: - (JSC::MarkedBlock::isLiveCell): - -2012-03-07 Jessie Berlin - - Clean Windows build fails after r110033 - https://bugs.webkit.org/show_bug.cgi?id=80553 - - Rubber-stamped by Jon Honeycutt and Eric Seidel. - - * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: - Place the implementation files next to their header files in the wtf/text subdirectory. - Use echo -F to tell xcopy that these are files (since there is apparently no flag). - * JavaScriptCore.vcproj/jsc/jsc.vcproj: - Update the path to those implementation files. - * JavaScriptCore.vcproj/testRegExp/testRegExp.vcproj: - Ditto. - -2012-03-07 Yuqiang Xian - - Eliminate redundant Phis in DFG - https://bugs.webkit.org/show_bug.cgi?id=80415 - - Reviewed by Filip Pizlo. - - Although this may not have any advantage at current stage, this is towards - minimal SSA to make more high level optimizations (like bug 76770) easier. - We have the choices either to build minimal SSA from scratch or to - keep current simple Phi insertion mechanism and remove the redundancy - in another phase. Currently we choose the latter because the change - could be smaller. - - * CMakeLists.txt: - * GNUmakefile.list.am: - * JavaScriptCore.xcodeproj/project.pbxproj: - * Target.pri: - * dfg/DFGDriver.cpp: - (JSC::DFG::compile): - * dfg/DFGGraph.cpp: - (JSC::DFG::Graph::dump): - * dfg/DFGRedundantPhiEliminationPhase.cpp: Added. - (DFG): - (RedundantPhiEliminationPhase): - (JSC::DFG::RedundantPhiEliminationPhase::RedundantPhiEliminationPhase): - (JSC::DFG::RedundantPhiEliminationPhase::run): - (JSC::DFG::RedundantPhiEliminationPhase::getRedundantReplacement): - (JSC::DFG::RedundantPhiEliminationPhase::replacePhiChild): - (JSC::DFG::RedundantPhiEliminationPhase::fixupPhis): - (JSC::DFG::RedundantPhiEliminationPhase::updateBlockVariableInformation): - (JSC::DFG::performRedundantPhiElimination): - * dfg/DFGRedundantPhiEliminationPhase.h: Added. - (DFG): - -2012-03-07 Mark Hahnenberg - - Refactor recompileAllJSFunctions() to be less expensive - https://bugs.webkit.org/show_bug.cgi?id=80330 - - Reviewed by Geoffrey Garen. - - This change is performance neutral on the JS benchmarks we track. It's mostly to improve page - load performance, which currently does at least a couple full GCs per navigation. - - * heap/Heap.cpp: - (JSC::Heap::discardAllCompiledCode): Rename recompileAllJSFunctions to discardAllCompiledCode - because the function doesn't actually recompile anything (and never did); it simply throws code - away for it to be recompiled later if we determine we should do so. - (JSC): - (JSC::Heap::collectAllGarbage): - (JSC::Heap::addFunctionExecutable): Adds a newly created FunctionExecutable to the Heap's list. - (JSC::Heap::removeFunctionExecutable): Removes the specified FunctionExecutable from the Heap's list. - * heap/Heap.h: - (JSC): - (Heap): - * runtime/Executable.cpp: Added next and prev fields to FunctionExecutables so that they can - be used in DoublyLinkedLists. - (JSC::FunctionExecutable::FunctionExecutable): - (JSC::FunctionExecutable::finalize): Removes the FunctionExecutable from the Heap's list. - * runtime/Executable.h: - (FunctionExecutable): - (JSC::FunctionExecutable::create): Adds the FunctionExecutable to the Heap's list. - * runtime/JSGlobalData.cpp: Remove recompileAllJSFunctions, as it's the Heap's job to own and manage - the list of FunctionExecutables. - * runtime/JSGlobalData.h: - (JSGlobalData): - * runtime/JSGlobalObject.cpp: - (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope): Use the new discardAllCompiledCode. - -2012-03-06 Oliver Hunt - - Further harden 64-bit JIT - https://bugs.webkit.org/show_bug.cgi?id=80457 - - Reviewed by Filip Pizlo. - - This patch implements blinding for ImmPtr. Rather than xor based blinding - we perform randomised pointer rotations in order to avoid the significant - cost in executable memory that would otherwise be necessary (and to avoid - the need for an additional scratch register in some cases). - - As with the prior blinding patch there's a moderate amount of noise as we - correct the use of ImmPtr vs. TrustedImmPtr. - - * assembler/AbstractMacroAssembler.h: - (ImmPtr): - (JSC::AbstractMacroAssembler::ImmPtr::asTrustedImmPtr): - * assembler/MacroAssembler.h: - (MacroAssembler): - (JSC::MacroAssembler::storePtr): - (JSC::MacroAssembler::branchPtr): - (JSC::MacroAssembler::shouldBlind): - (JSC::MacroAssembler::RotatedImmPtr::RotatedImmPtr): - (RotatedImmPtr): - (JSC::MacroAssembler::rotationBlindConstant): - (JSC::MacroAssembler::loadRotationBlindedConstant): - (JSC::MacroAssembler::convertInt32ToDouble): - (JSC::MacroAssembler::move): - (JSC::MacroAssembler::poke): - * assembler/MacroAssemblerARMv7.h: - (JSC::MacroAssemblerARMv7::storeDouble): - (JSC::MacroAssemblerARMv7::branchAdd32): - * assembler/MacroAssemblerX86_64.h: - (MacroAssemblerX86_64): - (JSC::MacroAssemblerX86_64::rotateRightPtr): - (JSC::MacroAssemblerX86_64::xorPtr): - * assembler/X86Assembler.h: - (X86Assembler): - (JSC::X86Assembler::xorq_rm): - (JSC::X86Assembler::rorq_i8r): - * dfg/DFGCCallHelpers.h: - (CCallHelpers): - (JSC::DFG::CCallHelpers::setupArgumentsWithExecState): - * dfg/DFGOSRExitCompiler32_64.cpp: - (JSC::DFG::OSRExitCompiler::compileExit): - * dfg/DFGOSRExitCompiler64.cpp: - (JSC::DFG::OSRExitCompiler::compileExit): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::createOSREntries): - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::silentFillGPR): - (JSC::DFG::SpeculativeJIT::callOperation): - (JSC::DFG::SpeculativeJIT::emitEdgeCode): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::fillInteger): - (JSC::DFG::SpeculativeJIT::fillDouble): - (JSC::DFG::SpeculativeJIT::fillJSValue): - (JSC::DFG::SpeculativeJIT::emitCall): - (JSC::DFG::SpeculativeJIT::compileObjectEquality): - (JSC::DFG::SpeculativeJIT::compileLogicalNot): - (JSC::DFG::SpeculativeJIT::emitBranch): - * jit/JIT.cpp: - (JSC::JIT::emitOptimizationCheck): - * jit/JITArithmetic32_64.cpp: - (JSC::JIT::emitSlow_op_post_inc): - * jit/JITInlineMethods.h: - (JSC::JIT::emitValueProfilingSite): - (JSC::JIT::emitGetVirtualRegister): - * jit/JITOpcodes.cpp: - (JSC::JIT::emit_op_mov): - (JSC::JIT::emit_op_new_object): - (JSC::JIT::emit_op_strcat): - (JSC::JIT::emit_op_ensure_property_exists): - (JSC::JIT::emit_op_resolve_skip): - (JSC::JIT::emitSlow_op_resolve_global): - (JSC::JIT::emit_op_resolve_with_base): - (JSC::JIT::emit_op_resolve_with_this): - (JSC::JIT::emit_op_jmp_scopes): - (JSC::JIT::emit_op_switch_imm): - (JSC::JIT::emit_op_switch_char): - (JSC::JIT::emit_op_switch_string): - (JSC::JIT::emit_op_throw_reference_error): - (JSC::JIT::emit_op_debug): - (JSC::JIT::emitSlow_op_resolve_global_dynamic): - (JSC::JIT::emit_op_new_array): - (JSC::JIT::emitSlow_op_new_array): - (JSC::JIT::emit_op_new_array_buffer): - * jit/JITOpcodes32_64.cpp: - (JSC::JIT::emit_op_new_object): - (JSC::JIT::emit_op_strcat): - (JSC::JIT::emit_op_ensure_property_exists): - (JSC::JIT::emit_op_resolve_skip): - (JSC::JIT::emitSlow_op_resolve_global): - (JSC::JIT::emit_op_resolve_with_base): - (JSC::JIT::emit_op_resolve_with_this): - (JSC::JIT::emit_op_jmp_scopes): - (JSC::JIT::emit_op_switch_imm): - (JSC::JIT::emit_op_switch_char): - (JSC::JIT::emit_op_switch_string): - * jit/JITPropertyAccess32_64.cpp: - (JSC::JIT::emit_op_put_by_index): - * jit/JITStubCall.h: - (JITStubCall): - (JSC::JITStubCall::addArgument): - -2012-03-07 Simon Hausmann - - ARM build fix. - - Reviewed by Zoltan Herczeg. - - Implement three-argument branch(Add,Sub)32. - - * assembler/MacroAssemblerARM.h: - (JSC::MacroAssemblerARM::add32): - (MacroAssemblerARM): - (JSC::MacroAssemblerARM::sub32): - (JSC::MacroAssemblerARM::branchAdd32): - (JSC::MacroAssemblerARM::branchSub32): - -2012-03-07 Andy Wingo - - Parser: Inline ScopeNodeData into ScopeNode - https://bugs.webkit.org/show_bug.cgi?id=79776 - - Reviewed by Geoffrey Garen. - - It used to be that some ScopeNode members were kept in a separate - structure because sometimes they wouldn't be needed, and - allocating a ParserArena was expensive. This patch makes - ParserArena lazily allocate its IdentifierArena, allowing the - members to be included directly, which is simpler and easier to - reason about. - - * parser/ParserArena.cpp: - (JSC::ParserArena::ParserArena): - (JSC::ParserArena::reset): - (JSC::ParserArena::isEmpty): - * parser/ParserArena.h: - (JSC::ParserArena::identifierArena): Lazily allocate the - IdentifierArena. - - * parser/Nodes.cpp: - (JSC::ScopeNode::ScopeNode): - (JSC::ScopeNode::singleStatement): - (JSC::ProgramNode::create): - (JSC::EvalNode::create): - (JSC::FunctionBodyNode::create): - * parser/Nodes.h: - (JSC::ScopeNode::destroyData): - (JSC::ScopeNode::needsActivationForMoreThanVariables): - (JSC::ScopeNode::needsActivation): - (JSC::ScopeNode::hasCapturedVariables): - (JSC::ScopeNode::capturedVariableCount): - (JSC::ScopeNode::captures): - (JSC::ScopeNode::varStack): - (JSC::ScopeNode::functionStack): - (JSC::ScopeNode::neededConstants): - (ScopeNode): - * bytecompiler/NodesCodegen.cpp: - (JSC::ScopeNode::emitStatementsBytecode): Inline ScopeNodeData - into ScopeNode. Adapt accessors. - -2012-03-06 Eric Seidel - - Make WTF public headers use fully-qualified include paths and remove ForwardingHeaders/wtf - https://bugs.webkit.org/show_bug.cgi?id=80363 - - Reviewed by Mark Rowe. - - Historically WTF has been part of JavaScriptCore, and on Mac and Windows - its headers have appeared as part of the "private" headers exported by - JavaScriptCore. All of the WTF headers there are "flattened" into a single - private headers directory, and WebCore, WebKit and WebKit2 have used "ForwardingHeaders" - to re-map fully-qualified includes to simple includes. - - However, very soon, we are moving the WTF source code out of JavaScriptCore into its - own directory and project. As part of such, the WTF headers will no longer be part of - the JavaScriptCore private interfaces. - In preparation for that, this change makes both the Mac and Win builds export - WTF headers in a non-flattened manner. On Mac, that means into usr/local/include/wtf - (and subdirectories), on Windows for now that means JavaScriptCore/wtf (and subdirectories). - - There are 5 parts to this change. - 1. Updates the JavaScriptCore XCode and VCProj files to actually install these headers - (and header directories) into the appropriate places in the build directory. - 2. Updates JavaScriptCore.xcodeproj to look for these WTF headers in this install location - (WebCore, WebKit, etc. had already been taught to look in previous patches). - 3. Fixes all JavaScriptCore source files, and WTF headers to include WTF headers - using fully qualified paths. - 4. Stops the Mac and Win builds from installing these WTF headers in their old "flattened" location. - 5. Removes WebCore and WebKit ForwardingHeaders/wtf directories now that the flattened headers no longer exist. - - Unfortunately we see no way to do this change in smaller parts, since all of these steps are interdependant. - It is possible there are internal Apple projects which depend on JavaScriptCore/Foo.h working for WTF - headers, those will have to be updated to use after this change. - I've discussed this proposed change at length with Mark Rowe, and my understanding is they - are ready for (and interested in) this change happening. - - * API/tests/JSNode.c: - * API/tests/JSNodeList.c: - * Configurations/Base.xcconfig: - * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: - * JavaScriptCore.xcodeproj/project.pbxproj: - * assembler/MacroAssemblerCodeRef.h: - * bytecompiler/BytecodeGenerator.h: - * dfg/DFGOperations.cpp: - * heap/GCAssertions.h: - * heap/HandleHeap.h: - * heap/HandleStack.h: - * heap/MarkedSpace.h: - * heap/PassWeak.h: - * heap/Strong.h: - * heap/Weak.h: - * jit/HostCallReturnValue.cpp: - * jit/JIT.cpp: - * jit/JITStubs.cpp: - * jit/ThunkGenerators.cpp: - * parser/Lexer.cpp: - * runtime/Completion.cpp: - * runtime/Executable.cpp: - * runtime/Identifier.h: - * runtime/InitializeThreading.cpp: - * runtime/JSDateMath.cpp: - * runtime/JSGlobalObjectFunctions.cpp: - * runtime/JSStringBuilder.h: - * runtime/JSVariableObject.h: - * runtime/NumberPrototype.cpp: - * runtime/WriteBarrier.h: - * tools/CodeProfile.cpp: - * tools/TieredMMapArray.h: - * wtf/AVLTree.h: - * wtf/Alignment.h: - * wtf/AlwaysInline.h: - * wtf/ArrayBufferView.h: - * wtf/Assertions.h: - * wtf/Atomics.h: - * wtf/Bitmap.h: - * wtf/BoundsCheckedPointer.h: - * wtf/CheckedArithmetic.h: - * wtf/Deque.h: - * wtf/ExportMacros.h: - * wtf/FastAllocBase.h: - * wtf/FastMalloc.h: - * wtf/Float32Array.h: - * wtf/Float64Array.h: - * wtf/Functional.h: - * wtf/HashCountedSet.h: - * wtf/HashFunctions.h: - * wtf/HashMap.h: - * wtf/HashSet.h: - * wtf/HashTable.h: - * wtf/HashTraits.h: - * wtf/Int16Array.h: - * wtf/Int32Array.h: - * wtf/Int8Array.h: - * wtf/IntegralTypedArrayBase.h: - * wtf/ListHashSet.h: - * wtf/MainThread.h: - * wtf/MetaAllocator.h: - * wtf/Noncopyable.h: - * wtf/OwnArrayPtr.h: - * wtf/OwnPtr.h: - * wtf/PackedIntVector.h: - * wtf/ParallelJobs.h: - * wtf/PassOwnArrayPtr.h: - * wtf/PassOwnPtr.h: - * wtf/PassRefPtr.h: - * wtf/PassTraits.h: - * wtf/Platform.h: - * wtf/PossiblyNull.h: - * wtf/RefCounted.h: - * wtf/RefCountedLeakCounter.h: - * wtf/RefPtr.h: - * wtf/RetainPtr.h: - * wtf/SimpleStats.h: - * wtf/Spectrum.h: - * wtf/StdLibExtras.h: - * wtf/TCPageMap.h: - * wtf/TemporaryChange.h: - * wtf/ThreadSafeRefCounted.h: - * wtf/Threading.h: - * wtf/ThreadingPrimitives.h: - * wtf/TypeTraits.h: - * wtf/TypedArrayBase.h: - * wtf/Uint16Array.h: - * wtf/Uint32Array.h: - * wtf/Uint8Array.h: - * wtf/Uint8ClampedArray.h: - * wtf/UnusedParam.h: - * wtf/Vector.h: - * wtf/VectorTraits.h: - * wtf/dtoa/double-conversion.h: - * wtf/dtoa/utils.h: - * wtf/gobject/GRefPtr.h: - * wtf/gobject/GlibUtilities.h: - * wtf/text/AtomicString.h: - * wtf/text/AtomicStringImpl.h: - * wtf/text/CString.h: - * wtf/text/StringConcatenate.h: - * wtf/text/StringHash.h: - * wtf/text/WTFString.h: - * wtf/unicode/CharacterNames.h: - * wtf/unicode/UTF8.h: - * wtf/unicode/glib/UnicodeGLib.h: - * wtf/unicode/qt4/UnicodeQt4.h: - * wtf/unicode/wince/UnicodeWinCE.h: - * wtf/url/api/ParsedURL.h: - * wtf/url/api/URLString.h: - * wtf/wince/FastMallocWinCE.h: - * yarr/YarrJIT.cpp: - -2012-03-06 Gavin Barraclough - - Array.prototype functions should throw if delete fails - https://bugs.webkit.org/show_bug.cgi?id=80467 - - Reviewed by Oliver Hunt. - - All calls to [[Delete]] from Array.prototype are specified to pass 'true' as the value of Throw. - In the case of shift/unshift, these are also missing a throw from the 'put' in the implementations - in JSArray.cpp. There are effectively three copies of each of the generic shift/unshift routines, - one in splice, one in ArrayPrototype's shift/unshift methods, and one in JSArray's shift/unshift - routines, for handling arrays with holes. These three copies should be unified. - - * runtime/ArrayPrototype.cpp: - (JSC::shift): - (JSC::unshift): - - Added - shared copies of the shift/unshift functionality. - (JSC::arrayProtoFuncPop): - - should throw if the delete fails. - (JSC::arrayProtoFuncReverse): - - should throw if the delete fails. - (JSC::arrayProtoFuncShift): - (JSC::arrayProtoFuncSplice): - (JSC::arrayProtoFuncUnShift): - - use shift/unshift. - * runtime/JSArray.cpp: - (JSC::JSArray::shiftCount): - (JSC::JSArray::unshiftCount): - - Don't try to handle arrays with holes; return a value indicating - the generic routine should be used instead. - * runtime/JSArray.h: - - declaration for shiftCount/unshiftCount changed. - * tests/mozilla/js1_6/Array/regress-304828.js: - - this was asserting incorrect behaviour. - -2012-03-06 Raphael Kubo da Costa - - [CMake] Make the removal of transitive library dependencies work with CMake < 2.8.7. - https://bugs.webkit.org/show_bug.cgi?id=80469 - - Reviewed by Antonio Gomes. - - * CMakeLists.txt: Manually set the LINK_INTERFACE_LIBRARIES target - property on the library being created. - -2012-03-06 Yuqiang Xian - - DFG BasicBlock should group the Phi nodes together and separate them - from the other nodes - https://bugs.webkit.org/show_bug.cgi?id=80361 - - Reviewed by Filip Pizlo. - - This would make it more efficient to remove the redundant Phi nodes or - insert new Phi nodes for SSA, besides providing a cleaner BasicBlock structure. - This is performance neutral on SunSpider, V8 and Kraken. - - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::clobberStructures): - (JSC::DFG::AbstractState::dump): - * dfg/DFGBasicBlock.h: - (JSC::DFG::BasicBlock::BasicBlock): - (BasicBlock): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::addToGraph): - (JSC::DFG::ByteCodeParser::insertPhiNode): - * dfg/DFGCFAPhase.cpp: - (JSC::DFG::CFAPhase::performBlockCFA): - * dfg/DFGCSEPhase.cpp: - (JSC::DFG::CSEPhase::pureCSE): - (JSC::DFG::CSEPhase::impureCSE): - (JSC::DFG::CSEPhase::globalVarLoadElimination): - (JSC::DFG::CSEPhase::getByValLoadElimination): - (JSC::DFG::CSEPhase::checkFunctionElimination): - (JSC::DFG::CSEPhase::checkStructureLoadElimination): - (JSC::DFG::CSEPhase::getByOffsetLoadElimination): - (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination): - (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination): - (JSC::DFG::CSEPhase::getScopeChainLoadElimination): - (JSC::DFG::CSEPhase::performBlockCSE): - * dfg/DFGGraph.cpp: - (JSC::DFG::Graph::dump): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compile): - -2012-03-06 Mark Hahnenberg - - GCActivityCallback timer should vary with the length of the previous GC - https://bugs.webkit.org/show_bug.cgi?id=80344 - - Reviewed by Geoffrey Garen. - - * heap/Heap.cpp: Gave Heap the ability to keep track of the length of its last - GC length so that the GC Activity Callback can use it. - (JSC::Heap::Heap): - (JSC::Heap::collect): - * heap/Heap.h: - (JSC::Heap::lastGCLength): - (Heap): - * runtime/GCActivityCallbackCF.cpp: - (JSC): - (JSC::DefaultGCActivityCallback::operator()): Use the length of the Heap's last - GC to determine the length of our timer trigger (currently set at 100x the duration - of the last GC). - -2012-03-06 Rob Buis - - BlackBerry] Fix cast-align gcc warnings when compiling JSC - https://bugs.webkit.org/show_bug.cgi?id=80420 - - Reviewed by Gavin Barraclough. - - Fix warnings given in Blackberry build. - - * heap/CopiedBlock.h: - (JSC::CopiedBlock::CopiedBlock): - * wtf/RefCountedArray.h: - (WTF::RefCountedArray::Header::fromPayload): - -2012-03-06 Gavin Barraclough - - writable/configurable not respected for some properties of Function/String/Arguments - https://bugs.webkit.org/show_bug.cgi?id=80436 - - Reviewed by Oliver Hunt. - - Special properties should behave like regular properties. - - * runtime/Arguments.cpp: - (JSC::Arguments::defineOwnProperty): - - Mis-nested logic for making read-only properties non-live. - * runtime/JSFunction.cpp: - (JSC::JSFunction::put): - - arguments/length/caller are non-writable, non-configurable - reject appropriately. - (JSC::JSFunction::deleteProperty): - - Attempting to delete prototype/caller should fail. - (JSC::JSFunction::defineOwnProperty): - - Ensure prototype is reified on attempt to reify it. - - arguments/length/caller are non-writable, non-configurable - reject appropriately. - * runtime/JSFunction.h: - - added declaration for defineOwnProperty. - (JSFunction): - * runtime/StringObject.cpp: - (JSC::StringObject::put): - - length is non-writable, non-configurable - reject appropriately. - -2012-03-06 Ulan Degenbaev - - TypedArray subarray call for subarray does not clamp the end index parameter properly - https://bugs.webkit.org/show_bug.cgi?id=80285 - - Reviewed by Kenneth Russell. - - * wtf/ArrayBufferView.h: - (WTF::ArrayBufferView::calculateOffsetAndLength): - -2012-03-06 Sheriff Bot - - Unreviewed, rolling out r109837. - http://trac.webkit.org/changeset/109837 - https://bugs.webkit.org/show_bug.cgi?id=80399 - - breaks Mac Productions builds, too late to try and fix it - tonight (Requested by eseidel on #webkit). - - * API/tests/JSNode.c: - * API/tests/JSNodeList.c: - * Configurations/Base.xcconfig: - * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: - * JavaScriptCore.xcodeproj/project.pbxproj: - * assembler/MacroAssemblerCodeRef.h: - * bytecompiler/BytecodeGenerator.h: - * dfg/DFGOperations.cpp: - * heap/GCAssertions.h: - * heap/HandleHeap.h: - * heap/HandleStack.h: - * heap/MarkedSpace.h: - * heap/PassWeak.h: - * heap/Strong.h: - * heap/Weak.h: - * jit/HostCallReturnValue.cpp: - * jit/JIT.cpp: - * jit/JITStubs.cpp: - * jit/ThunkGenerators.cpp: - * parser/Lexer.cpp: - * runtime/Completion.cpp: - * runtime/Executable.cpp: - * runtime/Identifier.h: - * runtime/InitializeThreading.cpp: - * runtime/JSDateMath.cpp: - * runtime/JSGlobalObjectFunctions.cpp: - * runtime/JSStringBuilder.h: - * runtime/JSVariableObject.h: - * runtime/NumberPrototype.cpp: - * runtime/WriteBarrier.h: - * tools/CodeProfile.cpp: - * tools/TieredMMapArray.h: - * yarr/YarrJIT.cpp: - -2012-03-06 Zoltan Herczeg - - [Qt][ARM] Speculative buildfix after r109834. - - Reviewed by Csaba Osztrogonác. - - * assembler/MacroAssemblerARM.h: - (JSC::MacroAssemblerARM::and32): - (MacroAssemblerARM): - -2012-03-05 Gavin Barraclough - - Unreviewed windows build fix pt 2. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - -2012-03-05 Gavin Barraclough - - Unreviewed windows build fix pt 1. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - -2012-03-05 Gavin Barraclough - - putByIndex should throw in strict mode - https://bugs.webkit.org/show_bug.cgi?id=80335 - - Reviewed by Filip Pizlo. - - Make the MethodTable PutByIndex trap take a boolean 'shouldThrow' parameter. - - This is a largely mechanical change, simply adding an extra parameter to a number - of functions. Some call sites need perform additional exception checks, and - operationPutByValBeyondArrayBounds needs to know whether it is strict or not. - - This patch doesn't fix a missing throw from some cases of shift/unshift (this is - an existing bug), I'll follow up with a third patch to handle that. - - * API/JSObjectRef.cpp: - (JSObjectSetPropertyAtIndex): - * JSCTypedArrayStubs.h: - (JSC): - * dfg/DFGOperations.cpp: - (JSC::DFG::putByVal): - * dfg/DFGOperations.h: - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * interpreter/Interpreter.cpp: - (JSC::Interpreter::privateExecute): - * jit/JITStubs.cpp: - (JSC::DEFINE_STUB_FUNCTION): - * jsc.cpp: - (GlobalObject::finishCreation): - * llint/LLIntSlowPaths.cpp: - (JSC::LLInt::LLINT_SLOW_PATH_DECL): - * runtime/Arguments.cpp: - (JSC::Arguments::putByIndex): - * runtime/Arguments.h: - (Arguments): - * runtime/ArrayPrototype.cpp: - (JSC::arrayProtoFuncPush): - (JSC::arrayProtoFuncReverse): - (JSC::arrayProtoFuncShift): - (JSC::arrayProtoFuncSort): - (JSC::arrayProtoFuncSplice): - (JSC::arrayProtoFuncUnShift): - * runtime/ClassInfo.h: - (MethodTable): - * runtime/JSArray.cpp: - (JSC::SparseArrayValueMap::put): - (JSC::JSArray::put): - (JSC::JSArray::putByIndex): - (JSC::JSArray::putByIndexBeyondVectorLength): - (JSC::JSArray::push): - (JSC::JSArray::shiftCount): - (JSC::JSArray::unshiftCount): - * runtime/JSArray.h: - (SparseArrayValueMap): - (JSArray): - * runtime/JSByteArray.cpp: - (JSC::JSByteArray::putByIndex): - * runtime/JSByteArray.h: - (JSByteArray): - * runtime/JSCell.cpp: - (JSC::JSCell::putByIndex): - * runtime/JSCell.h: - (JSCell): - * runtime/JSNotAnObject.cpp: - (JSC::JSNotAnObject::putByIndex): - * runtime/JSNotAnObject.h: - (JSNotAnObject): - * runtime/JSONObject.cpp: - (JSC::Walker::walk): - * runtime/JSObject.cpp: - (JSC::JSObject::putByIndex): - * runtime/JSObject.h: - (JSC::JSValue::putByIndex): - * runtime/RegExpConstructor.cpp: - (JSC::RegExpMatchesArray::fillArrayInstance): - * runtime/RegExpMatchesArray.h: - (JSC::RegExpMatchesArray::putByIndex): - * runtime/StringPrototype.cpp: - (JSC::stringProtoFuncSplit): - -2012-03-05 Yuqiang Xian - - PredictNone is incorrectly treated as isDoublePrediction - https://bugs.webkit.org/show_bug.cgi?id=80365 - - Reviewed by Filip Pizlo. - - Also it is incorrectly treated as isFixedIndexedStorageObjectPrediction. - - * bytecode/PredictedType.h: - (JSC::isFixedIndexedStorageObjectPrediction): - (JSC::isDoublePrediction): - -2012-03-05 Filip Pizlo - - The LLInt should work even when the JIT is disabled - https://bugs.webkit.org/show_bug.cgi?id=80340 - - - Reviewed by Gavin Barraclough. - - * assembler/MacroAssemblerCodeRef.h: - (JSC::MacroAssemblerCodePtr::createLLIntCodePtr): - (MacroAssemblerCodeRef): - (JSC::MacroAssemblerCodeRef::createLLIntCodeRef): - * interpreter/Interpreter.cpp: - (JSC::Interpreter::initialize): - (JSC::Interpreter::execute): - (JSC::Interpreter::executeCall): - (JSC::Interpreter::executeConstruct): - * jit/JIT.h: - (JSC::JIT::compileCTINativeCall): - * jit/JITStubs.h: - (JSC::JITThunks::ctiNativeCall): - (JSC::JITThunks::ctiNativeConstruct): - * llint/LLIntEntrypoints.cpp: - (JSC::LLInt::getFunctionEntrypoint): - (JSC::LLInt::getEvalEntrypoint): - (JSC::LLInt::getProgramEntrypoint): - * llint/LLIntSlowPaths.cpp: - (JSC::LLInt::LLINT_SLOW_PATH_DECL): - (LLInt): - * llint/LLIntSlowPaths.h: - (LLInt): - * llint/LowLevelInterpreter.h: - * llint/LowLevelInterpreter32_64.asm: - * runtime/Executable.h: - (NativeExecutable): - (JSC::NativeExecutable::create): - (JSC::NativeExecutable::finishCreation): - * runtime/JSGlobalData.cpp: - (JSC::JSGlobalData::JSGlobalData): - * runtime/JSGlobalData.h: - (JSGlobalData): - * runtime/Options.cpp: - (Options): - (JSC::Options::parse): - (JSC::Options::initializeOptions): - * runtime/Options.h: - (Options): - * wtf/Platform.h: - -2012-03-05 Yuqiang Xian - - Checks for dead variables are not sufficient when fixing the expected - values in DFG OSR entry - https://bugs.webkit.org/show_bug.cgi?id=80371 - - Reviewed by Filip Pizlo. - - A dead variable should be identified when there's no node referencing it. - But we currently failed to catch the case where there are some nodes - referencing a variable but those nodes are actually not referenced by - others so will be ignored in code generation. In such case we should - also consider that variable to be a dead variable in the block and fix - the expected values. - This is performance neutral on SunSpider, V8 and Kraken. - - * dfg/DFGJITCompiler.h: - (JSC::DFG::JITCompiler::noticeOSREntry): - -2012-03-05 Oliver Hunt - - Fix Qt build. - - * assembler/AbstractMacroAssembler.h: - * assembler/MacroAssembler.h: - (MacroAssembler): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compileArithSub): - * jit/JITArithmetic32_64.cpp: - (JSC::JIT::emitSub32Constant): - -2012-03-05 Eric Seidel - - Update JavaScriptCore files to use fully-qualified WTF include paths - https://bugs.webkit.org/show_bug.cgi?id=79960 - - Reviewed by Adam Barth. - - This change does 5 small/related things: - 1. Updates JavaScriptCore.xcodeproj to install WTF headers into $BUILD/usr/local/include - (WebCore, WebKit were already setup to look there, but JavaScriptCore.xcodeproj - was not installing headers there.) - 2. Makes JavaScriptCore targets include $BUILD/usr/local/include in their - header search path, as that's where the WTF headers will be installed. - 3. Similarly updates JavaScriptCore.vcproj/copy-files.cmd to copy WTF headers to PrivateHeaders/wtf/* - in addition to the current behavior of flattening all headers to PrivateHeaders/*.h. - 4. Updates a bunch of JSC files to use #include instead of #include "Foo.h" - since soon the WTF headers will not be part of the JavaScriptCore Xcode project. - 5. Makes build-webkit build the WTF XCode project by default. - - * API/tests/JSNode.c: - * API/tests/JSNodeList.c: - * Configurations/Base.xcconfig: - * assembler/MacroAssemblerCodeRef.h: - * bytecompiler/BytecodeGenerator.h: - * dfg/DFGOperations.cpp: - * heap/GCAssertions.h: - * heap/HandleHeap.h: - * heap/HandleStack.h: - * heap/MarkedSpace.h: - * heap/PassWeak.h: - * heap/Strong.h: - * heap/Weak.h: - * jit/HostCallReturnValue.cpp: - * jit/JIT.cpp: - * jit/JITStubs.cpp: - * jit/ThunkGenerators.cpp: - * parser/Lexer.cpp: - * runtime/Completion.cpp: - * runtime/Executable.cpp: - * runtime/Identifier.h: - * runtime/InitializeThreading.cpp: - * runtime/JSDateMath.cpp: - * runtime/JSGlobalObjectFunctions.cpp: - * runtime/JSStringBuilder.h: - * runtime/JSVariableObject.h: - * runtime/NumberPrototype.cpp: - * runtime/WriteBarrier.h: - * tools/CodeProfile.cpp: - * tools/TieredMMapArray.h: - * yarr/YarrJIT.cpp: - -2012-03-05 Oliver Hunt - - Add basic support for constant blinding to the JIT - https://bugs.webkit.org/show_bug.cgi?id=80354 - - Reviewed by Filip Pizlo. - - This patch adds basic constant blinding support to the JIT, at the - MacroAssembler level. This means all JITs in JSC (Yarr, baseline, and DFG) - get constant blinding. Woo! - - This patch only introduces blinding for Imm32, a later patch will do similar - for ImmPtr. In order to make misuse of Imm32 as a trusted type essentially - impossible, we make TrustedImm32 a private parent of Imm32 and add an explicit - accessor that's needed to access the actual value. This also means you cannot - accidentally pass an untrusted value to a function that does not perform - blinding. - - To make everything work sensibly, this patch also corrects some code that was using - Imm32 when TrustedImm32 could be used, and refactors a few callers that use - untrusted immediates, so that they call slightly different varaints of the functions - that they used previously. This is largely necessary to deal with x86-32 not having - sufficient registers to handle the additional work required when we choose to blind - a constant. - - * assembler/AbstractMacroAssembler.h: - (JSC::AbstractMacroAssembler::Imm32::asTrustedImm32): - (Imm32): - (JSC::AbstractMacroAssembler::beginUninterruptedSequence): - (JSC::AbstractMacroAssembler::endUninterruptedSequence): - (JSC::AbstractMacroAssembler::AbstractMacroAssembler): - (AbstractMacroAssembler): - (JSC::AbstractMacroAssembler::inUninterruptedSequence): - (JSC::AbstractMacroAssembler::random): - (JSC::AbstractMacroAssembler::scratchRegisterForBlinding): - (JSC::AbstractMacroAssembler::shouldBlindForSpecificArch): - * assembler/MacroAssembler.h: - (JSC::MacroAssembler::addressForPoke): - (MacroAssembler): - (JSC::MacroAssembler::poke): - (JSC::MacroAssembler::branchPtr): - (JSC::MacroAssembler::branch32): - (JSC::MacroAssembler::convertInt32ToDouble): - (JSC::MacroAssembler::shouldBlind): - (JSC::MacroAssembler::BlindedImm32::BlindedImm32): - (BlindedImm32): - (JSC::MacroAssembler::keyForConstant): - (JSC::MacroAssembler::xorBlindConstant): - (JSC::MacroAssembler::additionBlindedConstant): - (JSC::MacroAssembler::andBlindedConstant): - (JSC::MacroAssembler::orBlindedConstant): - (JSC::MacroAssembler::loadXorBlindedConstant): - (JSC::MacroAssembler::add32): - (JSC::MacroAssembler::addPtr): - (JSC::MacroAssembler::and32): - (JSC::MacroAssembler::andPtr): - (JSC::MacroAssembler::move): - (JSC::MacroAssembler::or32): - (JSC::MacroAssembler::store32): - (JSC::MacroAssembler::sub32): - (JSC::MacroAssembler::subPtr): - (JSC::MacroAssembler::xor32): - (JSC::MacroAssembler::branchAdd32): - (JSC::MacroAssembler::branchMul32): - (JSC::MacroAssembler::branchSub32): - (JSC::MacroAssembler::trustedImm32ForShift): - (JSC::MacroAssembler::lshift32): - (JSC::MacroAssembler::rshift32): - (JSC::MacroAssembler::urshift32): - * assembler/MacroAssemblerARMv7.h: - (MacroAssemblerARMv7): - (JSC::MacroAssemblerARMv7::scratchRegisterForBlinding): - (JSC::MacroAssemblerARMv7::shouldBlindForSpecificArch): - * assembler/MacroAssemblerX86_64.h: - (JSC::MacroAssemblerX86_64::branchSubPtr): - (MacroAssemblerX86_64): - (JSC::MacroAssemblerX86_64::scratchRegisterForBlinding): - * dfg/DFGJITCompiler.cpp: - (JSC::DFG::JITCompiler::linkOSRExits): - (JSC::DFG::JITCompiler::compileBody): - (JSC::DFG::JITCompiler::compileFunction): - * dfg/DFGOSRExitCompiler32_64.cpp: - (JSC::DFG::OSRExitCompiler::compileExit): - * dfg/DFGOSRExitCompiler64.cpp: - (JSC::DFG::OSRExitCompiler::compileExit): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compile): - (JSC::DFG::SpeculativeJIT::compileArithSub): - (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant): - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::callOperation): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::emitCall): - (JSC::DFG::SpeculativeJIT::compileObjectEquality): - (JSC::DFG::SpeculativeJIT::compileDoubleCompare): - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::emitCall): - (JSC::DFG::SpeculativeJIT::compileDoubleCompare): - (JSC::DFG::SpeculativeJIT::compile): - * jit/JIT.cpp: - (JSC::JIT::privateCompileSlowCases): - (JSC::JIT::privateCompile): - * jit/JITArithmetic.cpp: - (JSC::JIT::compileBinaryArithOp): - (JSC::JIT::emit_op_add): - (JSC::JIT::emit_op_mul): - (JSC::JIT::emit_op_div): - * jit/JITArithmetic32_64.cpp: - (JSC::JIT::emitAdd32Constant): - (JSC::JIT::emitSub32Constant): - (JSC::JIT::emitBinaryDoubleOp): - (JSC::JIT::emitSlow_op_mul): - (JSC::JIT::emit_op_div): - * jit/JITCall.cpp: - (JSC::JIT::compileLoadVarargs): - * jit/JITCall32_64.cpp: - (JSC::JIT::compileLoadVarargs): - * jit/JITInlineMethods.h: - (JSC::JIT::updateTopCallFrame): - (JSC::JIT::emitValueProfilingSite): - * jit/JITOpcodes32_64.cpp: - (JSC::JIT::emitSlow_op_jfalse): - (JSC::JIT::emitSlow_op_jtrue): - * jit/JITStubCall.h: - (JITStubCall): - (JSC::JITStubCall::addArgument): - * yarr/YarrJIT.cpp: - (JSC::Yarr::YarrGenerator::backtrack): - -2012-03-05 Gavin Barraclough - - putByIndex should throw in strict mode - https://bugs.webkit.org/show_bug.cgi?id=80335 - - Reviewed by Filip Pizlo. - - We'll need to pass an additional parameter. - - Part 1 - rename JSValue::put() for integer indices to JSValue::putByIndex() - to match the method in the MethodTable, make this take a parameter indicating - whether the put should throw. This fixes the cases where the base of the put - is a primitive. - - * dfg/DFGOperations.cpp: - (DFG): - (JSC::DFG::putByVal): - (JSC::DFG::operationPutByValInternal): - * interpreter/Interpreter.cpp: - (JSC::Interpreter::execute): - (JSC::Interpreter::privateExecute): - * jit/JITStubs.cpp: - (JSC::DEFINE_STUB_FUNCTION): - * llint/LLIntSlowPaths.cpp: - (JSC::LLInt::LLINT_SLOW_PATH_DECL): - * runtime/JSObject.h: - (JSC::JSValue::putByIndex): - * runtime/JSValue.cpp: - (JSC): - * runtime/JSValue.h: - (JSValue): - -2012-03-05 Sam Weinig - - Add support for hosting layers in the window server in WebKit2 - - https://bugs.webkit.org/show_bug.cgi?id=80310 - - Reviewed by Anders Carlsson. - - * wtf/Platform.h: - Add HAVE_LAYER_HOSTING_IN_WINDOW_SERVER. - -2012-03-05 Filip Pizlo - - Unreviewed, attempted build fix for !ENABLE(JIT) after r109705. - - * bytecode/ExecutionCounter.cpp: - (JSC::ExecutionCounter::applyMemoryUsageHeuristics): - * bytecode/ExecutionCounter.h: - -2012-03-05 Patrick Gansterer - - Unreviewed. Build fix for !ENABLE(JIT) after r109705. - - * bytecode/ExecutionCounter.cpp: - * bytecode/ExecutionCounter.h: - -2012-03-05 Andy Wingo - - Lexer: Specialize character predicates for LChar, UChar - https://bugs.webkit.org/show_bug.cgi?id=79677 - - Reviewed by Oliver Hunt. - - This patch specializes isIdentStart, isIdentPart, isWhiteSpace, - and isLineTerminator to perform a more limited number of checks if - the lexer is being instantiated to work on LChar sequences. This - is about a 1.5% win on the --parse-only suite, here. - - * parser/Lexer.cpp: - (JSC::isLatin1): New static helper, specialized for LChar and - UChar. - (JSC::typesOfLatin1Characters): Rename from - typesOfASCIICharacters, and expand to the range of the LChar - type. All uses of isASCII are changed to use isLatin1. Generated - using libunistring. - (JSC::isNonLatin1IdentStart): - (JSC::isIdentStart): - (JSC::isNonLatin1IdentPart): - (JSC::isIdentPart): - (JSC::Lexer::shiftLineTerminator): - (JSC::Lexer::parseIdentifier): - (JSC::Lexer::parseIdentifierSlowCase): - (JSC::Lexer::parseStringSlowCase): - (JSC::Lexer::parseMultilineComment): - (JSC::Lexer::lex): - (JSC::Lexer::scanRegExp): - (JSC::Lexer::skipRegExp): Sprinkle static_cast(_) around. - * parser/Lexer.h: - (JSC::Lexer::isWhiteSpace): - (JSC::Lexer::isLineTerminator): - * KeywordLookupGenerator.py: - (Trie.printAsC): Declare specialized isIdentPart static functions. - -2012-03-05 Carlos Garcia Campos - - Unreviewed. Fix make distcheck. - - * GNUmakefile.list.am: Add missing header file. - -2012-03-05 Andy Wingo - - WTF: Micro-optimize cleanup of empty vectors and hash tables - https://bugs.webkit.org/show_bug.cgi?id=79903 - - Reviewed by Michael Saboff and Geoffrey Garen. - - This patch speeds up cleanup of vectors and hash tables whose - backing store was never allocated. This is the case by default - for most vectors / hash tables that never had any entries added. - - The result for me is that calling checkSyntax 1000 times on - concat-jquery-mootools-prototype.js goes from 6.234s to 6.068s, a - 2.4% speedup. - - * wtf/HashTable.h: - (WTF::HashTable::~HashTable): - (WTF::::clear): Don't deallocate the storage or frob member - variables if there is no backing storage. - * wtf/Vector.h: - (WTF::VectorBufferBase::deallocateBuffer): Likewise. - -2012-03-04 Filip Pizlo - - JIT heuristics should be hyperbolic - https://bugs.webkit.org/show_bug.cgi?id=80055 - - - Reviewed by Oliver Hunt. - - Added tracking of the amount of executable memory typically used for a bytecode - instruction. Modified the execution counter scheme to use this, and the amount - of free memory, to determine how long to wait before invoking the JIT. - - The result is that even if we bomb the VM with more code than can fit in our - executable memory pool, we still keep running and almost never run out of - executable memory - which ensures that if we have to JIT something critical, then - we'll likely have enough memory to do so. This also does not regress performance - on the three main benchmarks. - - * CMakeLists.txt: - * GNUmakefile.list.am: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: - * JavaScriptCore.xcodeproj/project.pbxproj: - * Target.pri: - * bytecode/CodeBlock.cpp: - (JSC::CodeBlock::predictedMachineCodeSize): - (JSC): - (JSC::CodeBlock::usesOpcode): - * bytecode/CodeBlock.h: - (CodeBlock): - (JSC::CodeBlock::checkIfJITThresholdReached): - (JSC::CodeBlock::dontJITAnytimeSoon): - (JSC::CodeBlock::jitAfterWarmUp): - (JSC::CodeBlock::jitSoon): - (JSC::CodeBlock::llintExecuteCounter): - (JSC::CodeBlock::counterValueForOptimizeAfterWarmUp): - (JSC::CodeBlock::counterValueForOptimizeAfterLongWarmUp): - (JSC::CodeBlock::addressOfJITExecuteCounter): - (JSC::CodeBlock::offsetOfJITExecuteCounter): - (JSC::CodeBlock::offsetOfJITExecutionActiveThreshold): - (JSC::CodeBlock::offsetOfJITExecutionTotalCount): - (JSC::CodeBlock::jitExecuteCounter): - (JSC::CodeBlock::checkIfOptimizationThresholdReached): - (JSC::CodeBlock::optimizeNextInvocation): - (JSC::CodeBlock::dontOptimizeAnytimeSoon): - (JSC::CodeBlock::optimizeAfterWarmUp): - (JSC::CodeBlock::optimizeAfterLongWarmUp): - (JSC::CodeBlock::optimizeSoon): - * bytecode/ExecutionCounter.cpp: Added. - (JSC): - (JSC::ExecutionCounter::ExecutionCounter): - (JSC::ExecutionCounter::checkIfThresholdCrossedAndSet): - (JSC::ExecutionCounter::setNewThreshold): - (JSC::ExecutionCounter::deferIndefinitely): - (JSC::ExecutionCounter::applyMemoryUsageHeuristics): - (JSC::ExecutionCounter::applyMemoryUsageHeuristicsAndConvertToInt): - (JSC::ExecutionCounter::hasCrossedThreshold): - (JSC::ExecutionCounter::setThreshold): - (JSC::ExecutionCounter::reset): - * bytecode/ExecutionCounter.h: Added. - (JSC): - (ExecutionCounter): - (JSC::ExecutionCounter::formattedTotalCount): - * dfg/DFGOSRExitCompiler32_64.cpp: - (JSC::DFG::OSRExitCompiler::compileExit): - * dfg/DFGOSRExitCompiler64.cpp: - (JSC::DFG::OSRExitCompiler::compileExit): - * jit/ExecutableAllocator.cpp: - (JSC::DemandExecutableAllocator::allocateNewSpace): - (JSC::ExecutableAllocator::underMemoryPressure): - (JSC): - (JSC::ExecutableAllocator::memoryPressureMultiplier): - * jit/ExecutableAllocator.h: - * jit/ExecutableAllocatorFixedVMPool.cpp: - (JSC::ExecutableAllocator::memoryPressureMultiplier): - (JSC): - * jit/JIT.cpp: - (JSC::JIT::privateCompile): - * jit/JITStubs.cpp: - (JSC::DEFINE_STUB_FUNCTION): - * llint/LLIntSlowPaths.cpp: - (JSC::LLInt::jitCompileAndSetHeuristics): - * llint/LowLevelInterpreter32_64.asm: - * runtime/JSGlobalData.h: - (JSGlobalData): - * runtime/Options.cpp: - (Options): - (JSC::Options::initializeOptions): - * runtime/Options.h: - (Options): - * wtf/SimpleStats.h: Added. - (WTF): - (SimpleStats): - (WTF::SimpleStats::SimpleStats): - (WTF::SimpleStats::add): - (WTF::SimpleStats::operator!): - (WTF::SimpleStats::count): - (WTF::SimpleStats::sum): - (WTF::SimpleStats::sumOfSquares): - (WTF::SimpleStats::mean): - (WTF::SimpleStats::variance): - (WTF::SimpleStats::standardDeviation): - -2012-03-04 Raphael Kubo da Costa - - [CMake] Libraries are installed to /usr/lib and not /usr/lib64 on x86_64 - https://bugs.webkit.org/show_bug.cgi?id=71507 - - Reviewed by Antonio Gomes. - - * CMakeLists.txt: Use ${LIB_INSTALL_DIR} instead of hardcoding "lib". - -2012-03-04 David Kilzer - - Fix build when the classic interpreter is enabled - - Reviewed by Gavin Barraclough. - - Fixes the following build error when running the "Generate - Derived Sources" build phase script: - - offlineasm: Parsing JavaScriptCore/llint/LowLevelInterpreter.asm and ../../JSCLLIntOffsetsExtractor and creating assembly file LLIntAssembly.h. - ./JavaScriptCore/offlineasm/offsets.rb:145:in `offsetsAndConfigurationIndex': unhandled exception - from JavaScriptCore/offlineasm/asm.rb:131 - Command /bin/sh failed with exit code 1 - - Gavin's fix in r109674 avoided the #error statement in - JITStubs.h when compiling LLIntOffsetsExtractor.cpp, but it - caused the "Generate Derived Sources" build phase script to fail - when JavaScriptCore/offlineasm/asm.rb was run. The solution is - to detect when the classic interpreter is being built and simply - exit early from asm.rb in that case. - - * llint/LLIntOffsetsExtractor.cpp: - (JSC::LLIntOffsetsExtractor::dummy): Return NULL pointer if the - JIT is disabled. Note that offsets.rb doesn't care about the - return value here, but instead it cares about finding the magic - values in the binary. The magic values are no longer present - when the JIT is disabled. - * offlineasm/asm.rb: Catch MissingMagicValuesException and exit - early with a status message. - * offlineasm/offsets.rb: - (MissingMagicValuesException): Add new exception class. - (offsetsAndConfigurationIndex): Throw - MissingMagicValuesException when no magic values are found. - -2012-03-04 Jurij Smakov - - SPARC also needs aligned accesses. - - Rubber-stamped by Gustavo Noronha Silva. - - * wtf/Platform.h: - -2012-03-04 Gavin Barraclough - - Unreviewed build fix. - - * jit/JITStubs.h: - - Move ENABLE(JIT) to head of file. - -2012-03-03 Gavin Barraclough - - Split JSArray's [[Put]] & [[DefineOwnProperty]] traps. - https://bugs.webkit.org/show_bug.cgi?id=80217 - - Reviewed by Filip Pizlo. - - putByIndex() provides similar behavior to put(), but for indexed property names. - Many places in ArrayPrototype call putByIndex() where they really mean to call - [[DefineOwnProperty]]. This is only okay due to a bug – putByIndex should be - calling numeric accessors (& respecting numeric read only properties) on the - prototype chain, but isn't. Add a new putDirectIndex (matching JSObject's - putDirect* methods), to correctly provide a fast [[DefineOwnProperty]] interface. - - * runtime/ArrayPrototype.cpp: - (JSC::arrayProtoFuncConcat): - (JSC::arrayProtoFuncSlice): - (JSC::arrayProtoFuncFilter): - (JSC::arrayProtoFuncMap): - * runtime/JSArray.cpp: - (JSC): - (JSC::reject): - (JSC::SparseArrayValueMap::putDirect): - (JSC::JSArray::defineOwnNumericProperty): - (JSC::JSArray::putByIndexBeyondVectorLength): - (JSC::JSArray::putDirectIndexBeyondVectorLength): - * runtime/JSArray.h: - (SparseArrayValueMap): - (JSArray): - (JSC::JSArray::putDirectIndex): - -2012-03-03 Benjamin Poulain - - Implement the basis of KURLWTFURL - https://bugs.webkit.org/show_bug.cgi?id=79600 - - Reviewed by Adam Barth. - - Add an API to know if a ParsedURL is valid. - - * wtf/url/api/ParsedURL.cpp: - (WTF::ParsedURL::ParsedURL): - (WTF): - (WTF::ParsedURL::isolatedCopy): This is needed by APIs moving URL objects between thread - and by KURL's detach() on write. - (WTF::ParsedURL::baseAsString): - (WTF::ParsedURL::segment): - Add a stronger constraint on accessors: the client of this API should never ask for the segments - on an invalid URL. - * wtf/url/api/ParsedURL.h: - (WTF): - (WTF::ParsedURL::ParsedURL): - (ParsedURL): - (WTF::ParsedURL::isValid): - -2012-03-03 Hans Wennborg - - Implement Speech JavaScript API - https://bugs.webkit.org/show_bug.cgi?id=80019 - - Reviewed by Adam Barth. - - Add ENABLE_SCRIPTED_SPEECH. - - * Configurations/FeatureDefines.xcconfig: - -2012-03-02 Filip Pizlo - - When getting the line number of a call into a call frame with no code block, it's - incorrect to rely on the returnPC - https://bugs.webkit.org/show_bug.cgi?id=80195 - - Reviewed by Oliver Hunt. - - * interpreter/Interpreter.cpp: - (JSC::getCallerInfo): - * jit/JITCall.cpp: - (JSC::JIT::compileLoadVarargs): - -2012-03-02 Han Hojong - - Expected results updated for checking type conversion - https://bugs.webkit.org/show_bug.cgi?id=80138 - - Reviewed by Gavin Barraclough. - - * tests/mozilla/ecma/TypeConversion/9.3.1-3.js: - -2012-03-02 Kenichi Ishibashi - - Adding WebSocket per-frame DEFLATE extension - https://bugs.webkit.org/show_bug.cgi?id=77522 - - Added USE(ZLIB) flag. - - Reviewed by Kent Tamura. - - * wtf/Platform.h: - -2012-03-02 Filip Pizlo - - Unreviewed build fix for platforms that have DFG_JIT disabled but PARALLEL_GC enabled. - - * bytecode/CodeBlock.cpp: - (JSC::CodeBlock::visitAggregate): - -2012-03-01 Filip Pizlo - - DFGCodeBlocks should not trace CodeBlocks that are also going to be traced by - virtue of being in the transitive closure - https://bugs.webkit.org/show_bug.cgi?id=80098 - - Reviewed by Anders Carlsson. - - If DFGCodeBlocks traces a CodeBlock that might also be traced via its owner Executable, - then you might have the visitAggregate() method called concurrently by multiple threads. - This is benign on 64-bit -- visitAggregate() and everything it calls turns out to be - racy and slightly imprecise but not unsound. But on 32-bit, visitAggregate() may crash - due to word tearing in ValueProfile bucket updates inside of computeUpdatedPrediction(). - - It would seem that the fix is just to have DFGCodeBlocks not trace CodeBlocks that are - not jettisoned. But CodeBlocks may be jettisoned later during the GC, so it must trace - any CodeBlock that it knows to be live by virtue of it being reachable from the stack. - Hence the real fix is to make sure that concurrent calls into CodeBlock::visitAggregate() - don't lead to two threads racing over each other as they clobber state. This patch - achieves this with a simple CAS loop: whichever thread wins the CAS race (which is - trivially linearizable) will get to trace the CodeBlock; all other threads give up and - go home. - - Unfortunately there will be no new tests. It's possible to reproduce this maybe 1/10 - times by running V8-v6's raytrace repeatedly, using the V8 harness hacked to rerun it - even when it's gotten sufficient counts. But that takes a while - sometimes up to a - minute to get a crash. I have no other reliable repro case. - - * bytecode/CodeBlock.cpp: - (JSC::CodeBlock::visitAggregate): - * bytecode/CodeBlock.h: - (DFGData): - * heap/DFGCodeBlocks.cpp: - (JSC::DFGCodeBlocks::clearMarks): - -2012-03-01 Filip Pizlo - - The JIT should not crash the entire process just because there is not enough executable - memory, if the LLInt is enabled - https://bugs.webkit.org/show_bug.cgi?id=79962 - - Reviewed by Csaba Osztrogonác. - - Fix for ARM, SH4. - - * assembler/AssemblerBufferWithConstantPool.h: - (JSC::AssemblerBufferWithConstantPool::executableCopy): - -2012-03-01 Ryosuke Niwa - - Revert my change. Broke builds. - Source/JavaScriptCore/wtf/Atomics.h:188: error: redefinition of 'bool WTF::weakCompareAndSwap(volatile uintptr_t*, uintptr_t, uintptr_t)' - Source/JavaScriptCore/wtf/Atomics.h:122: error: 'bool WTF::weakCompareAndSwap(volatile unsigned int*, unsigned int, unsigned i - - * wtf/Atomics.h: - (WTF): - (WTF::weakCompareAndSwap): - -2012-03-01 Ryosuke Niwa - - Gcc build fix. - - Rubber-stamped by Filip Pizlo. - - * wtf/Atomics.h: - (WTF): - (WTF::weakCompareAndSwap): - -2012-03-01 Gavin Barraclough - - ES5.1-15.3.5.4. prohibits Function.caller from [[Get]]ting a strict caller - https://bugs.webkit.org/show_bug.cgi?id=80011 - - Reviewed by Oliver Hunt. - - Also, fix getting the caller from within a bound function, for within a getter, - or setter (make our implementation match other browsers). - - * interpreter/Interpreter.cpp: - (JSC::getCallerInfo): - - Allow this to get the caller of host functions. - (JSC::Interpreter::retrieveCallerFromVMCode): - - This should use getCallerInfo, and should skip over function bindings. - * runtime/JSFunction.cpp: - (JSC::JSFunction::callerGetter): - - This should never return a strict-mode function. - -2012-03-01 Yuqiang Xian - - DFG local CSE for a node can be terminated earlier - https://bugs.webkit.org/show_bug.cgi?id=80014 - - Reviewed by Filip Pizlo. - - When one of the node's childredn is met in the process of back traversing - the nodes, we don't need to traverse the remaining nodes. - This is performance neutral on SunSpider, V8 and Kraken. - - * dfg/DFGCSEPhase.cpp: - (JSC::DFG::CSEPhase::pureCSE): - (JSC::DFG::CSEPhase::impureCSE): - (JSC::DFG::CSEPhase::getByValLoadElimination): - (JSC::DFG::CSEPhase::checkFunctionElimination): - (JSC::DFG::CSEPhase::checkStructureLoadElimination): - (JSC::DFG::CSEPhase::getByOffsetLoadElimination): - (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination): - (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination): - -2012-02-29 Yuqiang Xian - - DFG BasicBlocks should not require that their nodes have continuous indices in the graph - https://bugs.webkit.org/show_bug.cgi?id=79899 - - Reviewed by Filip Pizlo. - - This will make it more convenient to insert nodes into the DFG. - With this capability we now place the Phi nodes in the corresponding - blocks. - Local CSE is modified to not to rely on the assumption of continuous - node indices in a block. - This is performance neutral on SunSpider, V8 and Kraken. - - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::AbstractState): - (JSC::DFG::AbstractState::beginBasicBlock): - (JSC::DFG::AbstractState::execute): - (JSC::DFG::AbstractState::clobberStructures): - (JSC::DFG::AbstractState::mergeToSuccessors): - (JSC::DFG::AbstractState::dump): - * dfg/DFGAbstractState.h: - (JSC::DFG::AbstractState::forNode): - (AbstractState): - * dfg/DFGArithNodeFlagsInferencePhase.cpp: - (ArithNodeFlagsInferencePhase): - * dfg/DFGBasicBlock.h: - (JSC::DFG::BasicBlock::BasicBlock): - (BasicBlock): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::addToGraph): - (ByteCodeParser): - (JSC::DFG::ByteCodeParser::insertPhiNode): - (JSC::DFG::ByteCodeParser::handleInlining): - (JSC::DFG::ByteCodeParser::parseBlock): - (JSC::DFG::ByteCodeParser::processPhiStack): - (JSC::DFG::ByteCodeParser::linkBlock): - (JSC::DFG::ByteCodeParser::determineReachability): - (JSC::DFG::ByteCodeParser::parseCodeBlock): - * dfg/DFGCFAPhase.cpp: - (JSC::DFG::CFAPhase::performBlockCFA): - (CFAPhase): - * dfg/DFGCSEPhase.cpp: - (JSC::DFG::CSEPhase::CSEPhase): - (JSC::DFG::CSEPhase::endIndexForPureCSE): - (JSC::DFG::CSEPhase::pureCSE): - (JSC::DFG::CSEPhase::impureCSE): - (JSC::DFG::CSEPhase::globalVarLoadElimination): - (JSC::DFG::CSEPhase::getByValLoadElimination): - (JSC::DFG::CSEPhase::checkFunctionElimination): - (JSC::DFG::CSEPhase::checkStructureLoadElimination): - (JSC::DFG::CSEPhase::getByOffsetLoadElimination): - (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination): - (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination): - (JSC::DFG::CSEPhase::getScopeChainLoadElimination): - (JSC::DFG::CSEPhase::performNodeCSE): - (JSC::DFG::CSEPhase::performBlockCSE): - (CSEPhase): - * dfg/DFGGraph.cpp: - (JSC::DFG::Graph::dump): - * dfg/DFGPhase.cpp: - (JSC::DFG::Phase::beginPhase): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::nonSpeculativeCompare): - (JSC::DFG::SpeculativeJIT::nonSpeculativeStrictEq): - (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch): - (JSC::DFG::SpeculativeJIT::compile): - (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant): - (JSC::DFG::SpeculativeJIT::compileStrictEq): - * dfg/DFGSpeculativeJIT.h: - (SpeculativeJIT): - (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch): - (JSC::DFG::SpeculativeJIT::SpeculativeJIT): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull): - * dfg/DFGVirtualRegisterAllocationPhase.cpp: - (JSC::DFG::VirtualRegisterAllocationPhase::run): - -2012-02-29 Filip Pizlo - - The JIT should not crash the entire process just because there is not - enough executable memory, if the LLInt is enabled - https://bugs.webkit.org/show_bug.cgi?id=79962 - - - Unreviewed, adding forgotten file. - - * jit/JITCompilationEffort.h: Added. - (JSC): - -2012-02-29 Filip Pizlo - - The JIT should not crash the entire process just because there is not - enough executable memory, if the LLInt is enabled - https://bugs.webkit.org/show_bug.cgi?id=79962 - - - Reviewed by Gavin Barraclough. - - Added the notion of JITCompilationEffort. If we're JIT'ing as a result of - a tier-up, then we set it to JITCompilationCanFail. Otherwise it's - JITCompilationMustSucceed. This preserves the old behavior of LLInt is - disabled or if we're compiling something that can't be interpreted (like - an OSR exit stub). - - * JavaScriptCore.xcodeproj/project.pbxproj: - * assembler/ARMAssembler.cpp: - (JSC::ARMAssembler::executableCopy): - * assembler/ARMAssembler.h: - (ARMAssembler): - * assembler/AssemblerBuffer.h: - (JSC::AssemblerBuffer::executableCopy): - * assembler/LinkBuffer.h: - (JSC::LinkBuffer::LinkBuffer): - (JSC::LinkBuffer::~LinkBuffer): - (LinkBuffer): - (JSC::LinkBuffer::didFailToAllocate): - (JSC::LinkBuffer::isValid): - (JSC::LinkBuffer::linkCode): - (JSC::LinkBuffer::performFinalization): - * assembler/MIPSAssembler.h: - (JSC::MIPSAssembler::executableCopy): - * assembler/SH4Assembler.h: - (JSC::SH4Assembler::executableCopy): - * assembler/X86Assembler.h: - (JSC::X86Assembler::executableCopy): - (JSC::X86Assembler::X86InstructionFormatter::executableCopy): - * bytecode/CodeBlock.cpp: - (JSC::ProgramCodeBlock::jitCompileImpl): - (JSC::EvalCodeBlock::jitCompileImpl): - (JSC::FunctionCodeBlock::jitCompileImpl): - * bytecode/CodeBlock.h: - (JSC::CodeBlock::jitCompile): - (CodeBlock): - (ProgramCodeBlock): - (EvalCodeBlock): - (FunctionCodeBlock): - * dfg/DFGDriver.cpp: - (JSC::DFG::compile): - * dfg/DFGJITCompiler.cpp: - (JSC::DFG::JITCompiler::compile): - (JSC::DFG::JITCompiler::compileFunction): - * dfg/DFGJITCompiler.h: - (JITCompiler): - * jit/ExecutableAllocator.cpp: - (JSC::DemandExecutableAllocator::allocateNewSpace): - (JSC::ExecutableAllocator::allocate): - * jit/ExecutableAllocator.h: - (ExecutableAllocator): - * jit/ExecutableAllocatorFixedVMPool.cpp: - (JSC::ExecutableAllocator::allocate): - * jit/JIT.cpp: - (JSC::JIT::privateCompile): - * jit/JIT.h: - (JSC::JIT::compile): - (JIT): - * jit/JITCompilationEffort.h: Added. - (JSC): - * jit/JITDriver.h: - (JSC::jitCompileIfAppropriate): - (JSC::jitCompileFunctionIfAppropriate): - * llint/LLIntSlowPaths.cpp: - (LLInt): - (JSC::LLInt::jitCompileAndSetHeuristics): - (JSC::LLInt::entryOSR): - (JSC::LLInt::LLINT_SLOW_PATH_DECL): - * runtime/Executable.cpp: - (JSC::EvalExecutable::jitCompile): - (JSC::ProgramExecutable::jitCompile): - (JSC::FunctionExecutable::jitCompileForCall): - (JSC::FunctionExecutable::jitCompileForConstruct): - * runtime/Executable.h: - (EvalExecutable): - (ProgramExecutable): - (FunctionExecutable): - (JSC::FunctionExecutable::jitCompileFor): - * runtime/ExecutionHarness.h: - (JSC::prepareForExecution): - (JSC::prepareFunctionForExecution): - -2012-02-29 No'am Rosenthal - - [Qt][WK2] Get rid of the #ifdef mess in LayerTreeHost[Proxy] - https://bugs.webkit.org/show_bug.cgi?id=79501 - - Enable WTF_USE_UI_SIDE_COMPOSITING for Qt. - - Reviewed by Kenneth Rohde Christiansen. - - * wtf/Platform.h: - -2012-02-29 Gavin Barraclough - - Rubber stamped by Oliver Hunt. - - * tests/mozilla/ecma_2/RegExp/constructor-001.js: - * tests/mozilla/ecma_2/RegExp/function-001.js: - * tests/mozilla/ecma_2/RegExp/properties-001.js: - - Check in new test cases results. - -2012-02-29 Mark Rowe - - Stop installing JSCLLIntOffsetsExtractor. - - Replace the separate TestRegExp and TestAPI xcconfig files with a single ToolExecutable xcconfig file - that derives the product name from the target name. We can then use that xcconfig file for JSCLLIntOffsetsExtractor. - This has the results of setting SKIP_INSTALL = YES for JSCLLIntOffsetsExtractor. - - While I was doing this fiddling I noticed that the JSCLLIntOffsetsExtractor target had a custom value - for USER_HEADER_SEARCH_PATHS to allow it to find LLIntDesiredOffsets.h. A better way of doing that is - to add LLIntDesiredOffsets.h to the Xcode project so that it'll be included in the header map. That - allows us to remove the override of USER_HEADER_SEARCH_PATHS entirely. So I did that too! - - Reviewed by Filip Pizlo. - - * Configurations/TestRegExp.xcconfig: Removed. - * Configurations/ToolExecutable.xcconfig: Renamed from Source/JavaScriptCore/Configurations/TestAPI.xcconfig. - * JavaScriptCore.xcodeproj/project.pbxproj: - -2012-02-28 Filip Pizlo - - RefCounted::deprecatedTurnOffVerifier() should not be deprecated - https://bugs.webkit.org/show_bug.cgi?id=79864 - - Reviewed by Oliver Hunt. - - Removed the word "deprecated" from the name of this method, since this method - should not be deprecated. It works just fine as it is, and there is simply no - alternative to calling this method for many interesting JSC classes. - - * parser/SourceProvider.h: - (JSC::SourceProvider::SourceProvider): - * runtime/SymbolTable.h: - (JSC::SharedSymbolTable::SharedSymbolTable): - * wtf/MetaAllocator.cpp: - (WTF::MetaAllocatorHandle::MetaAllocatorHandle): - (WTF::MetaAllocator::allocate): - * wtf/RefCounted.h: - (RefCountedBase): - (WTF::RefCountedBase::turnOffVerifier): - -2012-02-29 Gavin Barraclough - - 'source' property of RegExp instance cannot be "" - https://bugs.webkit.org/show_bug.cgi?id=79938 - - Reviewed by Oliver Hunt. - - 15.10.6.4 specifies that RegExp.prototype.toString must return '/' + source + '/', - and also states that the result must be a valid RegularExpressionLiteral. '//' is - not a valid RegularExpressionLiteral (since it is a single line comment), and hence - source cannot ever validly be "". If the source is empty, return a different Pattern - that would match the same thing. - - * runtime/RegExpObject.cpp: - (JSC::regExpObjectSource): - - Do not return "" if the source is empty, this would lead to invalid behaviour in toString. - * runtime/RegExpPrototype.cpp: - (JSC::regExpProtoFuncToString): - - No need to special case the empty string - this should be being done by 'source'. - -2012-02-29 Gavin Barraclough - - Writable attribute not set correctly when redefining an accessor to a data descriptor - https://bugs.webkit.org/show_bug.cgi?id=79931 - - Reviewed by Oliver Hunt. - - * runtime/JSObject.cpp: - (JSC::JSObject::defineOwnProperty): - - use attributesOverridingCurrent instead of attributesWithOverride. - * runtime/PropertyDescriptor.cpp: - * runtime/PropertyDescriptor.h: - - remove attributesWithOverride - attributesOverridingCurrent does the same thing. - -2012-02-29 Kevin Ollivier - - Add JSCore symbol exports needed by wx port - https://bugs.webkit.org/show_bug.cgi?id=77280 - - Reviewed by Hajime Morita. - - * wtf/ArrayBufferView.h: - * wtf/ExportMacros.h: - -2012-02-28 Raphael Kubo da Costa - - [CMake] Always build wtf as a static library. - https://bugs.webkit.org/show_bug.cgi?id=79857 - - Reviewed by Eric Seidel. - - To help the efforts in bug 75673 to move WTF out of - JavaScriptCore, act more like the other ports and remove the - possibility of building WTF as a shared library. - - It does not make much sense to, for example, ship WTF as a - separate .so with webkit-efl packages, and it should be small - enough not to cause problems during linking. - - * wtf/CMakeLists.txt: - -2012-02-28 Dmitry Lomov - - [JSC] Implement ArrayBuffer transfer - https://bugs.webkit.org/show_bug.cgi?id=73493. - Implement ArrayBuffer transfer, per Khronos spec: http://www.khronos.org/registry/typedarray/specs/latest/#9. - This brings parity with V8 implementation of transferable typed arrays. - - Reviewed by Oliver Hunt. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Extra export. - * wtf/ArrayBuffer.h: - (ArrayBuffer): Added extra export. - -2012-02-28 Kevin Ollivier - - [wx] Unreviewed. Build fix after recent LLInt additions. - - * wscript: - -2012-02-28 Mark Hahnenberg - - Refactor SpeculativeJIT::emitAllocateJSFinalObject - https://bugs.webkit.org/show_bug.cgi?id=79801 - - Reviewed by Filip Pizlo. - - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::emitAllocateBasicJSObject): Split emitAllocateJSFinalObject out to form this - function, which is more generic in that it can allocate a variety of classes. - (SpeculativeJIT): - (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject): Changed to use the new helper function. - -2012-02-28 Gavin Barraclough - - [[Get]]/[[Put]] for primitives should not wrap on strict accessor call - https://bugs.webkit.org/show_bug.cgi?id=79588 - - Reviewed by Oliver Hunt. - - In the case of [[Get]], this is a pretty trivial bug - just don't wrap - primitives at the point you call a getter. - - For setters, this is a little more involved, since we have already wrapped - the value up in a synthesized object. Stop doing so. There is also a further - subtely, that in strict mode all attempts to create a new data property on - the object should throw. - - * runtime/JSCell.cpp: - (JSC::JSCell::put): - - [[Put]] to a string primitive should use JSValue::putToPrimitive. - * runtime/JSObject.cpp: - (JSC::JSObject::put): - - Remove static function called in one place. - * runtime/JSObject.h: - (JSC::JSValue::put): - - [[Put]] to a non-cell JSValue should use JSValue::putToPrimitive. - * runtime/JSValue.cpp: - (JSC::JSValue::synthesizePrototype): - - Add support for synthesizing the prototype of strings. - (JSC::JSValue::putToPrimitive): - - Added, implements [[Put]] for primitive bases, per 8.7.2. - * runtime/JSValue.h: - (JSValue): - - Add declaration for JSValue::putToPrimitive. - * runtime/PropertySlot.cpp: - (JSC::PropertySlot::functionGetter): - - Don't call ToObject on primitive this values. - -2012-02-28 Mark Hahnenberg - - Re-enable parallel GC on Mac - https://bugs.webkit.org/show_bug.cgi?id=79837 - - Rubber stamped by Filip Pizlo. - - * runtime/Options.cpp: - (JSC::Options::initializeOptions): We accidentally disabled parallel GC with this line, - so we removed it and things should go back to normal. - -2012-02-28 Filip Pizlo - - Some run-javascriptcore-tests broken for 32-bit debug - https://bugs.webkit.org/show_bug.cgi?id=79844 - - Rubber stamped by Oliver Hunt. - - These assertions are just plain wrong for 32-bit. We could either have a massive - assertion that depends on value representation, that has to be changed every - time we change the JITs, resulting in a bug tail of debug-mode crashes, or we - could get rid of the assertions. I pick the latter. - - * dfg/DFGOperations.cpp: - * jit/JITStubs.cpp: - (JSC::DEFINE_STUB_FUNCTION): - -2012-02-28 Mark Hahnenberg - - Get rid of padding cruft in CopiedBlock - https://bugs.webkit.org/show_bug.cgi?id=79686 - - Reviewed by Filip Pizlo. - - * heap/CopiedBlock.h: - (CopiedBlock): Removed the extra padding that was used for alignment purposes until - the calculation of the payload offset into CopiedBlocks was redone recently. - -2012-02-28 Anders Carlsson - - Fix build with newer versions of clang. - - Clang now warns since we're not passing a CFString literal to CFStringCreateWithFormatAndArguments, - but it's OK to ignore this warning since clang is also checking that the caller (vprintf_stderr_common) - takes a string literal. - - * wtf/Assertions.cpp: - -2012-02-28 Mario Sanchez Prada - - [GTK] Add GMainLoop and GMainContext to be handled by GRefPtr - https://bugs.webkit.org/show_bug.cgi?id=79496 - - Reviewed by Martin Robinson. - - Handle GMainLoop and GMainContext in GRefPtr, by calling - g_main_loop_(un)ref and g_main_context_(un)ref in the - implementation of the refGPtr and derefGPtr template functions. - - * wtf/gobject/GRefPtr.cpp: - (WTF::refGPtr): - (WTF): - (WTF::derefGPtr): - * wtf/gobject/GRefPtr.h: - (WTF): - * wtf/gobject/GTypedefs.h: - -2012-02-28 Yong Li - - JSString::resolveRope() should report extra memory cost to the heap. - https://bugs.webkit.org/show_bug.cgi?id=79555 - - Reviewed by Michael Saboff. - - At the time a JSString is constructed with fibers, it doesn't report - extra memory cost, which is reasonable because it hasn't allocate - new memory. However when the rope is resolved, it should report meory - cost for the new buffer. - - * runtime/JSString.cpp: - (JSC::JSString::resolveRope): - -2012-02-27 Oliver Hunt - - sputnik/Unicode/Unicode_500/S7.2_A1.6_T1.html crashes in the interpreter - https://bugs.webkit.org/show_bug.cgi?id=79728 - - Reviewed by Gavin Barraclough. - - When initialising a chained get instruction we may end up in a state where - the instruction stream says we have a scopechain, but it has not yet been set - (eg. if allocating the StructureChain itself is what leads to the GC). We could - re-order the allocation, but it occurs in a couple of places, so it seems less - fragile simply to null check the scopechain slot before we actually visit the slot. - - * bytecode/CodeBlock.cpp: - (JSC::CodeBlock::visitStructures): - -2012-02-27 Filip Pizlo - - Old JIT's style of JSVALUE64 strict equality is subtly wrong - https://bugs.webkit.org/show_bug.cgi?id=79700 - - Reviewed by Oliver Hunt. - - * assembler/MacroAssemblerX86_64.h: - (JSC::MacroAssemblerX86_64::comparePtr): - (MacroAssemblerX86_64): - * dfg/DFGOperations.cpp: - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::nonSpeculativeStrictEq): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq): - (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq): - * jit/JITOpcodes.cpp: - (JSC::JIT::compileOpStrictEq): - (JSC::JIT::emitSlow_op_stricteq): - (JSC::JIT::emitSlow_op_nstricteq): - * jit/JITStubs.cpp: - (JSC::DEFINE_STUB_FUNCTION): - -2012-02-27 Gavin Barraclough - - Implement support for op_negate and op_bitnot in the DFG JIT - https://bugs.webkit.org/show_bug.cgi?id=79617 - - Reviewed by Filip Pizlo. - - Add an ArithNegate op to the DFG JIT, to implement op_negate. - - This patch also adds support for op_negate to the JSVALUE64 baseline JIT - (JSVALUE32_64 already had this), so that we can profile the slowpath usage. - - This is a 2.5%-3% Sunspider progression and a 1% win on Kraken. - - * assembler/ARMv7Assembler.h: - (JSC::ARMv7Assembler::sub_S): - - Added sub_S from immediate. - (ARMv7Assembler): - (JSC::ARMv7Assembler::vneg): - - Added double negate. - * assembler/MacroAssemblerARMv7.h: - (JSC::MacroAssemblerARMv7::negateDouble): - - Added double negate. - (MacroAssemblerARMv7): - (JSC::MacroAssemblerARMv7::branchNeg32): - - Added. - * assembler/MacroAssemblerX86.h: - (MacroAssemblerX86): - - moved loadDouble, absDouble to common. - * assembler/MacroAssemblerX86Common.h: - (MacroAssemblerX86Common): - (JSC::MacroAssemblerX86Common::absDouble): - - implementation can be shared. - (JSC::MacroAssemblerX86Common::negateDouble): - - Added. - (JSC::MacroAssemblerX86Common::loadDouble): - - allow absDouble to have a common implementation. - * assembler/MacroAssemblerX86_64.h: - (MacroAssemblerX86_64): - - moved loadDouble, absDouble to common. - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::execute): - - support ArithNegate. - * dfg/DFGArithNodeFlagsInferencePhase.cpp: - (JSC::DFG::ArithNodeFlagsInferencePhase::propagate): - - support ArithNegate. - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::makeSafe): - - support ArithNegate. - (JSC::DFG::ByteCodeParser::parseBlock): - - support op_negate. - * dfg/DFGCSEPhase.cpp: - (JSC::DFG::CSEPhase::performNodeCSE): - - support ArithNegate. - * dfg/DFGCapabilities.h: - (JSC::DFG::canCompileOpcode): - - support op_negate. - * dfg/DFGGraph.h: - (JSC::DFG::Graph::negateShouldSpeculateInteger): - - support ArithNegate. - * dfg/DFGNode.h: - (JSC::DFG::Node::hasArithNodeFlags): - - support ArithNegate. - * dfg/DFGPredictionPropagationPhase.cpp: - (JSC::DFG::PredictionPropagationPhase::propagate): - - support ArithNegate. - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compileArithNegate): - - support ArithNegate. - * dfg/DFGSpeculativeJIT.h: - (SpeculativeJIT): - - support ArithNegate. - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - - support ArithNegate. - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - - support ArithNegate. - * jit/JIT.cpp: - (JSC::JIT::privateCompileMainPass): - (JSC::JIT::privateCompileSlowCases): - - Add support for op_negate in JSVALUE64. - * jit/JITArithmetic.cpp: - (JSC::JIT::emit_op_negate): - (JSC::JIT::emitSlow_op_negate): - - Add support for op_negate in JSVALUE64. - -2012-02-27 Mahesh Kulkarni - - Unreviewed. Build fix for linux-bot (qt) after r109021. - - * runtime/Error.cpp: - -2012-02-27 Oliver Hunt - - REGRESSION (r108112): AWS Management Console at amazon.com fails to initialize - https://bugs.webkit.org/show_bug.cgi?id=79693 - - Reviewed by Filip Pizlo. - - Alas we can't provide the stack trace as an array, as despite everyone wanting - an array, everyone arbitrarily creates the array by calling split on the stack - trace. To create the array we would have provided them in the first place. - - This changes the exception's stack property to a \n separated string. To get the - old array just do .stack.split("\n"). - - * runtime/Error.cpp: - (JSC::addErrorInfo): - -2012-02-27 Gavin Barraclough - - RegExp lastIndex should behave as a regular property - https://bugs.webkit.org/show_bug.cgi?id=79446 - - Reviewed by Sam Weinig. - - lastIndex should be a regular data descriptor, with the attributes configurable:false, - enumerable:false, writable:true. As such, it should be possible to reconfigure writable - as false. If the lastIndex property is reconfigured to be read-only, we should respect - this correctly. - - * runtime/CommonIdentifiers.h: - - Removed some unused identifiers, added lastIndex. - * runtime/RegExpObject.cpp: - (JSC::RegExpObject::getOwnPropertySlot): - - lastIndex is no longer a static value, provided specific handling. - (JSC::RegExpObject::getOwnPropertyDescriptor): - - lastIndex is no longer a static value, provided specific handling. - (JSC::RegExpObject::deleteProperty): - - lastIndex is no longer a static value, provided specific handling. - (JSC::RegExpObject::getOwnPropertyNames): - - lastIndex is no longer a static value, provided specific handling. - (JSC::RegExpObject::getPropertyNames): - - lastIndex is no longer a static value, provided specific handling. - (JSC::reject): - - helper function for defineOwnProperty. - (JSC::RegExpObject::defineOwnProperty): - - lastIndex is no longer a static value, provided specific handling. - (JSC::RegExpObject::put): - - lastIndex is no longer a static value, provided specific handling. - (JSC::RegExpObject::match): - - Pass setLastIndex an ExecState, so it can throw if read-only. - * runtime/RegExpObject.h: - (JSC::RegExpObject::setLastIndex): - - Pass setLastIndex an ExecState, so it can throw if read-only. - (RegExpObjectData): - - Added lastIndexIsWritable. - * runtime/RegExpPrototype.cpp: - (JSC::regExpProtoFuncCompile): - - Pass setLastIndex an ExecState, so it can throw if read-only. - -2012-02-27 Gavin Barraclough - - Implement support for op_negate and op_bitnot in the DFG JIT - https://bugs.webkit.org/show_bug.cgi?id=79617 - - Reviewed by Sam Weinig. - - Remove op_bitnop - this is redundant, ~x === x^-1. - This is a fractional (<1%) progression. - - Remove not32(X) from the MacroAssemblers - make this an optimization to add32(-1, X). - Remove CanReuse from the result type - this was unused. - Remove op_bitnot. - - * assembler/MacroAssemblerARM.h: - (MacroAssemblerARM): - (JSC::MacroAssemblerARM::xor32): - * assembler/MacroAssemblerARMv7.h: - (MacroAssemblerARMv7): - (JSC::MacroAssemblerARMv7::xor32): - * assembler/MacroAssemblerMIPS.h: - (MacroAssemblerMIPS): - (JSC::MacroAssemblerMIPS::xor32): - * assembler/MacroAssemblerSH4.h: - (MacroAssemblerSH4): - (JSC::MacroAssemblerSH4::xor32): - * assembler/MacroAssemblerX86Common.h: - (MacroAssemblerX86Common): - (JSC::MacroAssemblerX86Common::xor32): - * bytecode/CodeBlock.cpp: - (JSC::CodeBlock::dump): - * bytecode/Opcode.h: - (JSC): - (JSC::padOpcodeName): - * bytecompiler/NodesCodegen.cpp: - (JSC): - (JSC::BitwiseNotNode::emitBytecode): - * interpreter/Interpreter.cpp: - (JSC::Interpreter::privateExecute): - * jit/JIT.cpp: - (JSC::JIT::privateCompileMainPass): - (JSC::JIT::privateCompileSlowCases): - * jit/JIT.h: - (JIT): - * jit/JITArithmetic32_64.cpp: - (JSC): - * jit/JITOpcodes.cpp: - (JSC): - * jit/JITStubs.cpp: - (JSC): - * jit/JITStubs.h: - * llint/LLIntSlowPaths.cpp: - (LLInt): - * llint/LLIntSlowPaths.h: - (LLInt): - * llint/LowLevelInterpreter32_64.asm: - * parser/NodeConstructors.h: - (JSC::NegateNode::NegateNode): - (JSC::BitwiseNotNode::BitwiseNotNode): - (JSC::MultNode::MultNode): - (JSC::DivNode::DivNode): - (JSC::ModNode::ModNode): - (JSC::SubNode::SubNode): - (JSC::UnsignedRightShiftNode::UnsignedRightShiftNode): - * parser/Nodes.h: - (BitwiseNotNode): - (JSC::BitwiseNotNode::expr): - (JSC): - * parser/ResultType.h: - (ResultType): - (JSC::ResultType::numberTypeIsInt32): - (JSC::ResultType::stringOrNumberType): - (JSC::ResultType::forAdd): - (JSC::ResultType::forBitOp): - -2012-02-27 Michael Saboff - - Error check regexp min quantifier - https://bugs.webkit.org/show_bug.cgi?id=70648 - - Reviewed by Gavin Barraclough. - - Added checking for min or only quantifier being UINT_MAX. - When encountered this becomes a SyntaxError during parsing. - - * yarr/YarrParser.h: - (JSC::Yarr::Parser::parseQuantifier): - (JSC::Yarr::Parser::parse): - (Parser): - -2012-02-27 Carlos Garcia Campos - - Unreviewed. Fix make distcheck. - - * GNUmakefile.list.am: Add missing files. - -2012-02-26 Hajime Morrita - - Move ChromeClient::showContextMenu() to ContextMenuClient - https://bugs.webkit.org/show_bug.cgi?id=79427 - - Reviewed by Adam Barth. - - Added ACCESSIBILITY_CONTEXT_MENUS. - - * wtf/Platform.h: - -2012-02-26 Filip Pizlo - - LayoutTests/fast/xpath/xpath-functional-test.html is crashing in the DFG - https://bugs.webkit.org/show_bug.cgi?id=79616 - - Reviewed by Oliver Hunt. - - Guard against the fact that in JSVALUE64, JSValue().isCell() == true. - - * dfg/DFGAbstractValue.h: - (JSC::DFG::AbstractValue::validate): - -2012-02-26 Filip Pizlo - - DFG should support activations and nested functions - https://bugs.webkit.org/show_bug.cgi?id=79554 - - Reviewed by Sam Weinig. - - Fix 32-bit. The 32-bit function+activation code had some really weird - register reuse bugs. - - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - -2012-02-26 Filip Pizlo - - Getting the instruction stream for a code block should not require two loads - https://bugs.webkit.org/show_bug.cgi?id=79608 - - Reviewed by Sam Weinig. - - Introduced the RefCountedArray class, which contains a single inline pointer - to a ref-counted non-resizeable vector backing store. This satisfies the - requirements of CodeBlock, which desires the ability to share instruction - streams with other CodeBlocks. It also reduces the number of loads required - for getting the instruction stream by one. - - This patch also gets rid of the bytecode discarding logic, since we don't - use it anymore and it's unlikely to ever work right with DFG or LLInt. And - I didn't feel like porting dead code to use RefCountedArray. - - * GNUmakefile.list.am: - * JavaScriptCore.xcodeproj/project.pbxproj: - * bytecode/CodeBlock.cpp: - (JSC::instructionOffsetForNth): - (JSC::CodeBlock::dump): - (JSC::CodeBlock::CodeBlock): - (JSC::CodeBlock::finalizeUnconditionally): - (JSC::CodeBlock::handlerForBytecodeOffset): - (JSC::CodeBlock::lineNumberForBytecodeOffset): - (JSC::CodeBlock::expressionRangeForBytecodeOffset): - (JSC::CodeBlock::shrinkToFit): - * bytecode/CodeBlock.h: - (CodeBlock): - (JSC::CodeBlock::numberOfInstructions): - (JSC::CodeBlock::instructions): - (JSC::CodeBlock::instructionCount): - (JSC::CodeBlock::valueProfileForBytecodeOffset): - (JSC): - * bytecompiler/BytecodeGenerator.cpp: - (JSC::Label::setLocation): - (JSC): - (JSC::BytecodeGenerator::generate): - (JSC::BytecodeGenerator::newLabel): - * bytecompiler/BytecodeGenerator.h: - (JSC): - (BytecodeGenerator): - (JSC::BytecodeGenerator::instructions): - * bytecompiler/Label.h: - (JSC::Label::Label): - (Label): - * dfg/DFGByteCodeCache.h: - (JSC::DFG::ByteCodeCache::~ByteCodeCache): - (JSC::DFG::ByteCodeCache::get): - * jit/JITExceptions.cpp: - (JSC::genericThrow): - * llint/LowLevelInterpreter32_64.asm: - * runtime/Executable.cpp: - (JSC::EvalExecutable::compileInternal): - (JSC::ProgramExecutable::compileInternal): - (JSC::FunctionExecutable::codeBlockWithBytecodeFor): - (JSC::FunctionExecutable::produceCodeBlockFor): - * wtf/RefCountedArray.h: Added. - (WTF): - (RefCountedArray): - (WTF::RefCountedArray::RefCountedArray): - (WTF::RefCountedArray::operator=): - (WTF::RefCountedArray::~RefCountedArray): - (WTF::RefCountedArray::size): - (WTF::RefCountedArray::data): - (WTF::RefCountedArray::begin): - (WTF::RefCountedArray::end): - (WTF::RefCountedArray::at): - (WTF::RefCountedArray::operator[]): - (Header): - (WTF::RefCountedArray::Header::size): - (WTF::RefCountedArray::Header::payload): - (WTF::RefCountedArray::Header::fromPayload): - * wtf/Platform.h: - -2012-02-26 Yusuke Suzuki - - StringLiteral and NumericLiteral are allowed as ObjectLiteral getter / setter name - https://bugs.webkit.org/show_bug.cgi?id=79571 - - Reviewed by Gavin Barraclough. - - * parser/ASTBuilder.h: - (JSC::ASTBuilder::createGetterOrSetterProperty): - * parser/Parser.cpp: - (JSC::::parseProperty): - * parser/SyntaxChecker.h: - (JSC::SyntaxChecker::createGetterOrSetterProperty): - -2012-02-26 Mark Hahnenberg - - Implement fast path for op_new_array in the baseline JIT - https://bugs.webkit.org/show_bug.cgi?id=78612 - - Reviewed by Filip Pizlo. - - heap/CopiedAllocator.h: - (CopiedAllocator): Friended the JIT to allow access to m_currentOffset. - * heap/CopiedSpace.h: - (CopiedSpace): Friended the JIT to allow access to isOversize. - (JSC::CopiedSpace::allocator): - * heap/Heap.h: - (JSC::Heap::storageAllocator): Added a getter for the CopiedAllocator class so the JIT - can use it for simple allocation i.e. when we can just bump the offset without having to - do anything else. - * jit/JIT.cpp: - (JSC::JIT::privateCompileSlowCases): Added new slow case for op_new_array for when - we have to bail out because the fast allocation path fails for whatever reason. - * jit/JIT.h: - (JIT): - * jit/JITInlineMethods.h: - (JSC::JIT::emitAllocateBasicStorage): Added utility function that allows objects to - allocate generic backing stores. This function is used by emitAllocateJSArray. - (JSC): - (JSC::JIT::emitAllocateJSArray): Added utility function that allows the client to - more easily allocate JSArrays. This function is used by emit_op_new_array and I expect - it will also be used for emit_op_new_array_buffer. - * jit/JITOpcodes.cpp: - (JSC::JIT::emit_op_new_array): Changed to do inline allocation of JSArrays. Still does - a stub call for oversize arrays. - (JSC): - (JSC::JIT::emitSlow_op_new_array): New slow path that just bails out to a stub call if we - fail in any way on the fast path. - * runtime/JSArray.cpp: - (JSC): - * runtime/JSArray.h: Added lots of offset functions for all the fields that we need to - initialize in the JIT. - (ArrayStorage): - (JSC::ArrayStorage::lengthOffset): - (JSC::ArrayStorage::numValuesInVectorOffset): - (JSC::ArrayStorage::allocBaseOffset): - (JSC::ArrayStorage::vectorOffset): - (JSArray): - (JSC::JSArray::sparseValueMapOffset): - (JSC::JSArray::subclassDataOffset): - (JSC::JSArray::indexBiasOffset): - (JSC): - (JSC::JSArray::storageSize): Moved this function from being a static function in the cpp file - to being a static function in the JSArray class. This move allows the JIT to call it to - see what size it should allocate. - -2012-02-26 Patrick Gansterer - - Unreviewed. Build fix for ENABLE(CLASSIC_INTERPRETER) after r108681. - - * interpreter/Interpreter.cpp: - (JSC::getLineNumberForCallFrame): - (JSC::Interpreter::getStackTrace): - -2012-02-26 Patrick Gansterer - - Unreviewed. Build fix for !ENABLE(JIT) after r108681. - - * interpreter/Interpreter.cpp: - (JSC::getLineNumberForCallFrame): - -2012-02-25 Filip Pizlo - - LLInt assembly file should be split into 32-bit and 64-bit parts - https://bugs.webkit.org/show_bug.cgi?id=79584 - - Reviewed by Sam Weinig. - - Moved LowLevelInterpreter.asm to LowLevelInterpreter32_64.asm. Gave offlineasm - the ability to include files, and correctly track dependencies: it restricts - the include mechanism to using the same directory as the source file, and uses - the SHA1 hash of all .asm files in that directory as an input hash. - - * llint/LLIntOfflineAsmConfig.h: - * llint/LowLevelInterpreter.asm: - * llint/LowLevelInterpreter32_64.asm: Added. - - This is just the entire contents of what was previously LowLevelInterpreter.asm - * llint/LowLevelInterpreter64.asm: Added. - * offlineasm/asm.rb: - * offlineasm/ast.rb: - * offlineasm/generate_offset_extractor.rb: - * offlineasm/parser.rb: - * offlineasm/self_hash.rb: - -2012-02-25 Filip Pizlo - - Offlineasm should support X86_64 - https://bugs.webkit.org/show_bug.cgi?id=79581 - - Reviewed by Oliver Hunt. - - * llint/LLIntOfflineAsmConfig.h: - * offlineasm/backends.rb: - * offlineasm/instructions.rb: - * offlineasm/settings.rb: - * offlineasm/x86.rb: - -2012-02-25 Filip Pizlo - - DFG should support activations and nested functions - https://bugs.webkit.org/show_bug.cgi?id=79554 - - Reviewed by Oliver Hunt. - - Wrote the simplest possible implementation of activations. Big speed-up on - code that uses activations, no speed-up on major benchmarks (SunSpider, V8, - Kraken) because they do not appear to have sufficient coverage over code - that uses activations. - - * bytecode/PredictedType.cpp: - (JSC::predictionToString): - (JSC::predictionFromValue): - * bytecode/PredictedType.h: - (JSC): - (JSC::isEmptyPrediction): - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::execute): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::ByteCodeParser): - (ByteCodeParser): - (JSC::DFG::ByteCodeParser::parseBlock): - (JSC::DFG::ByteCodeParser::buildOperandMapsIfNecessary): - (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): - (JSC::DFG::ByteCodeParser::parse): - * dfg/DFGCapabilities.h: - (JSC::DFG::canCompileOpcode): - (JSC::DFG::canInlineOpcode): - * dfg/DFGGraph.h: - (JSC::DFG::Graph::needsActivation): - * dfg/DFGNode.h: - (DFG): - (JSC::DFG::Node::storageAccessDataIndex): - (Node): - (JSC::DFG::Node::hasFunctionDeclIndex): - (JSC::DFG::Node::functionDeclIndex): - (JSC::DFG::Node::hasFunctionExprIndex): - (JSC::DFG::Node::functionExprIndex): - * dfg/DFGOperations.cpp: - * dfg/DFGOperations.h: - * dfg/DFGPredictionPropagationPhase.cpp: - (JSC::DFG::PredictionPropagationPhase::propagate): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compileNewFunctionNoCheck): - (DFG): - (JSC::DFG::SpeculativeJIT::compileNewFunctionExpression): - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::callOperation): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - -2012-02-25 Benjamin Poulain - - Add an empty skeleton of KURL for WTFURL - https://bugs.webkit.org/show_bug.cgi?id=78990 - - Reviewed by Adam Barth. - - * JavaScriptCore.xcodeproj/project.pbxproj: Export the relevant classes from WTFURL - so that can use them in WebCore. - -2012-02-25 Filip Pizlo - - Unreviewed, fix build for DFG disabled and LLInt enabled. - - * jit/JIT.cpp: - (JSC::JIT::privateCompile): - * llint/LLIntSlowPaths.cpp: - (LLInt): - (JSC::LLInt::LLINT_SLOW_PATH_DECL): - -2012-02-25 Mark Hahnenberg - - Fix the CopiedBlock offset alignment in a cross platform fashion - https://bugs.webkit.org/show_bug.cgi?id=79556 - - Reviewed by Filip Pizlo. - - Replaced m_payload with a payload() method that calculates the offset - of the payload with the proper alignment. This change allows us to - avoid alignment-related issues in a cross-platform manner. - - * heap/CopiedAllocator.h: - (JSC::CopiedAllocator::currentUtilization): - * heap/CopiedBlock.h: - (JSC::CopiedBlock::CopiedBlock): - (JSC::CopiedBlock::payload): - (CopiedBlock): - * heap/CopiedSpace.cpp: - (JSC::CopiedSpace::doneFillingBlock): - * heap/CopiedSpaceInlineMethods.h: - (JSC::CopiedSpace::borrowBlock): - (JSC::CopiedSpace::allocateFromBlock): - -2012-02-24 Michael Saboff - - Unreviewed, Windows build fix. Changed signature in export to match - change made in r108858. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - -2012-02-24 Filip Pizlo - - DFG support for op_new_regexp should be enabled - https://bugs.webkit.org/show_bug.cgi?id=79538 - - Reviewed by Oliver Hunt. - - No performance change. - - * dfg/DFGCapabilities.h: - (JSC::DFG::canCompileOpcode): - * dfg/DFGCommon.h: - -2012-02-24 Michael Saboff - - ASSERT(position < 0) in JSC::Yarr::Interpreter::InputStream::readChecked - https://bugs.webkit.org/show_bug.cgi?id=73728 - - Reviewed by Gavin Barraclough. - - Fixed the mixing of signed and unsigned character indeces in YARR - interpreter. - - * runtime/RegExp.cpp: - (JSC::RegExp::match): Added code to check for match longer than 2^31 and - return no match after resetting the offsets. - * yarr/YarrInterpreter.cpp: Changed to use unsigned for all character index - handling except when matching back references. - (JSC::Yarr::Interpreter::InputStream::readChecked): - (JSC::Yarr::Interpreter::InputStream::checkInput): - (JSC::Yarr::Interpreter::InputStream::uncheckInput): - (JSC::Yarr::Interpreter::InputStream::atStart): - (JSC::Yarr::Interpreter::InputStream::atEnd): - (JSC::Yarr::Interpreter::InputStream::isAvailableInput): - (JSC::Yarr::Interpreter::checkCharacter): - (JSC::Yarr::Interpreter::checkCasedCharacter): - (JSC::Yarr::Interpreter::checkCharacterClass): - (JSC::Yarr::Interpreter::tryConsumeBackReference): - (JSC::Yarr::Interpreter::matchAssertionBOL): - (JSC::Yarr::Interpreter::matchAssertionWordBoundary): - (JSC::Yarr::Interpreter::backtrackPatternCharacter): - (JSC::Yarr::Interpreter::backtrackPatternCasedCharacter): - (JSC::Yarr::Interpreter::matchCharacterClass): - (JSC::Yarr::Interpreter::backtrackCharacterClass): - (JSC::Yarr::Interpreter::matchParenthesesOnceBegin): - (JSC::Yarr::Interpreter::matchDisjunction): - (JSC::Yarr::Interpreter::interpret): - (JSC::Yarr::ByteCompiler::assertionBOL): - (JSC::Yarr::ByteCompiler::assertionEOL): - (JSC::Yarr::ByteCompiler::assertionWordBoundary): - (JSC::Yarr::ByteCompiler::atomPatternCharacter): - (JSC::Yarr::ByteCompiler::atomCharacterClass): - (JSC::Yarr::ByteCompiler::atomBackReference): - (JSC::Yarr::ByteCompiler::atomParenthesesOnceBegin): - (JSC::Yarr::ByteCompiler::atomParenthesesTerminalBegin): - (JSC::Yarr::ByteCompiler::atomParenthesesSubpatternBegin): - (JSC::Yarr::ByteCompiler::atomParentheticalAssertionEnd): - (JSC::Yarr::ByteCompiler::emitDisjunction): - * yarr/YarrInterpreter.h: - -2012-02-24 Filip Pizlo - - Unreviewed, build fix for builds where the DFG is disabled but the LLInt is - enabled. - - * llint/LLIntOfflineAsmConfig.h: - * llint/LowLevelInterpreter.asm: - -2012-02-24 Filip Pizlo - - DFG should be able to handle variables getting captured - https://bugs.webkit.org/show_bug.cgi?id=79469 - - Reviewed by Oliver Hunt. - - Made captured variables work by placing a Flush on the SetLocal and - forcing the emission of the GetLocal even if copy propagation tells us - who has the value. - - Changed the CFA and various prediction codes to understand that we can't - really prove anything about captured variables. Well, we could in the - future by just looking at what side effects are happening, but in this - first cut we just assume that we can't reason about captured variables. - - Also added a mode where the DFG pretends that all variables and arguments - got captured. Used this mode to harden the code. - - This is performance neutral. Capturing all variables is a slow down, but - not too big of one. This seems to predict that when we add activation - support, the amount of speed benefit we'll get from increased coverage - will far outweigh the pessimism that we'll have to endure for captured - variables. - - * bytecode/CodeType.h: - (JSC::codeTypeToString): - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::initialize): - (JSC::DFG::AbstractState::endBasicBlock): - (JSC::DFG::AbstractState::execute): - (JSC::DFG::AbstractState::merge): - * dfg/DFGAbstractState.h: - (AbstractState): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::getLocal): - (JSC::DFG::ByteCodeParser::setLocal): - (JSC::DFG::ByteCodeParser::getArgument): - (JSC::DFG::ByteCodeParser::setArgument): - (JSC::DFG::ByteCodeParser::flushArgument): - (JSC::DFG::ByteCodeParser::handleInlining): - (JSC::DFG::ByteCodeParser::processPhiStack): - (JSC::DFG::ByteCodeParser::parseCodeBlock): - (JSC::DFG::ByteCodeParser::parse): - * dfg/DFGCapabilities.h: - (JSC::DFG::mightInlineFunctionForCall): - (JSC::DFG::mightInlineFunctionForConstruct): - * dfg/DFGCommon.h: - * dfg/DFGGraph.h: - (JSC::DFG::Graph::needsActivation): - (Graph): - (JSC::DFG::Graph::argumentIsCaptured): - (JSC::DFG::Graph::localIsCaptured): - (JSC::DFG::Graph::isCaptured): - * dfg/DFGNode.h: - (JSC::DFG::Node::shouldGenerate): - * dfg/DFGPredictionPropagationPhase.cpp: - (JSC::DFG::PredictionPropagationPhase::propagate): - (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting): - * dfg/DFGSpeculativeJIT.cpp: - (DFG): - (JSC::DFG::ValueSource::dump): - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT.h: - (ValueSource): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGVirtualRegisterAllocationPhase.cpp: - (JSC::DFG::VirtualRegisterAllocationPhase::run): - -2012-02-24 Gavin Barraclough - - Should not allow malformed \x escapes - https://bugs.webkit.org/show_bug.cgi?id=79462 - - Reviewed by Oliver Hunt. - - * parser/Lexer.cpp: - (JSC::::parseString): - (JSC::::parseStringSlowCase): - - Prohibit malformed '\x' escapes - * tests/mozilla/ecma/Array/15.4.5.1-1.js: - * tests/mozilla/ecma/LexicalConventions/7.7.4.js: - * tests/mozilla/ecma_2/RegExp/hex-001.js: - * tests/mozilla/js1_2/regexp/hexadecimal.js: - - Remove erroneous test cases (correct behaviour is tested by LayoutTests/sputnik). - -2012-02-24 Daniel Bates - - Fix change log entry for changeset r108819; add bug URL - https://bugs.webkit.org/show_bug.cgi?id=79504 - - Changeset r108819 is associated with bug #79504. - - * ChangeLog - -2012-02-24 Daniel Bates - - Substitute ENABLE(CLASSIC_INTERPRETER) for ENABLE(INTERPRETER) in Interpreter.cpp - https://bugs.webkit.org/show_bug.cgi?id=79504 - - Reviewed by Oliver Hunt. - - There are a few places in Interpreter.cpp that need to be updated to use - ENABLE(CLASSIC_INTERPRETER) following the renaming of ENABLE_INTERPRETER to - ENABLE_CLASSIC_INTERPRETER in changeset - (https://bugs.webkit.org/show_bug.cgi?id=78791). - - * interpreter/Interpreter.cpp: - (JSC::getLineNumberForCallFrame): - (JSC::getCallerInfo): - (JSC::getSourceURLFromCallFrame): - -2012-02-24 Adam Roben - - Undo the BUILDING_WTF part of r108808 - - This broke the build, which is obviously worse than the linker warning it was trying to - solve. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops: - -2012-02-24 Adam Roben - - Fix linker warnings on Windows - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed symbols that are already - exported via JS_EXPORTDATA. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops: Define BUILDING_WTF. We - aren't actually building WTF, but we are statically linking it, so we need to define this - symbol so that we export WTF's exports. - -2012-02-24 Philippe Normand - - Fix GTK WebAudio build for WebKitGTK 1.7.90. - - Patch by Priit Laes on 2012-02-24 - Rubber-stamped by Philippe Normand. - - * GNUmakefile.list.am: Add Complex.h to the list of files so it - gets disted in the tarballs. - -2012-02-24 Zoltan Herczeg - - [Qt] Buildfix for "Zero out CopiedBlocks on initialization". - https://bugs.webkit.org/show_bug.cgi?id=79199 - - Ruber stamped by Csaba Osztrogonác. - - Temporary fix since the new member wastes a little space on - 64 bit systems. Although it is harmless, it is only needed - for 32 bit systems. - - * heap/CopiedBlock.h: - (CopiedBlock): - -2012-02-24 Han Hojong - - Remove useless jump instructions for short circuit - https://bugs.webkit.org/show_bug.cgi?id=75602 - - Reviewed by Michael Saboff. - - Jump instruction is inserted to make short circuit, - however it does nothing but moving to the next instruction. - Therefore useless jump instructions are removed, - and jump list is moved into the case not for a short circuit, - so that only necessary instructions are added to JIT code - unless it has a 16 bit pattern character and an 8 bit string. - - * yarr/YarrJIT.cpp: - (JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy): - (JSC::Yarr::YarrGenerator::backtrackPatternCharacterNonGreedy): - -2012-02-24 Sheriff Bot - - Unreviewed, rolling out r108731. - http://trac.webkit.org/changeset/108731 - https://bugs.webkit.org/show_bug.cgi?id=79464 - - Broke Chromium Win tests (Requested by bashi on #webkit). - - * wtf/Platform.h: - -2012-02-24 Andrew Lo - - [BlackBerry] Enable requestAnimationFrame - https://bugs.webkit.org/show_bug.cgi?id=79408 - - Use timer implementation of requestAnimationFrame on BlackBerry. - - Reviewed by Rob Buis. - - * wtf/Platform.h: - -2012-02-24 Mathias Bynens - - `\u200c` and `\u200d` should be allowed in IdentifierPart, as per ES5 - https://bugs.webkit.org/show_bug.cgi?id=78908 - - Add additional checks for zero-width non-joiner (0x200C) and - zero-width joiner (0x200D) characters. - - Reviewed by Michael Saboff. - - * parser/Lexer.cpp: - (JSC::isNonASCIIIdentPart) - * runtime/LiteralParser.cpp: - (JSC::::Lexer::lexIdentifier) - -2012-02-23 Kenichi Ishibashi - - Adding WebSocket per-frame DEFLATE extension - https://bugs.webkit.org/show_bug.cgi?id=77522 - - Added USE(ZLIB) flag. - - Reviewed by Kent Tamura. - - * wtf/Platform.h: - -2012-02-23 Mark Hahnenberg - - Zero out CopiedBlocks on initialization - https://bugs.webkit.org/show_bug.cgi?id=79199 - - Reviewed by Filip Pizlo. - - Made CopyBlocks zero their payloads during construction. This allows - JSArray to avoid having to manually clear its backing store upon allocation - and also alleviates any future pain with regard to the garbage collector trying - to mark what it thinks are values in what is actually uninitialized memory. - - * heap/CopiedBlock.h: - (JSC::CopiedBlock::CopiedBlock): - * runtime/JSArray.cpp: - (JSC::JSArray::finishCreation): - (JSC::JSArray::tryFinishCreationUninitialized): - (JSC::JSArray::increaseVectorLength): - (JSC::JSArray::unshiftCountSlowCase): - -2012-02-23 Oliver Hunt - - Make Interpreter::getStackTrace be able to generate the line number for the top callframe if none is provided - https://bugs.webkit.org/show_bug.cgi?id=79407 - - Reviewed by Gavin Barraclough. - - Outside of exception handling, we don't know what our source line number is. This - change allows us to pass -1 is as the initial line number, and get the correct line - number in the resultant stack trace. We can't completely elide the initial line - number (yet) due to some idiosyncrasies of the exception handling machinery. - - * interpreter/Interpreter.cpp: - (JSC::getLineNumberForCallFrame): - (JSC): - (JSC::Interpreter::getStackTrace): - -2012-02-22 Filip Pizlo - - DFG OSR exit value profiling should have graceful handling of local variables and arguments - https://bugs.webkit.org/show_bug.cgi?id=79310 - - Reviewed by Gavin Barraclough. - - Previously, if we OSR exited because a prediction in a local was wrong, we'd - only realize what the true type of the local was if the regular value profiling - kicked in and told us. Unless the local was block-locally copy propagated, in - which case we'd know from an OSR exit profile. - - This patch adds OSR exit profiling to all locals and arguments. Now, if we OSR - exit because of a mispredicted local or argument type, we'll know what the type of - the local or argument should be immediately upon exiting. - - The way that local variable OSR exit profiling works is that we now have a lazily - added set of OSR-exit-only value profiles for exit sites that are BadType and that - cited a GetLocal as their value source. The value profiles are only added if the - OSR exit is taken, and are keyed by CodeBlock, bytecode index of the GetLocal, and - operand. The look-up is performed by querying the - CompressedLazyOperandValueProfileHolder in the CodeBlock, using a key that contains - the bytecode index and the operand. Because the value profiles are added at random - times, they are not sorted; instead they are just stored in an arbitrarily-ordered - SegmentedVector. Look-ups are made fast by "decompressing": the DFG::ByteCodeParser - creates a LazyOperandValueProfileParser, which turns the - CompressedLazyOperandValueProfileHolder's contents into a HashMap for the duration - of DFG parsing. - - Previously, OSR exits had a pointer to the ValueProfile that had the specFailBucket - into which values observed during OSR exit would be placed. Now it uses a lazy - thunk for a ValueProfile. I call this the MethodOfGettingAValueProfile. It may - either contain a ValueProfile inside it (which works for previous uses of OSR exit - profiling) or it may just have knowledge of how to go about creating the - LazyOperandValueProfile in the case that the OSR exit is actually taken. This - ensures that we never have to create NumOperands*NumBytecodeIndices*NumCodeBlocks - value profiling buckets unless we actually did OSR exit on every single operand, - in every single instruction, in each code block (that's probably unlikely). - - This appears to be neutral on the major benchmarks, but is a double-digit speed-up - on code deliberately written to have data flow that spans basic blocks and where - the code exhibits post-optimization polymorphism in a local variable. - - * CMakeLists.txt: - * GNUmakefile.list.am: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: - * JavaScriptCore.xcodeproj/project.pbxproj: - * Target.pri: - * bytecode/CodeBlock.cpp: - (JSC::CodeBlock::stronglyVisitStrongReferences): - * bytecode/CodeBlock.h: - (CodeBlock): - (JSC::CodeBlock::lazyOperandValueProfiles): - * bytecode/LazyOperandValueProfile.cpp: Added. - (JSC): - (JSC::CompressedLazyOperandValueProfileHolder::CompressedLazyOperandValueProfileHolder): - (JSC::CompressedLazyOperandValueProfileHolder::~CompressedLazyOperandValueProfileHolder): - (JSC::CompressedLazyOperandValueProfileHolder::computeUpdatedPredictions): - (JSC::CompressedLazyOperandValueProfileHolder::add): - (JSC::LazyOperandValueProfileParser::LazyOperandValueProfileParser): - (JSC::LazyOperandValueProfileParser::~LazyOperandValueProfileParser): - (JSC::LazyOperandValueProfileParser::getIfPresent): - (JSC::LazyOperandValueProfileParser::prediction): - * bytecode/LazyOperandValueProfile.h: Added. - (JSC): - (LazyOperandValueProfileKey): - (JSC::LazyOperandValueProfileKey::LazyOperandValueProfileKey): - (JSC::LazyOperandValueProfileKey::operator!): - (JSC::LazyOperandValueProfileKey::operator==): - (JSC::LazyOperandValueProfileKey::hash): - (JSC::LazyOperandValueProfileKey::bytecodeOffset): - (JSC::LazyOperandValueProfileKey::operand): - (JSC::LazyOperandValueProfileKey::isHashTableDeletedValue): - (JSC::LazyOperandValueProfileKeyHash::hash): - (JSC::LazyOperandValueProfileKeyHash::equal): - (LazyOperandValueProfileKeyHash): - (WTF): - (JSC::LazyOperandValueProfile::LazyOperandValueProfile): - (LazyOperandValueProfile): - (JSC::LazyOperandValueProfile::key): - (CompressedLazyOperandValueProfileHolder): - (LazyOperandValueProfileParser): - * bytecode/MethodOfGettingAValueProfile.cpp: Added. - (JSC): - (JSC::MethodOfGettingAValueProfile::fromLazyOperand): - (JSC::MethodOfGettingAValueProfile::getSpecFailBucket): - * bytecode/MethodOfGettingAValueProfile.h: Added. - (JSC): - (MethodOfGettingAValueProfile): - (JSC::MethodOfGettingAValueProfile::MethodOfGettingAValueProfile): - (JSC::MethodOfGettingAValueProfile::operator!): - * bytecode/ValueProfile.cpp: Removed. - * bytecode/ValueProfile.h: - (JSC): - (ValueProfileBase): - (JSC::ValueProfileBase::ValueProfileBase): - (JSC::ValueProfileBase::dump): - (JSC::ValueProfileBase::computeUpdatedPrediction): - (JSC::MinimalValueProfile::MinimalValueProfile): - (ValueProfileWithLogNumberOfBuckets): - (JSC::ValueProfileWithLogNumberOfBuckets::ValueProfileWithLogNumberOfBuckets): - (JSC::ValueProfile::ValueProfile): - (JSC::getValueProfileBytecodeOffset): - (JSC::getRareCaseProfileBytecodeOffset): - * dfg/DFGByteCodeParser.cpp: - (ByteCodeParser): - (JSC::DFG::ByteCodeParser::injectLazyOperandPrediction): - (JSC::DFG::ByteCodeParser::getLocal): - (JSC::DFG::ByteCodeParser::getArgument): - (InlineStackEntry): - (JSC::DFG::ByteCodeParser::fixVariableAccessPredictions): - (DFG): - (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): - (JSC::DFG::ByteCodeParser::parse): - * dfg/DFGDriver.cpp: - (JSC::DFG::compile): - * dfg/DFGGraph.h: - (JSC::DFG::Graph::valueProfileFor): - (JSC::DFG::Graph::methodOfGettingAValueProfileFor): - (Graph): - * dfg/DFGNode.h: - (Node): - * dfg/DFGOSRExit.cpp: - (JSC::DFG::OSRExit::OSRExit): - * dfg/DFGOSRExit.h: - (OSRExit): - * dfg/DFGOSRExitCompiler32_64.cpp: - (JSC::DFG::OSRExitCompiler::compileExit): - * dfg/DFGOSRExitCompiler64.cpp: - (JSC::DFG::OSRExitCompiler::compileExit): - * dfg/DFGPhase.cpp: - (JSC::DFG::Phase::beginPhase): - (JSC::DFG::Phase::endPhase): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::checkArgumentTypes): - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::speculationCheck): - * dfg/DFGVariableAccessData.h: - (JSC::DFG::VariableAccessData::nonUnifiedPrediction): - (VariableAccessData): - -2012-02-23 Filip Pizlo - - Build fix. - - * llint/LLIntOffsetsExtractor.cpp: - -2012-02-23 Kevin Ollivier - - [wx] Build fix, disable LLINT for now and fix ENABLE defines for it. - - * llint/LLIntOffsetsExtractor.cpp: - * wtf/Platform.h: - -2012-02-23 Kevin Ollivier - - [wx] Build fix for non-Mac wx builds. - - * runtime/DatePrototype.cpp: - -2012-02-22 Filip Pizlo - - DFG's logic for emitting a Flush is too convoluted and contains an inaccurate comment - https://bugs.webkit.org/show_bug.cgi?id=79334 - - Reviewed by Oliver Hunt. - - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::getLocal): - (JSC::DFG::ByteCodeParser::getArgument): - (JSC::DFG::ByteCodeParser::flush): - -2012-02-23 Gavin Barraclough - - Object.isSealed / Object.isFrozen don't work for native objects - https://bugs.webkit.org/show_bug.cgi?id=79331 - - Reviewed by Sam Weinig. - - Need to inspect all properties, including static ones. - This exposes a couple of bugs in Array & Arguments: - - getOwnPropertyDescriptor doesn't correctly report the writable attribute of array length. - - Arguments object's defineOwnProperty does not handle callee/caller/length correctly. - - * runtime/Arguments.cpp: - (JSC::Arguments::defineOwnProperty): - - Add handling for callee/caller/length. - * runtime/JSArray.cpp: - (JSC::JSArray::getOwnPropertyDescriptor): - - report length's writability correctly. - * runtime/ObjectConstructor.cpp: - (JSC::objectConstructorSeal): - (JSC::objectConstructorFreeze): - (JSC::objectConstructorIsSealed): - (JSC::objectConstructorIsFrozen): - - Add spec-based implementation for non-final objects. - -2012-02-23 Gavin Barraclough - - pop of array hole should get from the prototype chain - https://bugs.webkit.org/show_bug.cgi?id=79338 - - Reviewed by Sam Weinig. - - * runtime/JSArray.cpp: - (JSC::JSArray::pop): - - If the fast fast vector case fails, more closely follow the spec. - -2012-02-23 Yong Li - - JSString::outOfMemory() should ASSERT(isRope()) rather than !isRope() - https://bugs.webkit.org/show_bug.cgi?id=79268 - - Reviewed by Michael Saboff. - - resolveRope() is the only caller of outOfMemory(), and it calls outOfMemory() - after it fails to allocate a buffer for m_value. So outOfMemory() should assert - isRope() rather than !isRope(). - - * runtime/JSString.cpp: - (JSC::JSString::outOfMemory): - -2012-02-23 Patrick Gansterer - - [CMake] Add WEBKIT_INCLUDE_CONFIG_FILES_IF_EXISTS macro - https://bugs.webkit.org/show_bug.cgi?id=79371 - - Reviewed by Daniel Bates. - - * CMakeLists.txt: - * shell/CMakeLists.txt: - * wtf/CMakeLists.txt: - -2012-02-23 Aron Rosenberg - - Fix the PRI macros used in WTF::String formatters to be compatible with Qt and Visual Studio 2005 and newer. - https://bugs.webkit.org/show_bug.cgi?id=76210 - - Add compile time check for Visual Studio 2005 or newer. - - Reviewed by Simon Hausmann. - - * os-win32/inttypes.h: - -2012-02-22 Gavin Barraclough - - Implement [[DefineOwnProperty]] for the arguments object - https://bugs.webkit.org/show_bug.cgi?id=79309 - - Reviewed by Sam Weinig. - - * runtime/Arguments.cpp: - (JSC::Arguments::deletePropertyByIndex): - (JSC::Arguments::deleteProperty): - - Deleting an argument should also delete the copy on the object, if any. - (JSC::Arguments::defineOwnProperty): - - Defining a property may override the live mapping. - * runtime/Arguments.h: - (Arguments): - -2012-02-22 Gavin Barraclough - - Fix Object.freeze for non-final objects. - https://bugs.webkit.org/show_bug.cgi?id=79286 - - Reviewed by Oliver Hunt. - - For vanilla objects we implement this with a single transition, for objects - with special properties we should just follow the spec defined algorithm. - - * runtime/JSArray.cpp: - (JSC::SparseArrayValueMap::put): - - this does need to handle inextensible objects. - * runtime/ObjectConstructor.cpp: - (JSC::objectConstructorSeal): - (JSC::objectConstructorFreeze): - - Implement spec defined algorithm for non-final objects. - * runtime/Structure.cpp: - (JSC::Structure::Structure): - (JSC::Structure::freezeTransition): - - freeze should set m_hasReadOnlyOrGetterSetterPropertiesExcludingProto. - * runtime/Structure.h: - (JSC::Structure::hasReadOnlyOrGetterSetterPropertiesExcludingProto): - (JSC::Structure::setHasGetterSetterProperties): - (JSC::Structure::setContainsReadOnlyProperties): - (Structure): - - renamed m_hasReadOnlyOrGetterSetterPropertiesExcludingProto. - -2012-02-22 Mark Hahnenberg - - Allocations from CopiedBlocks should always be 8-byte aligned - https://bugs.webkit.org/show_bug.cgi?id=79271 - - Reviewed by Geoffrey Garen. - - * heap/CopiedAllocator.h: - (JSC::CopiedAllocator::allocate): - * heap/CopiedBlock.h: Changed to add padding so that the start of the payload is always - guaranteed to be 8 byte aligned on both 64- and 32-bit platforms. - (CopiedBlock): - * heap/CopiedSpace.cpp: Changed all assertions of isPointerAligned to is8ByteAligned. - (JSC::CopiedSpace::tryAllocateOversize): - (JSC::CopiedSpace::getFreshBlock): - * heap/CopiedSpaceInlineMethods.h: - (JSC::CopiedSpace::allocateFromBlock): - * runtime/JSArray.h: - (ArrayStorage): Added padding for ArrayStorage to make sure that it is always 8 byte - aligned on both 64- and 32-bit platforms. - * wtf/StdLibExtras.h: - (WTF::is8ByteAligned): Added new utility function that functions similarly to the - way isPointerAligned does, but it just always checks for 8 byte alignment. - (WTF): - -2012-02-22 Sheriff Bot - - Unreviewed, rolling out r108456. - http://trac.webkit.org/changeset/108456 - https://bugs.webkit.org/show_bug.cgi?id=79223 - - Broke fast/regex/pcre-test-4.html and cannot find anyone on - IRC (Requested by zherczeg on #webkit). - - * yarr/YarrJIT.cpp: - (JSC::Yarr::YarrGenerator::backtrackPatternCharacterGreedy): - -2012-02-22 Sheriff Bot - - Unreviewed, rolling out r108468. - http://trac.webkit.org/changeset/108468 - https://bugs.webkit.org/show_bug.cgi?id=79219 - - Broke Chromium Win release build (Requested by bashi on - #webkit). - - * wtf/Platform.h: - -2012-02-22 Kenichi Ishibashi - - Adding WebSocket per-frame DEFLATE extension - https://bugs.webkit.org/show_bug.cgi?id=77522 - - Added USE(ZLIB) flag. - - Reviewed by Kent Tamura. - - * wtf/Platform.h: - -2012-02-22 Hojong Han - - Short circuit fixed for a 16 bt pattern character and an 8 bit string. - https://bugs.webkit.org/show_bug.cgi?id=75602 - - Reviewed by Gavin Barraclough. - - * yarr/YarrJIT.cpp: - (JSC::Yarr::YarrGenerator::backtrackPatternCharacterGreedy): - -2012-02-21 Filip Pizlo - - Build fix for systems with case sensitive disks. - - * llint/LLIntOfflineAsmConfig.h: - -2012-02-21 Filip Pizlo - - JSC should be a triple-tier VM - https://bugs.webkit.org/show_bug.cgi?id=75812 - - - Reviewed by Gavin Barraclough. - - Implemented an interpreter that uses the JIT's calling convention. This - interpreter is called LLInt, or the Low Level Interpreter. JSC will now - will start by executing code in LLInt and will only tier up to the old - JIT after the code is proven hot. - - LLInt is written in a modified form of our macro assembly. This new macro - assembly is compiled by an offline assembler (see offlineasm), which - implements many modern conveniences such as a Turing-complete CPS-based - macro language and direct access to relevant C++ type information - (basically offsets of fields and sizes of structs/classes). - - Code executing in LLInt appears to the rest of the JSC world "as if" it - were executing in the old JIT. Hence, things like exception handling and - cross-execution-engine calls just work and require pretty much no - additional overhead. - - This interpreter is 2-2.5x faster than our old interpreter on SunSpider, - V8, and Kraken. With triple-tiering turned on, we're neutral on SunSpider, - V8, and Kraken, but appear to get a double-digit improvement on real-world - websites due to a huge reduction in the amount of JIT'ing. - - * CMakeLists.txt: - * GNUmakefile.am: - * GNUmakefile.list.am: - * JavaScriptCore.pri: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops: - * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: - * JavaScriptCore.xcodeproj/project.pbxproj: - * Target.pri: - * assembler/LinkBuffer.h: - * assembler/MacroAssemblerCodeRef.h: - (MacroAssemblerCodePtr): - (JSC::MacroAssemblerCodePtr::createFromExecutableAddress): - * bytecode/BytecodeConventions.h: Added. - * bytecode/CallLinkStatus.cpp: - (JSC::CallLinkStatus::computeFromLLInt): - (JSC): - (JSC::CallLinkStatus::computeFor): - * bytecode/CallLinkStatus.h: - (JSC::CallLinkStatus::isSet): - (JSC::CallLinkStatus::operator!): - (CallLinkStatus): - * bytecode/CodeBlock.cpp: - (JSC::CodeBlock::dump): - (JSC::CodeBlock::CodeBlock): - (JSC::CodeBlock::~CodeBlock): - (JSC::CodeBlock::finalizeUnconditionally): - (JSC::CodeBlock::stronglyVisitStrongReferences): - (JSC): - (JSC::CodeBlock::unlinkCalls): - (JSC::CodeBlock::unlinkIncomingCalls): - (JSC::CodeBlock::bytecodeOffset): - (JSC::ProgramCodeBlock::jettison): - (JSC::EvalCodeBlock::jettison): - (JSC::FunctionCodeBlock::jettison): - (JSC::ProgramCodeBlock::jitCompileImpl): - (JSC::EvalCodeBlock::jitCompileImpl): - (JSC::FunctionCodeBlock::jitCompileImpl): - * bytecode/CodeBlock.h: - (JSC): - (CodeBlock): - (JSC::CodeBlock::baselineVersion): - (JSC::CodeBlock::linkIncomingCall): - (JSC::CodeBlock::bytecodeOffset): - (JSC::CodeBlock::jitCompile): - (JSC::CodeBlock::hasOptimizedReplacement): - (JSC::CodeBlock::addPropertyAccessInstruction): - (JSC::CodeBlock::addGlobalResolveInstruction): - (JSC::CodeBlock::addLLIntCallLinkInfo): - (JSC::CodeBlock::addGlobalResolveInfo): - (JSC::CodeBlock::numberOfMethodCallLinkInfos): - (JSC::CodeBlock::valueProfilePredictionForBytecodeOffset): - (JSC::CodeBlock::likelyToTakeSlowCase): - (JSC::CodeBlock::couldTakeSlowCase): - (JSC::CodeBlock::likelyToTakeSpecialFastCase): - (JSC::CodeBlock::likelyToTakeDeepestSlowCase): - (JSC::CodeBlock::likelyToTakeAnySlowCase): - (JSC::CodeBlock::addFrequentExitSite): - (JSC::CodeBlock::dontJITAnytimeSoon): - (JSC::CodeBlock::jitAfterWarmUp): - (JSC::CodeBlock::jitSoon): - (JSC::CodeBlock::llintExecuteCounter): - (ProgramCodeBlock): - (EvalCodeBlock): - (FunctionCodeBlock): - * bytecode/GetByIdStatus.cpp: - (JSC::GetByIdStatus::computeFromLLInt): - (JSC): - (JSC::GetByIdStatus::computeFor): - * bytecode/GetByIdStatus.h: - (JSC::GetByIdStatus::GetByIdStatus): - (JSC::GetByIdStatus::wasSeenInJIT): - (GetByIdStatus): - * bytecode/Instruction.h: - (JSC): - (JSC::Instruction::Instruction): - (Instruction): - * bytecode/LLIntCallLinkInfo.h: Added. - (JSC): - (JSC::LLIntCallLinkInfo::LLIntCallLinkInfo): - (LLIntCallLinkInfo): - (JSC::LLIntCallLinkInfo::~LLIntCallLinkInfo): - (JSC::LLIntCallLinkInfo::isLinked): - (JSC::LLIntCallLinkInfo::unlink): - * bytecode/MethodCallLinkStatus.cpp: - (JSC::MethodCallLinkStatus::computeFor): - * bytecode/Opcode.cpp: - (JSC): - * bytecode/Opcode.h: - (JSC): - (JSC::padOpcodeName): - * bytecode/PutByIdStatus.cpp: - (JSC::PutByIdStatus::computeFromLLInt): - (JSC): - (JSC::PutByIdStatus::computeFor): - * bytecode/PutByIdStatus.h: - (PutByIdStatus): - * bytecompiler/BytecodeGenerator.cpp: - (JSC::BytecodeGenerator::emitResolve): - (JSC::BytecodeGenerator::emitResolveWithBase): - (JSC::BytecodeGenerator::emitGetById): - (JSC::BytecodeGenerator::emitPutById): - (JSC::BytecodeGenerator::emitDirectPutById): - (JSC::BytecodeGenerator::emitCall): - (JSC::BytecodeGenerator::emitConstruct): - (JSC::BytecodeGenerator::emitCatch): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit): - (JSC::DFG::ByteCodeParser::handleInlining): - (JSC::DFG::ByteCodeParser::parseBlock): - * dfg/DFGCapabilities.h: - (JSC::DFG::canCompileOpcode): - * dfg/DFGOSRExitCompiler.cpp: - * dfg/DFGOperations.cpp: - * heap/Heap.h: - (JSC): - (JSC::Heap::firstAllocatorWithoutDestructors): - (Heap): - * heap/MarkStack.cpp: - (JSC::visitChildren): - * heap/MarkedAllocator.h: - (JSC): - (MarkedAllocator): - * heap/MarkedSpace.h: - (JSC): - (MarkedSpace): - (JSC::MarkedSpace::firstAllocator): - * interpreter/CallFrame.cpp: - (JSC): - (JSC::CallFrame::bytecodeOffsetForNonDFGCode): - (JSC::CallFrame::setBytecodeOffsetForNonDFGCode): - (JSC::CallFrame::currentVPC): - (JSC::CallFrame::setCurrentVPC): - (JSC::CallFrame::trueCallerFrame): - * interpreter/CallFrame.h: - (JSC::ExecState::hasReturnPC): - (JSC::ExecState::clearReturnPC): - (ExecState): - (JSC::ExecState::bytecodeOffsetForNonDFGCode): - (JSC::ExecState::currentVPC): - (JSC::ExecState::setCurrentVPC): - * interpreter/Interpreter.cpp: - (JSC::Interpreter::Interpreter): - (JSC::Interpreter::~Interpreter): - (JSC): - (JSC::Interpreter::initialize): - (JSC::Interpreter::isOpcode): - (JSC::Interpreter::unwindCallFrame): - (JSC::getCallerInfo): - (JSC::Interpreter::privateExecute): - (JSC::Interpreter::retrieveLastCaller): - * interpreter/Interpreter.h: - (JSC): - (Interpreter): - (JSC::Interpreter::getOpcode): - (JSC::Interpreter::getOpcodeID): - (JSC::Interpreter::classicEnabled): - * interpreter/RegisterFile.h: - (JSC): - (RegisterFile): - * jit/ExecutableAllocator.h: - (JSC): - * jit/HostCallReturnValue.cpp: Added. - (JSC): - (JSC::getHostCallReturnValueWithExecState): - * jit/HostCallReturnValue.h: Added. - (JSC): - (JSC::initializeHostCallReturnValue): - * jit/JIT.cpp: - (JSC::JIT::privateCompileMainPass): - (JSC::JIT::privateCompileSlowCases): - (JSC::JIT::privateCompile): - * jit/JITCode.h: - (JSC::JITCode::isOptimizingJIT): - (JITCode): - (JSC::JITCode::isBaselineCode): - (JSC::JITCode::JITCode): - * jit/JITDriver.h: - (JSC::jitCompileIfAppropriate): - (JSC::jitCompileFunctionIfAppropriate): - * jit/JITExceptions.cpp: - (JSC::jitThrow): - * jit/JITInlineMethods.h: - (JSC::JIT::updateTopCallFrame): - * jit/JITStubs.cpp: - (JSC::DEFINE_STUB_FUNCTION): - (JSC): - * jit/JITStubs.h: - (JSC): - * jit/JSInterfaceJIT.h: - * llint: Added. - * llint/LLIntCommon.h: Added. - * llint/LLIntData.cpp: Added. - (LLInt): - (JSC::LLInt::Data::Data): - (JSC::LLInt::Data::performAssertions): - (JSC::LLInt::Data::~Data): - * llint/LLIntData.h: Added. - (JSC): - (LLInt): - (Data): - (JSC::LLInt::Data::exceptionInstructions): - (JSC::LLInt::Data::opcodeMap): - (JSC::LLInt::Data::performAssertions): - * llint/LLIntEntrypoints.cpp: Added. - (LLInt): - (JSC::LLInt::getFunctionEntrypoint): - (JSC::LLInt::getEvalEntrypoint): - (JSC::LLInt::getProgramEntrypoint): - * llint/LLIntEntrypoints.h: Added. - (JSC): - (LLInt): - (JSC::LLInt::getEntrypoint): - * llint/LLIntExceptions.cpp: Added. - (LLInt): - (JSC::LLInt::interpreterThrowInCaller): - (JSC::LLInt::returnToThrowForThrownException): - (JSC::LLInt::returnToThrow): - (JSC::LLInt::callToThrow): - * llint/LLIntExceptions.h: Added. - (JSC): - (LLInt): - * llint/LLIntOfflineAsmConfig.h: Added. - * llint/LLIntOffsetsExtractor.cpp: Added. - (JSC): - (LLIntOffsetsExtractor): - (JSC::LLIntOffsetsExtractor::dummy): - (main): - * llint/LLIntSlowPaths.cpp: Added. - (LLInt): - (JSC::LLInt::llint_trace_operand): - (JSC::LLInt::llint_trace_value): - (JSC::LLInt::LLINT_SLOW_PATH_DECL): - (JSC::LLInt::traceFunctionPrologue): - (JSC::LLInt::shouldJIT): - (JSC::LLInt::entryOSR): - (JSC::LLInt::resolveGlobal): - (JSC::LLInt::getByVal): - (JSC::LLInt::handleHostCall): - (JSC::LLInt::setUpCall): - (JSC::LLInt::genericCall): - * llint/LLIntSlowPaths.h: Added. - (JSC): - (LLInt): - * llint/LLIntThunks.cpp: Added. - (LLInt): - (JSC::LLInt::generateThunkWithJumpTo): - (JSC::LLInt::functionForCallEntryThunkGenerator): - (JSC::LLInt::functionForConstructEntryThunkGenerator): - (JSC::LLInt::functionForCallArityCheckThunkGenerator): - (JSC::LLInt::functionForConstructArityCheckThunkGenerator): - (JSC::LLInt::evalEntryThunkGenerator): - (JSC::LLInt::programEntryThunkGenerator): - * llint/LLIntThunks.h: Added. - (JSC): - (LLInt): - * llint/LowLevelInterpreter.asm: Added. - * llint/LowLevelInterpreter.cpp: Added. - * llint/LowLevelInterpreter.h: Added. - * offlineasm: Added. - * offlineasm/armv7.rb: Added. - * offlineasm/asm.rb: Added. - * offlineasm/ast.rb: Added. - * offlineasm/backends.rb: Added. - * offlineasm/generate_offset_extractor.rb: Added. - * offlineasm/instructions.rb: Added. - * offlineasm/offset_extractor_constants.rb: Added. - * offlineasm/offsets.rb: Added. - * offlineasm/opt.rb: Added. - * offlineasm/parser.rb: Added. - * offlineasm/registers.rb: Added. - * offlineasm/self_hash.rb: Added. - * offlineasm/settings.rb: Added. - * offlineasm/transform.rb: Added. - * offlineasm/x86.rb: Added. - * runtime/CodeSpecializationKind.h: Added. - (JSC): - * runtime/CommonSlowPaths.h: - (JSC::CommonSlowPaths::arityCheckFor): - (CommonSlowPaths): - * runtime/Executable.cpp: - (JSC::jettisonCodeBlock): - (JSC): - (JSC::EvalExecutable::jitCompile): - (JSC::samplingDescription): - (JSC::EvalExecutable::compileInternal): - (JSC::ProgramExecutable::jitCompile): - (JSC::ProgramExecutable::compileInternal): - (JSC::FunctionExecutable::baselineCodeBlockFor): - (JSC::FunctionExecutable::jitCompileForCall): - (JSC::FunctionExecutable::jitCompileForConstruct): - (JSC::FunctionExecutable::compileForCallInternal): - (JSC::FunctionExecutable::compileForConstructInternal): - * runtime/Executable.h: - (JSC): - (EvalExecutable): - (ProgramExecutable): - (FunctionExecutable): - (JSC::FunctionExecutable::jitCompileFor): - * runtime/ExecutionHarness.h: Added. - (JSC): - (JSC::prepareForExecution): - (JSC::prepareFunctionForExecution): - * runtime/JSArray.h: - (JSC): - (JSArray): - * runtime/JSCell.h: - (JSC): - (JSCell): - * runtime/JSFunction.h: - (JSC): - (JSFunction): - * runtime/JSGlobalData.cpp: - (JSC::JSGlobalData::JSGlobalData): - * runtime/JSGlobalData.h: - (JSC): - (JSGlobalData): - * runtime/JSGlobalObject.h: - (JSC): - (JSGlobalObject): - * runtime/JSObject.h: - (JSC): - (JSObject): - (JSFinalObject): - * runtime/JSPropertyNameIterator.h: - (JSC): - (JSPropertyNameIterator): - * runtime/JSString.h: - (JSC): - (JSString): - * runtime/JSTypeInfo.h: - (JSC): - (TypeInfo): - * runtime/JSValue.cpp: - (JSC::JSValue::description): - * runtime/JSValue.h: - (LLInt): - (JSValue): - * runtime/JSVariableObject.h: - (JSC): - (JSVariableObject): - * runtime/Options.cpp: - (Options): - (JSC::Options::initializeOptions): - * runtime/Options.h: - (Options): - * runtime/ScopeChain.h: - (JSC): - (ScopeChainNode): - * runtime/Structure.cpp: - (JSC::Structure::addPropertyTransition): - * runtime/Structure.h: - (JSC): - (Structure): - * runtime/StructureChain.h: - (JSC): - (StructureChain): - * wtf/InlineASM.h: - * wtf/Platform.h: - * wtf/SentinelLinkedList.h: - (SentinelLinkedList): - (WTF::SentinelLinkedList::isEmpty): - * wtf/text/StringImpl.h: - (JSC): - (StringImpl): - -2012-02-21 Oliver Hunt - - Unbreak double-typed arrays on ARMv7 - https://bugs.webkit.org/show_bug.cgi?id=79177 - - Reviewed by Gavin Barraclough. - - The existing code had completely broken address arithmetic. - - * JSCTypedArrayStubs.h: - (JSC): - * assembler/MacroAssemblerARMv7.h: - (JSC::MacroAssemblerARMv7::storeDouble): - (JSC::MacroAssemblerARMv7::storeFloat): - -2012-02-21 Gavin Barraclough - - Should be able to reconfigure a non-configurable property as read-only - https://bugs.webkit.org/show_bug.cgi?id=79170 - - Reviewed by Sam Weinig. - - See ES5.1 8.12.9 10.a.i - the spec prohibits making a read-only property writable, - but does not inhibit making a writable property read-only. - - * runtime/JSGlobalData.cpp: - (JSC::JSGlobalData::JSGlobalData): - * runtime/JSGlobalData.h: - (JSC::JSGlobalData::setInDefineOwnProperty): - (JSGlobalData): - (JSC::JSGlobalData::isInDefineOwnProperty): - - Added flag, tracking whether we are in JSObject::defineOwnProperty. - * runtime/JSObject.cpp: - (JSC::JSObject::deleteProperty): - (DefineOwnPropertyScope): - - Always allow properties to be deleted by DefineOwnProperty - assume it knows what it is doing! - (JSC::DefineOwnPropertyScope::DefineOwnPropertyScope): - (JSC::DefineOwnPropertyScope::~DefineOwnPropertyScope): - - Added RAII helper. - (JSC::JSObject::defineOwnProperty): - - Track on the globalData when we are in this method. - -2012-02-21 Oliver Hunt - - Make TypedArrays be available in commandline jsc - https://bugs.webkit.org/show_bug.cgi?id=79163 - - Reviewed by Gavin Barraclough. - - Adds a compile time option to have jsc support a basic implementation - of the TypedArrays available in WebCore. This lets us test the typed - array logic in the JIT witout having to build webcore. - - * JSCTypedArrayStubs.h: Added. - (JSC): - * JavaScriptCore.xcodeproj/project.pbxproj: - * jsc.cpp: - (GlobalObject::finishCreation): - (GlobalObject): - (GlobalObject::addConstructableFunction): - * runtime/JSGlobalData.h: - (JSGlobalData): - -2012-02-21 Tom Sepez - - equalIgnoringNullity() only comparing half the bytes for equality - https://bugs.webkit.org/show_bug.cgi?id=79135 - - Reviewed by Adam Barth. - - * wtf/text/StringImpl.h: - (WTF::equalIgnoringNullity): - -2012-02-21 Roland Takacs - - Unnecessary preprocessor macros in MainThread.h/cpp - https://bugs.webkit.org/show_bug.cgi?id=79083 - - Removed invalid/wrong PLATFORM(WINDOWS) preprocessor macro. - - * wtf/MainThread.cpp: - (WTF): - * wtf/MainThread.h: - (WTF): - -2012-02-21 Sam Weinig - - Attempt to fix the Snow Leopard build. - - * Configurations/Base.xcconfig: - -2012-02-21 Sam Weinig - - Use libc++ when building with Clang on Mac - https://bugs.webkit.org/show_bug.cgi?id=78981 - - Reviewed by Dan Bernstein. - - * Configurations/Base.xcconfig: - -2012-02-21 Adam Roben - - Roll out r108309, r108323, and r108326 - - They broke the 32-bit Lion build. - - Original bugs is . - - * CMakeLists.txt: - * GNUmakefile.am: - * GNUmakefile.list.am: - * JavaScriptCore.pri: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops: - * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: - * JavaScriptCore.xcodeproj/project.pbxproj: - * Target.pri: - * assembler/LinkBuffer.h: - * assembler/MacroAssemblerCodeRef.h: - * bytecode/BytecodeConventions.h: Removed. - * bytecode/CallLinkStatus.cpp: - * bytecode/CallLinkStatus.h: - * bytecode/CodeBlock.cpp: - * bytecode/CodeBlock.h: - * bytecode/GetByIdStatus.cpp: - * bytecode/GetByIdStatus.h: - * bytecode/Instruction.h: - * bytecode/LLIntCallLinkInfo.h: Removed. - * bytecode/MethodCallLinkStatus.cpp: - * bytecode/Opcode.cpp: - * bytecode/Opcode.h: - * bytecode/PutByIdStatus.cpp: - * bytecode/PutByIdStatus.h: - * bytecompiler/BytecodeGenerator.cpp: - * dfg/DFGByteCodeParser.cpp: - * dfg/DFGCapabilities.h: - * dfg/DFGOSRExitCompiler.cpp: - * dfg/DFGOperations.cpp: - * heap/Heap.h: - * heap/MarkStack.cpp: - * heap/MarkedAllocator.h: - * heap/MarkedSpace.h: - * interpreter/CallFrame.cpp: - * interpreter/CallFrame.h: - * interpreter/Interpreter.cpp: - * interpreter/Interpreter.h: - * interpreter/RegisterFile.h: - * jit/ExecutableAllocator.h: - * jit/HostCallReturnValue.cpp: Removed. - * jit/HostCallReturnValue.h: Removed. - * jit/JIT.cpp: - * jit/JITCode.h: - * jit/JITDriver.h: - * jit/JITExceptions.cpp: - * jit/JITInlineMethods.h: - * jit/JITStubs.cpp: - * jit/JITStubs.h: - * jit/JSInterfaceJIT.h: - * llint/LLIntCommon.h: Removed. - * llint/LLIntData.cpp: Removed. - * llint/LLIntData.h: Removed. - * llint/LLIntEntrypoints.cpp: Removed. - * llint/LLIntEntrypoints.h: Removed. - * llint/LLIntExceptions.cpp: Removed. - * llint/LLIntExceptions.h: Removed. - * llint/LLIntOfflineAsmConfig.h: Removed. - * llint/LLIntOffsetsExtractor.cpp: Removed. - * llint/LLIntSlowPaths.cpp: Removed. - * llint/LLIntSlowPaths.h: Removed. - * llint/LLIntThunks.cpp: Removed. - * llint/LLIntThunks.h: Removed. - * llint/LowLevelInterpreter.asm: Removed. - * llint/LowLevelInterpreter.cpp: Removed. - * llint/LowLevelInterpreter.h: Removed. - * offlineasm/armv7.rb: Removed. - * offlineasm/asm.rb: Removed. - * offlineasm/ast.rb: Removed. - * offlineasm/backends.rb: Removed. - * offlineasm/generate_offset_extractor.rb: Removed. - * offlineasm/instructions.rb: Removed. - * offlineasm/offset_extractor_constants.rb: Removed. - * offlineasm/offsets.rb: Removed. - * offlineasm/opt.rb: Removed. - * offlineasm/parser.rb: Removed. - * offlineasm/registers.rb: Removed. - * offlineasm/self_hash.rb: Removed. - * offlineasm/settings.rb: Removed. - * offlineasm/transform.rb: Removed. - * offlineasm/x86.rb: Removed. - * runtime/CodeSpecializationKind.h: Removed. - * runtime/CommonSlowPaths.h: - * runtime/Executable.cpp: - * runtime/Executable.h: - * runtime/ExecutionHarness.h: Removed. - * runtime/JSArray.h: - * runtime/JSCell.h: - * runtime/JSFunction.h: - * runtime/JSGlobalData.cpp: - * runtime/JSGlobalData.h: - * runtime/JSGlobalObject.h: - * runtime/JSObject.h: - * runtime/JSPropertyNameIterator.h: - * runtime/JSString.h: - * runtime/JSTypeInfo.h: - * runtime/JSValue.cpp: - * runtime/JSValue.h: - * runtime/JSVariableObject.h: - * runtime/Options.cpp: - * runtime/Options.h: - * runtime/ScopeChain.h: - * runtime/Structure.cpp: - * runtime/Structure.h: - * runtime/StructureChain.h: - * wtf/InlineASM.h: - * wtf/Platform.h: - * wtf/SentinelLinkedList.h: - * wtf/text/StringImpl.h: - -2012-02-21 Gustavo Noronha Silva and Bob Tracy - - Does not build on IA64, SPARC and Alpha - https://bugs.webkit.org/show_bug.cgi?id=79047 - - Rubber-stamped by Kent Tamura. - - * wtf/dtoa/utils.h: these architectures also have correct double - operations, so add them to the appropriate side of the check. - -2012-02-21 Filip Pizlo - - Fix massive crashes in all tests introduced by previous build fix, and fix non-DFG build. - https://bugs.webkit.org/show_bug.cgi?id=75812 - - Reviewed by Csaba Osztrogonác. - - * dfg/DFGOperations.cpp: - (JSC): - * jit/HostCallReturnValue.h: - (JSC::initializeHostCallReturnValue): - -2012-02-21 Filip Pizlo - - Attempted build fix for ELF platforms. - - * dfg/DFGOperations.cpp: - (JSC): - (JSC::getHostCallReturnValueWithExecState): - * jit/HostCallReturnValue.cpp: - (JSC): - * jit/HostCallReturnValue.h: - (JSC::initializeHostCallReturnValue): - -2012-02-20 Filip Pizlo - - JSC should be a triple-tier VM - https://bugs.webkit.org/show_bug.cgi?id=75812 - - - Reviewed by Gavin Barraclough. - - Implemented an interpreter that uses the JIT's calling convention. This - interpreter is called LLInt, or the Low Level Interpreter. JSC will now - will start by executing code in LLInt and will only tier up to the old - JIT after the code is proven hot. - - LLInt is written in a modified form of our macro assembly. This new macro - assembly is compiled by an offline assembler (see offlineasm), which - implements many modern conveniences such as a Turing-complete CPS-based - macro language and direct access to relevant C++ type information - (basically offsets of fields and sizes of structs/classes). - - Code executing in LLInt appears to the rest of the JSC world "as if" it - were executing in the old JIT. Hence, things like exception handling and - cross-execution-engine calls just work and require pretty much no - additional overhead. - - This interpreter is 2-2.5x faster than our old interpreter on SunSpider, - V8, and Kraken. With triple-tiering turned on, we're neutral on SunSpider, - V8, and Kraken, but appear to get a double-digit improvement on real-world - websites due to a huge reduction in the amount of JIT'ing. - - * CMakeLists.txt: - * GNUmakefile.am: - * GNUmakefile.list.am: - * JavaScriptCore.pri: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops: - * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: - * JavaScriptCore.xcodeproj/project.pbxproj: - * Target.pri: - * assembler/LinkBuffer.h: - * assembler/MacroAssemblerCodeRef.h: - (MacroAssemblerCodePtr): - (JSC::MacroAssemblerCodePtr::createFromExecutableAddress): - * bytecode/BytecodeConventions.h: Added. - * bytecode/CallLinkStatus.cpp: - (JSC::CallLinkStatus::computeFromLLInt): - (JSC): - (JSC::CallLinkStatus::computeFor): - * bytecode/CallLinkStatus.h: - (JSC::CallLinkStatus::isSet): - (JSC::CallLinkStatus::operator!): - (CallLinkStatus): - * bytecode/CodeBlock.cpp: - (JSC::CodeBlock::dump): - (JSC::CodeBlock::CodeBlock): - (JSC::CodeBlock::~CodeBlock): - (JSC::CodeBlock::finalizeUnconditionally): - (JSC::CodeBlock::stronglyVisitStrongReferences): - (JSC): - (JSC::CodeBlock::unlinkCalls): - (JSC::CodeBlock::unlinkIncomingCalls): - (JSC::CodeBlock::bytecodeOffset): - (JSC::ProgramCodeBlock::jettison): - (JSC::EvalCodeBlock::jettison): - (JSC::FunctionCodeBlock::jettison): - (JSC::ProgramCodeBlock::jitCompileImpl): - (JSC::EvalCodeBlock::jitCompileImpl): - (JSC::FunctionCodeBlock::jitCompileImpl): - * bytecode/CodeBlock.h: - (JSC): - (CodeBlock): - (JSC::CodeBlock::baselineVersion): - (JSC::CodeBlock::linkIncomingCall): - (JSC::CodeBlock::bytecodeOffset): - (JSC::CodeBlock::jitCompile): - (JSC::CodeBlock::hasOptimizedReplacement): - (JSC::CodeBlock::addPropertyAccessInstruction): - (JSC::CodeBlock::addGlobalResolveInstruction): - (JSC::CodeBlock::addLLIntCallLinkInfo): - (JSC::CodeBlock::addGlobalResolveInfo): - (JSC::CodeBlock::numberOfMethodCallLinkInfos): - (JSC::CodeBlock::valueProfilePredictionForBytecodeOffset): - (JSC::CodeBlock::likelyToTakeSlowCase): - (JSC::CodeBlock::couldTakeSlowCase): - (JSC::CodeBlock::likelyToTakeSpecialFastCase): - (JSC::CodeBlock::likelyToTakeDeepestSlowCase): - (JSC::CodeBlock::likelyToTakeAnySlowCase): - (JSC::CodeBlock::addFrequentExitSite): - (JSC::CodeBlock::dontJITAnytimeSoon): - (JSC::CodeBlock::jitAfterWarmUp): - (JSC::CodeBlock::jitSoon): - (JSC::CodeBlock::llintExecuteCounter): - (ProgramCodeBlock): - (EvalCodeBlock): - (FunctionCodeBlock): - * bytecode/GetByIdStatus.cpp: - (JSC::GetByIdStatus::computeFromLLInt): - (JSC): - (JSC::GetByIdStatus::computeFor): - * bytecode/GetByIdStatus.h: - (JSC::GetByIdStatus::GetByIdStatus): - (JSC::GetByIdStatus::wasSeenInJIT): - (GetByIdStatus): - * bytecode/Instruction.h: - (JSC): - (JSC::Instruction::Instruction): - (Instruction): - * bytecode/LLIntCallLinkInfo.h: Added. - (JSC): - (JSC::LLIntCallLinkInfo::LLIntCallLinkInfo): - (LLIntCallLinkInfo): - (JSC::LLIntCallLinkInfo::~LLIntCallLinkInfo): - (JSC::LLIntCallLinkInfo::isLinked): - (JSC::LLIntCallLinkInfo::unlink): - * bytecode/MethodCallLinkStatus.cpp: - (JSC::MethodCallLinkStatus::computeFor): - * bytecode/Opcode.cpp: - (JSC): - * bytecode/Opcode.h: - (JSC): - (JSC::padOpcodeName): - * bytecode/PutByIdStatus.cpp: - (JSC::PutByIdStatus::computeFromLLInt): - (JSC): - (JSC::PutByIdStatus::computeFor): - * bytecode/PutByIdStatus.h: - (PutByIdStatus): - * bytecompiler/BytecodeGenerator.cpp: - (JSC::BytecodeGenerator::emitResolve): - (JSC::BytecodeGenerator::emitResolveWithBase): - (JSC::BytecodeGenerator::emitGetById): - (JSC::BytecodeGenerator::emitPutById): - (JSC::BytecodeGenerator::emitDirectPutById): - (JSC::BytecodeGenerator::emitCall): - (JSC::BytecodeGenerator::emitConstruct): - (JSC::BytecodeGenerator::emitCatch): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit): - (JSC::DFG::ByteCodeParser::handleInlining): - (JSC::DFG::ByteCodeParser::parseBlock): - * dfg/DFGCapabilities.h: - (JSC::DFG::canCompileOpcode): - * dfg/DFGOSRExitCompiler.cpp: - * dfg/DFGOperations.cpp: - * heap/Heap.h: - (JSC): - (JSC::Heap::firstAllocatorWithoutDestructors): - (Heap): - * heap/MarkStack.cpp: - (JSC::visitChildren): - * heap/MarkedAllocator.h: - (JSC): - (MarkedAllocator): - * heap/MarkedSpace.h: - (JSC): - (MarkedSpace): - (JSC::MarkedSpace::firstAllocator): - * interpreter/CallFrame.cpp: - (JSC): - (JSC::CallFrame::bytecodeOffsetForNonDFGCode): - (JSC::CallFrame::setBytecodeOffsetForNonDFGCode): - (JSC::CallFrame::currentVPC): - (JSC::CallFrame::setCurrentVPC): - (JSC::CallFrame::trueCallerFrame): - * interpreter/CallFrame.h: - (JSC::ExecState::hasReturnPC): - (JSC::ExecState::clearReturnPC): - (ExecState): - (JSC::ExecState::bytecodeOffsetForNonDFGCode): - (JSC::ExecState::currentVPC): - (JSC::ExecState::setCurrentVPC): - * interpreter/Interpreter.cpp: - (JSC::Interpreter::Interpreter): - (JSC::Interpreter::~Interpreter): - (JSC): - (JSC::Interpreter::initialize): - (JSC::Interpreter::isOpcode): - (JSC::Interpreter::unwindCallFrame): - (JSC::getCallerInfo): - (JSC::Interpreter::privateExecute): - (JSC::Interpreter::retrieveLastCaller): - * interpreter/Interpreter.h: - (JSC): - (Interpreter): - (JSC::Interpreter::getOpcode): - (JSC::Interpreter::getOpcodeID): - (JSC::Interpreter::classicEnabled): - * interpreter/RegisterFile.h: - (JSC): - (RegisterFile): - * jit/ExecutableAllocator.h: - (JSC): - * jit/HostCallReturnValue.cpp: Added. - (JSC): - (JSC::getHostCallReturnValueWithExecState): - * jit/HostCallReturnValue.h: Added. - (JSC): - (JSC::initializeHostCallReturnValue): - * jit/JIT.cpp: - (JSC::JIT::privateCompileMainPass): - (JSC::JIT::privateCompileSlowCases): - (JSC::JIT::privateCompile): - * jit/JITCode.h: - (JSC::JITCode::isOptimizingJIT): - (JITCode): - (JSC::JITCode::isBaselineCode): - (JSC::JITCode::JITCode): - * jit/JITDriver.h: - (JSC::jitCompileIfAppropriate): - (JSC::jitCompileFunctionIfAppropriate): - * jit/JITExceptions.cpp: - (JSC::jitThrow): - * jit/JITInlineMethods.h: - (JSC::JIT::updateTopCallFrame): - * jit/JITStubs.cpp: - (JSC::DEFINE_STUB_FUNCTION): - (JSC): - * jit/JITStubs.h: - (JSC): - * jit/JSInterfaceJIT.h: - * llint: Added. - * llint/LLIntCommon.h: Added. - * llint/LLIntData.cpp: Added. - (LLInt): - (JSC::LLInt::Data::Data): - (JSC::LLInt::Data::performAssertions): - (JSC::LLInt::Data::~Data): - * llint/LLIntData.h: Added. - (JSC): - (LLInt): - (Data): - (JSC::LLInt::Data::exceptionInstructions): - (JSC::LLInt::Data::opcodeMap): - (JSC::LLInt::Data::performAssertions): - * llint/LLIntEntrypoints.cpp: Added. - (LLInt): - (JSC::LLInt::getFunctionEntrypoint): - (JSC::LLInt::getEvalEntrypoint): - (JSC::LLInt::getProgramEntrypoint): - * llint/LLIntEntrypoints.h: Added. - (JSC): - (LLInt): - (JSC::LLInt::getEntrypoint): - * llint/LLIntExceptions.cpp: Added. - (LLInt): - (JSC::LLInt::interpreterThrowInCaller): - (JSC::LLInt::returnToThrowForThrownException): - (JSC::LLInt::returnToThrow): - (JSC::LLInt::callToThrow): - * llint/LLIntExceptions.h: Added. - (JSC): - (LLInt): - * llint/LLIntOfflineAsmConfig.h: Added. - * llint/LLIntOffsetsExtractor.cpp: Added. - (JSC): - (LLIntOffsetsExtractor): - (JSC::LLIntOffsetsExtractor::dummy): - (main): - * llint/LLIntSlowPaths.cpp: Added. - (LLInt): - (JSC::LLInt::llint_trace_operand): - (JSC::LLInt::llint_trace_value): - (JSC::LLInt::LLINT_SLOW_PATH_DECL): - (JSC::LLInt::traceFunctionPrologue): - (JSC::LLInt::shouldJIT): - (JSC::LLInt::entryOSR): - (JSC::LLInt::resolveGlobal): - (JSC::LLInt::getByVal): - (JSC::LLInt::handleHostCall): - (JSC::LLInt::setUpCall): - (JSC::LLInt::genericCall): - * llint/LLIntSlowPaths.h: Added. - (JSC): - (LLInt): - * llint/LLIntThunks.cpp: Added. - (LLInt): - (JSC::LLInt::generateThunkWithJumpTo): - (JSC::LLInt::functionForCallEntryThunkGenerator): - (JSC::LLInt::functionForConstructEntryThunkGenerator): - (JSC::LLInt::functionForCallArityCheckThunkGenerator): - (JSC::LLInt::functionForConstructArityCheckThunkGenerator): - (JSC::LLInt::evalEntryThunkGenerator): - (JSC::LLInt::programEntryThunkGenerator): - * llint/LLIntThunks.h: Added. - (JSC): - (LLInt): - * llint/LowLevelInterpreter.asm: Added. - * llint/LowLevelInterpreter.cpp: Added. - * llint/LowLevelInterpreter.h: Added. - * offlineasm: Added. - * offlineasm/armv7.rb: Added. - * offlineasm/asm.rb: Added. - * offlineasm/ast.rb: Added. - * offlineasm/backends.rb: Added. - * offlineasm/generate_offset_extractor.rb: Added. - * offlineasm/instructions.rb: Added. - * offlineasm/offset_extractor_constants.rb: Added. - * offlineasm/offsets.rb: Added. - * offlineasm/opt.rb: Added. - * offlineasm/parser.rb: Added. - * offlineasm/registers.rb: Added. - * offlineasm/self_hash.rb: Added. - * offlineasm/settings.rb: Added. - * offlineasm/transform.rb: Added. - * offlineasm/x86.rb: Added. - * runtime/CodeSpecializationKind.h: Added. - (JSC): - * runtime/CommonSlowPaths.h: - (JSC::CommonSlowPaths::arityCheckFor): - (CommonSlowPaths): - * runtime/Executable.cpp: - (JSC::jettisonCodeBlock): - (JSC): - (JSC::EvalExecutable::jitCompile): - (JSC::samplingDescription): - (JSC::EvalExecutable::compileInternal): - (JSC::ProgramExecutable::jitCompile): - (JSC::ProgramExecutable::compileInternal): - (JSC::FunctionExecutable::baselineCodeBlockFor): - (JSC::FunctionExecutable::jitCompileForCall): - (JSC::FunctionExecutable::jitCompileForConstruct): - (JSC::FunctionExecutable::compileForCallInternal): - (JSC::FunctionExecutable::compileForConstructInternal): - * runtime/Executable.h: - (JSC): - (EvalExecutable): - (ProgramExecutable): - (FunctionExecutable): - (JSC::FunctionExecutable::jitCompileFor): - * runtime/ExecutionHarness.h: Added. - (JSC): - (JSC::prepareForExecution): - (JSC::prepareFunctionForExecution): - * runtime/JSArray.h: - (JSC): - (JSArray): - * runtime/JSCell.h: - (JSC): - (JSCell): - * runtime/JSFunction.h: - (JSC): - (JSFunction): - * runtime/JSGlobalData.cpp: - (JSC::JSGlobalData::JSGlobalData): - * runtime/JSGlobalData.h: - (JSC): - (JSGlobalData): - * runtime/JSGlobalObject.h: - (JSC): - (JSGlobalObject): - * runtime/JSObject.h: - (JSC): - (JSObject): - (JSFinalObject): - * runtime/JSPropertyNameIterator.h: - (JSC): - (JSPropertyNameIterator): - * runtime/JSString.h: - (JSC): - (JSString): - * runtime/JSTypeInfo.h: - (JSC): - (TypeInfo): - * runtime/JSValue.cpp: - (JSC::JSValue::description): - * runtime/JSValue.h: - (LLInt): - (JSValue): - * runtime/JSVariableObject.h: - (JSC): - (JSVariableObject): - * runtime/Options.cpp: - (Options): - (JSC::Options::initializeOptions): - * runtime/Options.h: - (Options): - * runtime/ScopeChain.h: - (JSC): - (ScopeChainNode): - * runtime/Structure.cpp: - (JSC::Structure::addPropertyTransition): - * runtime/Structure.h: - (JSC): - (Structure): - * runtime/StructureChain.h: - (JSC): - (StructureChain): - * wtf/InlineASM.h: - * wtf/Platform.h: - * wtf/SentinelLinkedList.h: - (SentinelLinkedList): - (WTF::SentinelLinkedList::isEmpty): - * wtf/text/StringImpl.h: - (JSC): - (StringImpl): - -2012-02-20 Filip Pizlo - - Unreviewed, rolling out http://trac.webkit.org/changeset/108291 - It completely broke the 32-bit JIT. - - * heap/CopiedAllocator.h: - * heap/CopiedSpace.h: - (CopiedSpace): - * heap/Heap.h: - (JSC::Heap::allocatorForObjectWithDestructor): - * jit/JIT.cpp: - (JSC::JIT::privateCompileSlowCases): - * jit/JIT.h: - (JIT): - * jit/JITInlineMethods.h: - (JSC): - * jit/JITOpcodes.cpp: - (JSC::JIT::emit_op_new_array): - * runtime/JSArray.cpp: - (JSC::storageSize): - (JSC): - * runtime/JSArray.h: - (ArrayStorage): - (JSArray): - -2012-02-20 Gavin Barraclough - - [[Put]] should throw if prototype chain contains a readonly property. - https://bugs.webkit.org/show_bug.cgi?id=79069 - - Reviewed by Oliver Hunt. - - Currently we only check the base of the put, not the prototype chain. - Fold this check in with the test for accessors. - - * runtime/JSObject.cpp: - (JSC::JSObject::put): - - Updated to test all objects in the propotype chain for readonly properties. - (JSC::JSObject::putDirectAccessor): - (JSC::putDescriptor): - - Record the presence of readonly properties on the structure. - * runtime/Structure.cpp: - (JSC::Structure::Structure): - - hasGetterSetterPropertiesExcludingProto expanded to hasReadOnlyOrGetterSetterPropertiesExcludingProto. - * runtime/Structure.h: - (JSC::Structure::hasReadOnlyOrGetterSetterPropertiesExcludingProto): - (JSC::Structure::setHasGetterSetterProperties): - - hasGetterSetterPropertiesExcludingProto expanded to hasReadOnlyOrGetterSetterPropertiesExcludingProto. - (JSC::Structure::setContainsReadOnlyProperties): - - Added. - -2012-02-20 Mark Hahnenberg - - Implement fast path for op_new_array in the baseline JIT - https://bugs.webkit.org/show_bug.cgi?id=78612 - - Reviewed by Filip Pizlo. - - * heap/CopiedAllocator.h: - (CopiedAllocator): Friended the JIT to allow access to m_currentOffset. - * heap/CopiedSpace.h: - (CopiedSpace): Friended the JIT to allow access to - (JSC::CopiedSpace::allocator): - * heap/Heap.h: - (JSC::Heap::storageAllocator): Added a getter for the CopiedAllocator class so the JIT - can use it for simple allocation i.e. when we can just bump the offset without having to - do anything else. - * jit/JIT.cpp: - (JSC::JIT::privateCompileSlowCases): Added new slow case for op_new_array for when - we have to bail out because the fast allocation path fails for whatever reason. - * jit/JIT.h: - (JIT): - * jit/JITInlineMethods.h: - (JSC::JIT::emitAllocateBasicStorage): Added utility function that allows objects to - allocate generic backing stores. This function is used by emitAllocateJSArray. - (JSC): - (JSC::JIT::emitAllocateJSArray): Added utility function that allows the client to - more easily allocate JSArrays. This function is used by emit_op_new_array and I expect - it will also be used for emit_op_new_array_buffer. - * jit/JITOpcodes.cpp: - (JSC::JIT::emit_op_new_array): Changed to do inline allocation of JSArrays. Still does - a stub call for oversize arrays. - (JSC): - (JSC::JIT::emitSlow_op_new_array): Just bails out to a stub call if we fail in any way on - the fast path. - * runtime/JSArray.cpp: - (JSC): - * runtime/JSArray.h: Added lots of offset functions for all the fields that we need to - initialize in the JIT. - (ArrayStorage): - (JSC::ArrayStorage::lengthOffset): - (JSC::ArrayStorage::numValuesInVectorOffset): - (JSC::ArrayStorage::allocBaseOffset): - (JSC::ArrayStorage::vectorOffset): - (JSArray): - (JSC::JSArray::sparseValueMapOffset): - (JSC::JSArray::subclassDataOffset): - (JSC::JSArray::indexBiasOffset): - (JSC): - (JSC::JSArray::storageSize): Moved this function from being a static function in the cpp file - to being a static function in the JSArray class. This move allows the JIT to call it to - see what size it should allocate. - -2012-02-20 Gavin Barraclough - - DefineOwnProperty fails with numeric properties & Object.prototype - https://bugs.webkit.org/show_bug.cgi?id=79059 - - Reviewed by Oliver Hunt. - - ObjectPrototype caches whether it contains any numeric properties (m_hasNoPropertiesWithUInt32Names), - calls to defineOwnProperty need to update this cache. - - * runtime/ObjectPrototype.cpp: - (JSC::ObjectPrototype::put): - (JSC::ObjectPrototype::defineOwnProperty): - (JSC): - (JSC::ObjectPrototype::getOwnPropertySlotByIndex): - * runtime/ObjectPrototype.h: - (ObjectPrototype): - -2012-02-20 Pino Toscano - - Does not build on GNU Hurd - https://bugs.webkit.org/show_bug.cgi?id=79045 - - Reviewed by Gustavo Noronha Silva. - - * wtf/Platform.h: define WTF_OS_HURD. - * wtf/ThreadIdentifierDataPthreads.cpp: adds a band-aid fix - for the lack of PTHREAD_KEYS_MAX definition, with a value which - should not cause issues. - -2012-02-20 Gavin Barraclough - - Unreviewed windows build fix. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - -2012-02-20 Mark Hahnenberg - - Undoing accidental changes - - * heap/Heap.cpp: - (JSC::Heap::collectAllGarbage): - -2012-02-20 Mark Hahnenberg - - Factor out allocation in CopySpace into a separate CopyAllocator - https://bugs.webkit.org/show_bug.cgi?id=78610 - - Reviewed by Oliver Hunt. - - Added a new CopyAllocator class, which allows us to do allocations without - having to load the current offset and store the current offset in the current - block. This change will allow us to easily do inline assembly in the JIT for - array allocations. - - * GNUmakefile.list.am: - * JavaScriptCore.gypi: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: - * JavaScriptCore.xcodeproj/project.pbxproj: - * heap/CopiedAllocator.h: Added. - (JSC): - (CopiedAllocator): - (JSC::CopiedAllocator::currentBlock): - (JSC::CopiedAllocator::CopiedAllocator): - (JSC::CopiedAllocator::allocate): - (JSC::CopiedAllocator::fitsInCurrentBlock): - (JSC::CopiedAllocator::wasLastAllocation): - (JSC::CopiedAllocator::startedCopying): - (JSC::CopiedAllocator::resetCurrentBlock): - (JSC::CopiedAllocator::currentUtilization): - (JSC::CopiedAllocator::resetLastAllocation): - * heap/CopiedBlock.h: - (CopiedBlock): - * heap/CopiedSpace.cpp: Moved some stuff from CopiedSpaceInlineMethods to here because we - weren't really getting any benefits from having such big functions in a header file. - (JSC::CopiedSpace::CopiedSpace): - (JSC): - (JSC::CopiedSpace::init): - (JSC::CopiedSpace::tryAllocateSlowCase): - (JSC::CopiedSpace::tryAllocateOversize): - (JSC::CopiedSpace::tryReallocate): - (JSC::CopiedSpace::tryReallocateOversize): - (JSC::CopiedSpace::doneFillingBlock): - (JSC::CopiedSpace::doneCopying): - (JSC::CopiedSpace::getFreshBlock): - * heap/CopiedSpace.h: - (CopiedSpace): - * heap/CopiedSpaceInlineMethods.h: - (JSC): - (JSC::CopiedSpace::startedCopying): - (JSC::CopiedSpace::addNewBlock): - (JSC::CopiedSpace::allocateNewBlock): - (JSC::CopiedSpace::fitsInBlock): - (JSC::CopiedSpace::tryAllocate): - (JSC::CopiedSpace::allocateFromBlock): - * heap/Heap.cpp: - (JSC::Heap::collectAllGarbage): - * heap/HeapBlock.h: - (HeapBlock): - -2012-02-20 Patrick Gansterer - - Fix Visual Studio 2010 build. - - * bytecompiler/NodesCodegen.cpp: - (JSC::PropertyListNode::emitBytecode): - -2012-02-16 Gavin Barraclough - - Move special __proto__ property to Object.prototype - https://bugs.webkit.org/show_bug.cgi?id=78409 - - Reviewed by Oliver Hunt. - - Re-implement this as a regular accessor property. This has three key benefits: - 1) It makes it possible for objects to be given properties named __proto__. - 2) Object.prototype.__proto__ can be deleted, preventing object prototypes from being changed. - 3) This largely removes the magic used the implement __proto__, it can just be made a regular accessor property. - - * parser/Parser.cpp: - (JSC::::parseFunctionInfo): - - No need to prohibit functions named __proto__. - * runtime/JSGlobalObject.cpp: - (JSC::JSGlobalObject::reset): - - Add __proto__ accessor to Object.prototype. - * runtime/JSGlobalObjectFunctions.cpp: - (JSC::globalFuncProtoGetter): - (JSC::globalFuncProtoSetter): - - Definition of the __proto__ accessor functions. - * runtime/JSGlobalObjectFunctions.h: - - Declaration of the __proto__ accessor functions. - * runtime/JSObject.cpp: - (JSC::JSObject::put): - - Remove the special handling for __proto__, there is still a check to allow for a fast guard for accessors excluding __proto__. - (JSC::JSObject::putDirectAccessor): - - Track on the structure whether an object contains accessors other than one for __proto__. - (JSC::JSObject::defineOwnProperty): - - No need to prohibit definition of own properties named __proto__. - * runtime/JSObject.h: - (JSC::JSObject::inlineGetOwnPropertySlot): - - Remove the special handling for __proto__. - (JSC::JSValue::get): - - Remove the special handling for __proto__. - * runtime/JSString.cpp: - (JSC::JSString::getOwnPropertySlot): - - Remove the special handling for __proto__. - * runtime/JSValue.h: - (JSValue): - - Made synthesizePrototype public (this may be needed by the __proto__ getter). - * runtime/ObjectConstructor.cpp: - (JSC::objectConstructorGetPrototypeOf): - - Perform the security check & call prototype() directly. - * runtime/Structure.cpp: - (JSC::Structure::Structure): - - Added 'ExcludingProto' variant of the 'hasGetterSetterProperties' state. - * runtime/Structure.h: - (JSC::Structure::hasGetterSetterPropertiesExcludingProto): - (JSC::Structure::setHasGetterSetterProperties): - (Structure): - - Added 'ExcludingProto' variant of the 'hasGetterSetterProperties' state. - -2012-02-20 Michael Saboff - - Update toLower and toUpper tests for Unicode 6.1 changes - https://bugs.webkit.org/show_bug.cgi?id=78923 - - Reviewed by Oliver Hunt. - - * tests/mozilla/ecma/String/15.5.4.11-2.js: Updated the test - to handle a third set of results for updated Unicode 6.1 - changes. - (getTestCases): - (TestCaseMultiExpected): - (writeTestCaseResultMultiExpected): - (getTestCaseResultMultiExpected): - (test): - (GetUnicodeValues): - (DecimalToHexString): - -2012-02-20 Andy Wingo - - Remove unused features from CodeFeatures - https://bugs.webkit.org/show_bug.cgi?id=78804 - - Reviewed by Gavin Barraclough. - - * parser/Nodes.h: - * parser/ASTBuilder.h: - (JSC::ClosureFeature): - (JSC::ASTBuilder::createFunctionBody): - (JSC::ASTBuilder::usesClosures): - Remove "ClosureFeature". Since we track captured variables more - precisely, this bit doesn't do us any good. - - (JSC::AssignFeature): - (JSC::ASTBuilder::makeAssignNode): - (JSC::ASTBuilder::makePrefixNode): - (JSC::ASTBuilder::makePostfixNode): - (JSC::ASTBuilder::usesAssignment): - Similarly, remove AssignFeature. It is unused. - -2012-02-19 Carlos Garcia Campos - - Unreviewed. Fix make distcheck issues. - - * GNUmakefile.list.am: Add missing files. - -2012-02-18 Sam Weinig - - Fix style issues in DFG Phase classes - https://bugs.webkit.org/show_bug.cgi?id=78983 - - Reviewed by Ryosuke Niwa. - - * dfg/DFGArithNodeFlagsInferencePhase.cpp: - * dfg/DFGCFAPhase.cpp: - * dfg/DFGCSEPhase.cpp: - * dfg/DFGPredictionPropagationPhase.cpp: - * dfg/DFGVirtualRegisterAllocationPhase.cpp: - Add a space before the colon in class declarations. - -2012-02-18 Filip Pizlo - - Attempt to fix Windows build. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - -2012-02-18 Sam Weinig - - Fix the libc++ build. - - Reviewed by Anders Carlsson. - - * heap/Weak.h: - Libc++'s nullptr emulation does not allow default construction - of the nullptr_t type. Work around this with the arguably clearer - just returning nullptr. - -2012-02-18 Filip Pizlo - - DFGPropagator.cpp has too many things - https://bugs.webkit.org/show_bug.cgi?id=78956 - - Reviewed by Oliver Hunt. - - Added the notion of a DFG::Phase. Removed DFG::Propagator, and took its - various things and put them into separate files. These new phases follow - the naming convention "DFGPhase" where is a noun. They are - called via functions of the form "perform". - - * CMakeLists.txt: - * GNUmakefile.list.am: - * JavaScriptCore.xcodeproj/project.pbxproj: - * Target.pri: - * dfg/DFGArithNodeFlagsInferencePhase.cpp: Added. - (DFG): - (JSC::DFG::performArithNodeFlagsInference): - * dfg/DFGArithNodeFlagsInferencePhase.h: Added. - (DFG): - * dfg/DFGCFAPhase.cpp: Added. - (DFG): - (JSC::DFG::performCFA): - * dfg/DFGCFAPhase.h: Added. - (DFG): - * dfg/DFGCSEPhase.cpp: Added. - (DFG): - (JSC::DFG::performCSE): - * dfg/DFGCSEPhase.h: Added. - (DFG): - * dfg/DFGDriver.cpp: - (JSC::DFG::compile): - * dfg/DFGPhase.cpp: Added. - (DFG): - (JSC::DFG::Phase::beginPhase): - (JSC::DFG::Phase::endPhase): - * dfg/DFGPhase.h: Added. - (DFG): - (Phase): - (JSC::DFG::Phase::Phase): - (JSC::DFG::Phase::~Phase): - (JSC::DFG::Phase::globalData): - (JSC::DFG::Phase::codeBlock): - (JSC::DFG::Phase::profiledBlock): - (JSC::DFG::Phase::beginPhase): - (JSC::DFG::Phase::endPhase): - (JSC::DFG::runPhase): - * dfg/DFGPredictionPropagationPhase.cpp: Added. - (DFG): - (JSC::DFG::performPredictionPropagation): - * dfg/DFGPredictionPropagationPhase.h: Added. - (DFG): - * dfg/DFGPropagator.cpp: Removed. - * dfg/DFGPropagator.h: Removed. - * dfg/DFGVirtualRegisterAllocationPhase.cpp: Added. - (DFG): - (JSC::DFG::performVirtualRegisterAllocation): - * dfg/DFGVirtualRegisterAllocationPhase.h: Added. - (DFG): - -2012-02-17 Filip Pizlo - - DFG::Graph should have references to JSGlobalData, the CodeBlock being compiled, and - the CodeBlock that was used for profiling - https://bugs.webkit.org/show_bug.cgi?id=78954 - - Reviewed by Gavin Barraclough. - - * bytecode/CodeBlock.h: - (JSC::baselineCodeBlockForOriginAndBaselineCodeBlock): - (JSC): - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::AbstractState): - (JSC::DFG::AbstractState::execute): - * dfg/DFGAbstractState.h: - * dfg/DFGAssemblyHelpers.h: - (AssemblyHelpers): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::ByteCodeParser): - (JSC::DFG::ByteCodeParser::handleCall): - (JSC::DFG::parse): - * dfg/DFGByteCodeParser.h: - (DFG): - * dfg/DFGDriver.cpp: - (JSC::DFG::compile): - * dfg/DFGGraph.cpp: - (JSC::DFG::Graph::dump): - (JSC::DFG::Graph::predictArgumentTypes): - * dfg/DFGGraph.h: - (JSC::DFG::Graph::Graph): - (Graph): - (JSC::DFG::Graph::getJSConstantPrediction): - (JSC::DFG::Graph::addShouldSpeculateInteger): - (JSC::DFG::Graph::isInt32Constant): - (JSC::DFG::Graph::isDoubleConstant): - (JSC::DFG::Graph::isNumberConstant): - (JSC::DFG::Graph::isBooleanConstant): - (JSC::DFG::Graph::isFunctionConstant): - (JSC::DFG::Graph::valueOfJSConstant): - (JSC::DFG::Graph::valueOfInt32Constant): - (JSC::DFG::Graph::valueOfNumberConstant): - (JSC::DFG::Graph::valueOfBooleanConstant): - (JSC::DFG::Graph::valueOfFunctionConstant): - (JSC::DFG::Graph::baselineCodeBlockFor): - (JSC::DFG::Graph::valueProfileFor): - (JSC::DFG::Graph::addImmediateShouldSpeculateInteger): - * dfg/DFGJITCompiler.h: - (JSC::DFG::JITCompiler::JITCompiler): - (JITCompiler): - * dfg/DFGOSRExit.cpp: - (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow): - * dfg/DFGPropagator.cpp: - (JSC::DFG::Propagator::Propagator): - (JSC::DFG::Propagator::isNotNegZero): - (JSC::DFG::Propagator::isNotZero): - (JSC::DFG::Propagator::propagateNodePredictions): - (JSC::DFG::Propagator::doRoundOfDoubleVoting): - (JSC::DFG::Propagator::globalCFA): - (JSC::DFG::propagate): - * dfg/DFGPropagator.h: - (DFG): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): - (JSC::DFG::SpeculativeJIT::compileAdd): - (JSC::DFG::SpeculativeJIT::compileArithSub): - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::isConstant): - (JSC::DFG::SpeculativeJIT::isJSConstant): - (JSC::DFG::SpeculativeJIT::isInt32Constant): - (JSC::DFG::SpeculativeJIT::isDoubleConstant): - (JSC::DFG::SpeculativeJIT::isNumberConstant): - (JSC::DFG::SpeculativeJIT::isBooleanConstant): - (JSC::DFG::SpeculativeJIT::isFunctionConstant): - (JSC::DFG::SpeculativeJIT::valueOfInt32Constant): - (JSC::DFG::SpeculativeJIT::valueOfNumberConstant): - (JSC::DFG::SpeculativeJIT::valueOfJSConstant): - (JSC::DFG::SpeculativeJIT::valueOfBooleanConstant): - (JSC::DFG::SpeculativeJIT::valueOfFunctionConstant): - (JSC::DFG::SpeculativeJIT::speculationCheck): - (JSC::DFG::SpeculativeJIT::SpeculativeJIT): - -2012-02-17 Ahmad Sharif - - There is a warning in memset in glibc that gets triggered through a - warndecl when the fill-value of memset is a non-zero constant and the - size is zero. This warning is enabled when building with - -D_FORTIFY_SOURCE=2. This patch fixes the warning. - - https://bugs.webkit.org/show_bug.cgi?id=78513 - - Reviewed by Alexey Proskuryakov - - * wtf/Vector.h: - -2012-02-17 Kalev Lember - - Remove unused parameters from WTF threading API - https://bugs.webkit.org/show_bug.cgi?id=78389 - - Reviewed by Adam Roben. - - waitForThreadCompletion() had an out param 'void **result' to get the - 'void *' returned by ThreadFunction. However, the implementation in - ThreadingWin.cpp ignored the out param, not filling it in. This had - led to a situation where none of the client code made use of the param - and just ignored it. - - To clean this up, the patch changes the signature of ThreadFunction to - return void instead of void* and drops the the unused 'void **result' - parameter from waitForThreadCompletion. Also, all client code is - updated for the API change. - - As mentioned in https://bugs.webkit.org/show_bug.cgi?id=78389 , even - though the change only affects internal API, Safari is using it - directly and we'll need to keep the old versions around for ABI - compatibility. For this, the patch adds compatibility wrappers with - the old ABI. - - * JavaScriptCore.order: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - * bytecode/SamplingTool.cpp: - (JSC::SamplingThread::threadStartFunc): - (JSC::SamplingThread::stop): - * bytecode/SamplingTool.h: - (SamplingThread): - * heap/Heap.cpp: - (JSC::Heap::~Heap): - (JSC::Heap::blockFreeingThreadStartFunc): - * heap/Heap.h: - * heap/MarkStack.cpp: - (JSC::MarkStackThreadSharedData::markingThreadStartFunc): - (JSC::MarkStackThreadSharedData::~MarkStackThreadSharedData): - * heap/MarkStack.h: - (MarkStackThreadSharedData): - * wtf/ParallelJobsGeneric.cpp: - (WTF::ParallelEnvironment::ThreadPrivate::workerThread): - * wtf/ParallelJobsGeneric.h: - (ThreadPrivate): - * wtf/ThreadFunctionInvocation.h: Update the signature of - ThreadFunction. - (WTF): - * wtf/Threading.cpp: - (WTF::threadEntryPoint): Update for ThreadFunction signature change. - (WTF): - (WTF::ThreadFunctionWithReturnValueInvocation::ThreadFunctionWithReturnValueInvocation): - ABI compatibility function for Safari. - (ThreadFunctionWithReturnValueInvocation): Ditto. - (WTF::compatEntryPoint): Ditto. - (WTF::createThread): Ditto. - (WTF::waitForThreadCompletion): Ditto. - * wtf/Threading.h: Update the signature of ThreadFunction and - waitForThreadCompletion. - (WTF): - * wtf/ThreadingPthreads.cpp: Implement the new API. - (WTF::wtfThreadEntryPoint): - (WTF): - (WTF::createThreadInternal): - (WTF::waitForThreadCompletion): - * wtf/ThreadingWin.cpp: Implement the new API. - (WTF::wtfThreadEntryPoint): - (WTF::waitForThreadCompletion): - -2012-02-16 Oliver Hunt - - Implement Error.stack - https://bugs.webkit.org/show_bug.cgi?id=66994 - - Reviewed by Gavin Barraclough. - - Implement support for stack traces on exception objects. This is a rewrite - of the core portion of the last stack walking logic, but the mechanical work - of adding the information to an exception comes from the original work by - Juan Carlos Montemayor Elosua. - - * interpreter/Interpreter.cpp: - (JSC::getCallerInfo): - (JSC): - (JSC::getSourceURLFromCallFrame): - (JSC::getStackFrameCodeType): - (JSC::Interpreter::getStackTrace): - (JSC::Interpreter::throwException): - (JSC::Interpreter::privateExecute): - * interpreter/Interpreter.h: - (JSC): - (StackFrame): - (JSC::StackFrame::toString): - (Interpreter): - * jsc.cpp: - (GlobalObject::finishCreation): - (functionJSCStack): - * parser/Nodes.h: - (JSC::FunctionBodyNode::setInferredName): - * parser/Parser.h: - (JSC::::parse): - * runtime/CommonIdentifiers.h: - * runtime/Error.cpp: - (JSC::addErrorInfo): - * runtime/Error.h: - (JSC): - -2012-02-17 Mark Hahnenberg - - Rename Bump* to Copy* - https://bugs.webkit.org/show_bug.cgi?id=78573 - - Reviewed by Geoffrey Garen. - - Renamed anything with "Bump" in the name to have "Copied" instead. - - * CMakeLists.txt: - * GNUmakefile.list.am: - * JavaScriptCore.gypi: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: - * JavaScriptCore.xcodeproj/project.pbxproj: - * Target.pri: - * heap/BumpBlock.h: Removed. - * heap/BumpSpace.cpp: Removed. - * heap/BumpSpace.h: Removed. - * heap/BumpSpaceInlineMethods.h: Removed. - * heap/ConservativeRoots.cpp: - (JSC::ConservativeRoots::ConservativeRoots): - (JSC::ConservativeRoots::genericAddPointer): - * heap/ConservativeRoots.h: - (ConservativeRoots): - * heap/CopiedBlock.h: Added. - (JSC): - (CopiedBlock): - (JSC::CopiedBlock::CopiedBlock): - * heap/CopiedSpace.cpp: Added. - (JSC): - (JSC::CopiedSpace::tryAllocateSlowCase): - * heap/CopiedSpace.h: Added. - (JSC): - (CopiedSpace): - (JSC::CopiedSpace::isInCopyPhase): - (JSC::CopiedSpace::totalMemoryAllocated): - (JSC::CopiedSpace::totalMemoryUtilized): - * heap/CopiedSpaceInlineMethods.h: Added. - (JSC): - (JSC::CopiedSpace::CopiedSpace): - (JSC::CopiedSpace::init): - (JSC::CopiedSpace::contains): - (JSC::CopiedSpace::pin): - (JSC::CopiedSpace::startedCopying): - (JSC::CopiedSpace::doneCopying): - (JSC::CopiedSpace::doneFillingBlock): - (JSC::CopiedSpace::recycleBlock): - (JSC::CopiedSpace::getFreshBlock): - (JSC::CopiedSpace::borrowBlock): - (JSC::CopiedSpace::addNewBlock): - (JSC::CopiedSpace::allocateNewBlock): - (JSC::CopiedSpace::fitsInBlock): - (JSC::CopiedSpace::fitsInCurrentBlock): - (JSC::CopiedSpace::tryAllocate): - (JSC::CopiedSpace::tryAllocateOversize): - (JSC::CopiedSpace::allocateFromBlock): - (JSC::CopiedSpace::tryReallocate): - (JSC::CopiedSpace::tryReallocateOversize): - (JSC::CopiedSpace::isOversize): - (JSC::CopiedSpace::isPinned): - (JSC::CopiedSpace::oversizeBlockFor): - (JSC::CopiedSpace::blockFor): - * heap/Heap.cpp: - * heap/Heap.h: - (JSC): - (Heap): - * heap/MarkStack.cpp: - (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData): - (JSC::SlotVisitor::drainFromShared): - (JSC::SlotVisitor::startCopying): - (JSC::SlotVisitor::allocateNewSpace): - (JSC::SlotVisitor::doneCopying): - * heap/MarkStack.h: - (MarkStackThreadSharedData): - * heap/SlotVisitor.h: - (SlotVisitor): - * runtime/JSArray.cpp: - * runtime/JSObject.cpp: - -2012-02-16 Yuqiang Xian - - Add JSC code profiling support on Linux x86 - https://bugs.webkit.org/show_bug.cgi?id=78871 - - Reviewed by Gavin Barraclough. - - We don't unwind the stack for now as we cannot guarantee all the - libraries are compiled without -fomit-frame-pointer. - - * tools/CodeProfile.cpp: - (JSC::CodeProfile::sample): - * tools/CodeProfiling.cpp: - (JSC): - (JSC::profilingTimer): - (JSC::CodeProfiling::begin): - (JSC::CodeProfiling::end): - -2012-02-16 Csaba Osztrogonác - - Unreviewed. Rolling out r107980, because it broke 32 bit platforms. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - * interpreter/Interpreter.cpp: - (JSC::Interpreter::throwException): - (JSC::Interpreter::privateExecute): - * interpreter/Interpreter.h: - (JSC): - (Interpreter): - * jsc.cpp: - (GlobalObject::finishCreation): - * parser/Nodes.h: - (JSC::FunctionBodyNode::setInferredName): - * parser/Parser.h: - (JSC::::parse): - * runtime/CommonIdentifiers.h: - * runtime/Error.cpp: - (JSC::addErrorInfo): - * runtime/Error.h: - (JSC): - -2012-02-16 Filip Pizlo - - ENABLE_INTERPRETER should be ENABLE_CLASSIC_INTERPRETER - https://bugs.webkit.org/show_bug.cgi?id=78791 - - Rubber stamped by Oliver Hunt. - - Just a renaming, nothing more. Also renamed COMPUTED_GOTO_INTERPRETER to - COMPUTED_GOTO_CLASSIC_INTERPRETER. - - * bytecode/CodeBlock.cpp: - (JSC::CodeBlock::dump): - (JSC::CodeBlock::stronglyVisitStrongReferences): - (JSC): - (JSC::CodeBlock::shrinkToFit): - * bytecode/CodeBlock.h: - (CodeBlock): - * bytecode/Instruction.h: - (JSC::Instruction::Instruction): - * bytecode/Opcode.h: - (JSC::padOpcodeName): - * bytecompiler/BytecodeGenerator.cpp: - (JSC::BytecodeGenerator::emitResolve): - (JSC::BytecodeGenerator::emitResolveWithBase): - (JSC::BytecodeGenerator::emitGetById): - (JSC::BytecodeGenerator::emitPutById): - (JSC::BytecodeGenerator::emitDirectPutById): - * interpreter/AbstractPC.cpp: - (JSC::AbstractPC::AbstractPC): - * interpreter/AbstractPC.h: - (AbstractPC): - * interpreter/CallFrame.h: - (ExecState): - * interpreter/Interpreter.cpp: - (JSC): - (JSC::Interpreter::initialize): - (JSC::Interpreter::isOpcode): - (JSC::Interpreter::unwindCallFrame): - (JSC::Interpreter::execute): - (JSC::Interpreter::privateExecute): - (JSC::Interpreter::retrieveLastCaller): - * interpreter/Interpreter.h: - (JSC::Interpreter::getOpcode): - (JSC::Interpreter::getOpcodeID): - (Interpreter): - * jit/ExecutableAllocatorFixedVMPool.cpp: - (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator): - * runtime/Executable.cpp: - (JSC::EvalExecutable::compileInternal): - (JSC::ProgramExecutable::compileInternal): - (JSC::FunctionExecutable::compileForCallInternal): - (JSC::FunctionExecutable::compileForConstructInternal): - * runtime/Executable.h: - (NativeExecutable): - * runtime/JSGlobalData.cpp: - (JSC::JSGlobalData::JSGlobalData): - (JSC::JSGlobalData::getHostFunction): - * runtime/JSGlobalData.h: - (JSGlobalData): - * wtf/OSAllocatorPosix.cpp: - (WTF::OSAllocator::reserveAndCommit): - * wtf/Platform.h: - -2012-02-15 Geoffrey Garen - - Made Weak single-owner, adding PassWeak - https://bugs.webkit.org/show_bug.cgi?id=78740 - - Reviewed by Sam Weinig. - - This works basically the same way as OwnPtr and PassOwnPtr. - - This clarifies the semantics of finalizers: It's ambiguous and probably - a bug to copy a finalizer (i.e., it's a bug to run a C++ destructor - twice), so I've made Weak non-copyable. Anywhere we used to copy a - Weak, we now use PassWeak. - - This also makes Weak HashMaps more efficient. - - * API/JSClassRef.cpp: - (OpaqueJSClass::prototype): Use PassWeak instead of set(), since - set() is gone now. - - * JavaScriptCore.xcodeproj/project.pbxproj: Export! - - * heap/PassWeak.h: Added. - (JSC): - (PassWeak): - (JSC::PassWeak::PassWeak): - (JSC::PassWeak::~PassWeak): - (JSC::PassWeak::get): - (JSC::::leakHandle): - (JSC::adoptWeak): - (JSC::operator==): - (JSC::operator!=): This is the Weak version of PassOwnPtr. - - * heap/Weak.h: - (Weak): - (JSC::Weak::Weak): - (JSC::Weak::release): - (JSC::Weak::hashTableDeletedValue): - (JSC::=): - (JSC): Changed to be non-copyable, removing a lot of copying-related - APIs. Added hash traits so hash maps still work. - - * jit/JITStubs.cpp: - (JSC::JITThunks::hostFunctionStub): - * runtime/RegExpCache.cpp: - (JSC::RegExpCache::lookupOrCreate): Use PassWeak, as required by - our new hash map API. - -2012-02-16 Mark Hahnenberg - - Fix the broken viewport tests - https://bugs.webkit.org/show_bug.cgi?id=78774 - - Reviewed by Kenneth Rohde Christiansen. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - * wtf/text/WTFString.cpp: - (WTF): - (WTF::toDoubleType): Template-ized to allow other functions to specify whether they - want to allow trailing junk or not when calling strtod. - (WTF::charactersToDouble): - (WTF::charactersToFloat): - (WTF::charactersToFloatIgnoringJunk): Created new version of charactersToFloat that allows - trailing junk. - * wtf/text/WTFString.h: - (WTF): - -2012-02-16 Oliver Hunt - - Implement Error.stack - https://bugs.webkit.org/show_bug.cgi?id=66994 - - Reviewed by Gavin Barraclough. - - Implement support for stack traces on exception objects. This is a rewrite - of the core portion of the last stack walking logic, but the mechanical work - of adding the information to an exception comes from the original work by - Juan Carlos Montemayor Elosua. - - * interpreter/Interpreter.cpp: - (JSC::getCallerInfo): - (JSC): - (JSC::getSourceURLFromCallFrame): - (JSC::getStackFrameCodeType): - (JSC::Interpreter::getStackTrace): - (JSC::Interpreter::throwException): - (JSC::Interpreter::privateExecute): - * interpreter/Interpreter.h: - (JSC): - (StackFrame): - (JSC::StackFrame::toString): - (Interpreter): - * jsc.cpp: - (GlobalObject::finishCreation): - (functionJSCStack): - * parser/Nodes.h: - (JSC::FunctionBodyNode::setInferredName): - * parser/Parser.h: - (JSC::::parse): - * runtime/CommonIdentifiers.h: - * runtime/Error.cpp: - (JSC::addErrorInfo): - * runtime/Error.h: - (JSC): - -2012-02-15 Gavin Barraclough - - Numerous trivial bugs in Object.defineProperty - https://bugs.webkit.org/show_bug.cgi?id=78777 - - Reviewed by Sam Weinig. - - There are a handful of really trivial bugs, related to Object.defineProperty: - * Redefining an accessor with different attributes changes the attributes, but not the get/set functions! - * Calling an undefined setter should only throw in strict mode. - * When redefining an accessor to a data decriptor, if writable is not specified we should default to false. - * Any attempt to redefine a non-configurable property of an array as configurable should be rejected. - * Object.defineProperties should call toObject on 'Properties' argument, rather than throwing if it is not an object. - * If preventExtensions has been called on an array, subsequent assignment beyond array bounds should fail. - * 'isFrozen' shouldn't be checking the ReadOnly bit for accessor descriptors (we presently always keep this bit as 'false'). - * Should be able to redefine an non-writable, non-configurable property, with the same value and attributes. - * Should be able to define an non-configurable accessor. - These are mostly all one-line changes, e.g. inverted boolean checks, masking against wrong attribute. - - * runtime/JSArray.cpp: - (JSC::SparseArrayValueMap::put): - - Added ASSERT. - - Calling an undefined setter should only throw in strict mode. - (JSC::JSArray::putDescriptor): - - Should be able to define an non-configurable accessor. - (JSC::JSArray::defineOwnNumericProperty): - - Any attempt to redefine a non-configurable property of an array as configurable should be rejected. - (JSC::JSArray::putByIndexBeyondVectorLength): - - If preventExtensions has been called on an array, subsequent assignment beyond array bounds should fail. - * runtime/JSArray.h: - (JSArray): - - made enterDictionaryMode public, called from JSObject. - * runtime/JSObject.cpp: - (JSC::JSObject::put): - - Calling an undefined setter should only throw in strict mode. - (JSC::JSObject::preventExtensions): - - Put array objects into dictionary mode to handle this! - (JSC::JSObject::defineOwnProperty): - - Should be able to redefine an non-writable, non-configurable property, with the same value and attributes. - - Redefining an accessor with different attributes changes the attributes, but not the get/set functions! - * runtime/ObjectConstructor.cpp: - (JSC::objectConstructorDefineProperties): - - Object.defineProperties should call toObject on 'Properties' argument, rather than throwing if it is not an object. - * runtime/PropertyDescriptor.cpp: - (JSC::PropertyDescriptor::attributesWithOverride): - - When redefining an accessor to a data decriptor, if writable is not specified we should default to false. - (JSC::PropertyDescriptor::attributesOverridingCurrent): - - When redefining an accessor to a data decriptor, if writable is not specified we should default to false. - * runtime/Structure.cpp: - (JSC::Structure::freezeTransition): - - 'freezeTransition' shouldn't be setting the ReadOnly bit for accessor descriptors (we presently always keep this bit as 'false'). - (JSC::Structure::isFrozen): - - 'isFrozen' shouldn't be checking the ReadOnly bit for accessor descriptors (we presently always keep this bit as 'false'). - -2012-02-13 Filip Pizlo - - DFG should not check the types of arguments that are dead - https://bugs.webkit.org/show_bug.cgi?id=78518 - - Reviewed by Geoff Garen. - - The argument checks are now elided if the corresponding SetArgument is dead, - and the abstract value of the argument is set to bottom (None, []). This is - performance neutral on the benchmarks we currently track. - - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::initialize): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::checkArgumentTypes): - -2012-02-15 Oliver Hunt - - Ensure that the DFG JIT always plants a CodeOrigin when making calls - https://bugs.webkit.org/show_bug.cgi?id=78763 - - Reviewed by Gavin Barraclough. - - Make all calls plant a CodeOrigin prior to the actual - call. Also clobbers the Interpreter with logic to ensure - that the interpreter always plants a bytecode offset. - - * dfg/DFGJITCompiler.cpp: - (JSC::DFG::JITCompiler::link): - (JSC::DFG::JITCompiler::compileFunction): - * dfg/DFGJITCompiler.h: - (CallBeginToken): - (JSC::DFG::JITCompiler::beginJSCall): - (JSC::DFG::JITCompiler::beginCall): - * dfg/DFGRepatch.cpp: - (JSC::DFG::tryBuildGetByIDList): - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::emitCall): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::emitCall): - * interpreter/AbstractPC.cpp: - (JSC::AbstractPC::AbstractPC): - * interpreter/CallFrame.cpp: - (JSC::CallFrame::trueCallFrame): - * interpreter/CallFrame.h: - (JSC::ExecState::bytecodeOffsetForNonDFGCode): - (ExecState): - (JSC::ExecState::setBytecodeOffsetForNonDFGCode): - (JSC::ExecState::codeOriginIndexForDFG): - -2012-02-14 Oliver Hunt - - Fix Interpreter. - - * runtime/Executable.cpp: - (JSC): - * runtime/Executable.h: - (ExecutableBase): - -2012-02-14 Matt Lilek - - Don't ENABLE_DASHBOARD_SUPPORT unconditionally on all Mac platforms - https://bugs.webkit.org/show_bug.cgi?id=78629 - - Reviewed by David Kilzer. - - * Configurations/FeatureDefines.xcconfig: - -2012-02-14 Filip Pizlo - - Unreviewed, build fix for non-DFG platforms. - - * assembler/MacroAssembler.h: - (MacroAssembler): - -2012-02-14 Filip Pizlo - - Unreviewed, fix build and configuration goof. - - * assembler/MacroAssembler.h: - (JSC::MacroAssembler::invert): - * dfg/DFGCommon.h: - -2012-02-13 Filip Pizlo - - DFG should be able to emit code on control flow edges - https://bugs.webkit.org/show_bug.cgi?id=78515 - - Reviewed by Gavin Barraclough. - - This gets us a few steps closer to being able to perform global register allocation, - by allowing us to have landing pads on control flow edges. This will let us reshuffle - registers if it happens to be necessary due to different reg alloc decisions in - differen blocks. - - This also introduces the notion of a landing pad for OSR entry, which will allow us - to emit code that places data into registers when we're entering into the DFG from - the old JIT. - - Finally, this patch introduces a verification mode that checks that the landing pads - are actually emitted and do actually work as advertised. When verification is disabled, - this has no effect on behavior. - - * assembler/MacroAssembler.h: - (MacroAssembler): - (JSC::MacroAssembler::invert): - (JSC::MacroAssembler::isInvertible): - * dfg/DFGCommon.h: - * dfg/DFGJITCompiler.cpp: - (JSC::DFG::JITCompiler::compile): - (JSC::DFG::JITCompiler::compileFunction): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch): - (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality): - (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch): - (JSC::DFG::SpeculativeJIT::compile): - (JSC::DFG::SpeculativeJIT::createOSREntries): - (DFG): - (JSC::DFG::SpeculativeJIT::linkOSREntries): - (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant): - * dfg/DFGSpeculativeJIT.h: - (SpeculativeJIT): - (JSC::DFG::SpeculativeJIT::branchDouble): - (JSC::DFG::SpeculativeJIT::branchDoubleNonZero): - (JSC::DFG::SpeculativeJIT::branch32): - (JSC::DFG::SpeculativeJIT::branchTest32): - (JSC::DFG::SpeculativeJIT::branchPtr): - (JSC::DFG::SpeculativeJIT::branchTestPtr): - (JSC::DFG::SpeculativeJIT::branchTest8): - (JSC::DFG::SpeculativeJIT::jump): - (JSC::DFG::SpeculativeJIT::haveEdgeCodeToEmit): - (JSC::DFG::SpeculativeJIT::emitEdgeCode): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull): - (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch): - (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq): - (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): - (JSC::DFG::SpeculativeJIT::emitBranch): - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull): - (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch): - (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq): - (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): - (JSC::DFG::SpeculativeJIT::emitBranch): - (JSC::DFG::SpeculativeJIT::compile): - -2012-02-14 Filip Pizlo - - Assertion failure under JSC::DFG::AbstractState::execute loading economist.com - https://bugs.webkit.org/show_bug.cgi?id=78153 - - - Reviewed by Oliver Hunt. - - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::execute): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compileAdd): - -2012-02-14 Eric Seidel - - Upstream Android's additions to Platform.h - https://bugs.webkit.org/show_bug.cgi?id=78536 - - Reviewed by Adam Barth. - - * wtf/Platform.h: - -2012-02-12 Mark Hahnenberg - - Replace old strtod with new strtod - https://bugs.webkit.org/show_bug.cgi?id=68044 - - Reviewed by Geoffrey Garen. - - * parser/Lexer.cpp: Added template argument. This version allows junk after numbers. - (JSC::::lex): - * runtime/JSGlobalObjectFunctions.cpp: Ditto. - (JSC::parseInt): - (JSC::jsStrDecimalLiteral): - * runtime/LiteralParser.cpp: Ditto. - (JSC::::Lexer::lexNumber): - * wtf/dtoa.cpp: Replaced old strtod with a new version that uses the new StringToDoubleConverter. - It takes a template argument to allow clients to determine statically whether it should allow - junk after the numbers or not. - (WTF): - (WTF::strtod): - * wtf/dtoa.h: - (WTF): - * wtf/text/WTFString.cpp: Added template argument. This version does not allow junk after numbers. - (WTF::toDoubleType): - -2012-02-13 Mark Hahnenberg - - More windows build fixing - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - -2012-02-13 Oliver Hunt - - Executing out of bounds in JSC::Yarr::YarrCodeBlock::execute / JSC::RegExp::match - https://bugs.webkit.org/show_bug.cgi?id=76315 - - Reviewed by Gavin Barraclough. - - Perform a 3 byte compare using two comparisons, rather than trying to perform the - operation with a four byte load. - - * yarr/YarrJIT.cpp: - (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce): - -2012-02-13 Mark Hahnenberg - - Windows build fix - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - -2012-02-12 Mark Hahnenberg - - Replace old strtod with new strtod - https://bugs.webkit.org/show_bug.cgi?id=68044 - - Reviewed by Geoffrey Garen. - - * parser/Lexer.cpp: Added template argument. This version allows junk after numbers. - (JSC::::lex): - * runtime/JSGlobalObjectFunctions.cpp: Ditto. - (JSC::parseInt): - (JSC::jsStrDecimalLiteral): - * runtime/LiteralParser.cpp: Ditto. - (JSC::::Lexer::lexNumber): - * wtf/dtoa.cpp: Replaced old strtod with a new version that uses the new StringToDoubleConverter. - It takes a template argument to allow clients to determine statically whether it should allow - junk after the numbers or not. - (WTF): - (WTF::strtod): - * wtf/dtoa.h: - (WTF): - * wtf/text/WTFString.cpp: Added template argument. This version does not allow junk after numbers. - (WTF::toDoubleType): - -2012-02-13 Sam Weinig - - Move JSC related assertions out of Assertions.h and into their own header - https://bugs.webkit.org/show_bug.cgi?id=78508 - - Reviewed by Gavin Barraclough. - - * GNUmakefile.list.am: - * JavaScriptCore.gypi: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: - * JavaScriptCore.xcodeproj/project.pbxproj: - Add GCAssertions.h - - * heap/GCAssertions.h: Added. - Move assertions here. - - * runtime/WriteBarrier.h: - Add #include of GCAssertions.h - - * wtf/Assertions.h: - Remove JSC related assertions. - - * wtf/Compiler.h: - Add compiler check for __has_trivial_destructor. - -2012-02-13 Chao-ying Fu - - Update MIPS patchOffsetGetByIdSlowCaseCall - https://bugs.webkit.org/show_bug.cgi?id=78392 - - Reviewed by Gavin Barraclough. - - * jit/JIT.h: - (JIT): - -2012-02-13 Patrick Gansterer - - Remove obsolete #if from ThreadSpecific.h - https://bugs.webkit.org/show_bug.cgi?id=78485 - - Reviewed by Adam Roben. - - Since alle platform use either pthread or Win32 for threading, - we can remove all PLATFORM() preprocessor statements. - - * wtf/ThreadSpecific.h: - (ThreadSpecific): - -2012-02-13 Jessie Berlin - - Fix the Windows build. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - -2012-02-13 Sam Weinig - - Use C11's _Static_assert for COMPILE_ASSERT if it is available - https://bugs.webkit.org/show_bug.cgi?id=78506 - - Rubber-stamped by Antti Koivisto. - - Use C11's _Static_assert for COMPILE_ASSERT if it is available to give slightly - better error messages. - - * wtf/Assertions.h: - Use _Static_assert if it is available. - - * wtf/Compiler.h: - Add COMPILER_SUPPORTS support for _Static_assert when using the LLVM Compiler. - -2012-02-13 Mario Sanchez Prada - - [GTK] Add GSList to the list of GObject types in GOwnPtr - https://bugs.webkit.org/show_bug.cgi?id=78487 - - Reviewed by Philippe Normand. - - Handle the GSList type in GOwnPtr, by calling g_slist_free in the - implementation of the freeOwnedGPtr template function. - - * wtf/gobject/GOwnPtr.cpp: - (WTF::GSList): - (WTF): - * wtf/gobject/GOwnPtr.h: - (WTF): - * wtf/gobject/GTypedefs.h: - -2012-02-06 Raphael Kubo da Costa - - [EFL] Drop support for the Curl network backend. - https://bugs.webkit.org/show_bug.cgi?id=77874 - - Reviewed by Eric Seidel. - - Nobody seems to be maintaining the Curl backend in WebCore, the - EFL port developers all seem to be using the Soup backend and the - port itself has many features which are only implemented for the - latter. - - * wtf/PlatformEfl.cmake: Always build the gobject-dependent source - files. - -2012-02-13 Patrick Gansterer - - Unreviewed. Build fix for !ENABLE(JIT) after r107485. - - * bytecode/PolymorphicPutByIdList.cpp: - -2012-02-13 Gavin Barraclough - - https://bugs.webkit.org/show_bug.cgi?id=78434 - Unreviewed - temporarily reverting r107498 will I fix a couple of testcases. - - * parser/Parser.cpp: - (JSC::::parseFunctionInfo): - * runtime/ClassInfo.h: - (MethodTable): - (JSC): - * runtime/JSCell.cpp: - (JSC): - * runtime/JSCell.h: - (JSCell): - * runtime/JSGlobalObject.cpp: - (JSC::JSGlobalObject::reset): - * runtime/JSGlobalObjectFunctions.cpp: - (JSC): - * runtime/JSGlobalObjectFunctions.h: - (JSC): - * runtime/JSObject.cpp: - (JSC::JSObject::put): - (JSC): - (JSC::JSObject::putDirectAccessor): - (JSC::JSObject::defineOwnProperty): - * runtime/JSObject.h: - (JSC::JSObject::inlineGetOwnPropertySlot): - (JSC::JSValue::get): - * runtime/JSString.cpp: - (JSC::JSString::getOwnPropertySlot): - * runtime/JSValue.h: - (JSValue): - * runtime/ObjectConstructor.cpp: - (JSC::objectConstructorGetPrototypeOf): - * runtime/Structure.cpp: - (JSC::Structure::Structure): - * runtime/Structure.h: - (JSC::Structure::setHasGetterSetterProperties): - (Structure): - -2012-02-12 Ashod Nakashian - - KeywordLookupGenerator.py script fails in some cases - https://bugs.webkit.org/show_bug.cgi?id=77886 - - Reviewed by Benjamin Poulain. - - * parser/Keywords.table: Converted to LF-only. - -2012-02-12 Shinya Kawanaka - - Introduce ShadowRootList. - https://bugs.webkit.org/show_bug.cgi?id=78069 - - Reviewed by Hajime Morita. - - DoublyLinkedList should have tail() method to take the last element. - - * wtf/DoublyLinkedList.h: - (DoublyLinkedList): - (WTF::::tail): - (WTF): - -2012-02-12 Raphael Kubo da Costa - - [CMake] Move source files in WTF_HEADERS to WTF_SOURCES. - https://bugs.webkit.org/show_bug.cgi?id=78436 - - Reviewed by Daniel Bates. - - * wtf/CMakeLists.txt: Move .cpp files from WTF_HEADERS to WTF_SOURCES, - and correctly sort the files which start with 'M'. - -2012-02-12 Sam Weinig - - Move the NumberOfCores.h/cpp files into the WTF group of JavaScriptCore.xcodeproj. - - Rubber-stamped by Anders Carlsson. - - * JavaScriptCore.xcodeproj/project.pbxproj: - -2012-02-12 Raphael Kubo da Costa - - [CMake] Remove unused or empty variable definitions. - https://bugs.webkit.org/show_bug.cgi?id=78437 - - Reviewed by Daniel Bates. - - * CMakeLists.txt: Remove unused JavaScriptCore_HEADERS definition. - * shell/CMakeLists.txt: Remove unused JSC_HEADERS definition. - * wtf/CMakeLists.txt: Remove empty WTF_LIBRARIES definition, it will - be defined later by Platform*.cmake via LIST(APPEND WTF_LIBRARIES). - -2012-02-12 Filip Pizlo - - DFG::SpeculativeJIT calls fprintf() instead of dataLog in terminateSpeculativeExecution() - https://bugs.webkit.org/show_bug.cgi?id=78431 - - Reviewed by Gavin Barraclough. - - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution): - -2012-02-11 Benjamin Poulain - - Add back WTFURL to WebKit - https://bugs.webkit.org/show_bug.cgi?id=77291 - - Reviewed by Adam Barth. - - WTFURL was removed from WebKit in r86787. - - This patch adds the code back to WTF with the following changes: - -Guard the feature with USE(WTFURL). - -Change the typename CHAR to CharacterType to follow recent WebKit conventions. - -Fix some coding style to make check-webkit-style happy. - - * JavaScriptCore.xcodeproj/project.pbxproj: - * wtf/Platform.h: - * wtf/url/api/ParsedURL.cpp: Added. - (WTF): - (WTF::ParsedURL::ParsedURL): - (WTF::ParsedURL::scheme): - (WTF::ParsedURL::username): - (WTF::ParsedURL::password): - (WTF::ParsedURL::host): - (WTF::ParsedURL::port): - (WTF::ParsedURL::path): - (WTF::ParsedURL::query): - (WTF::ParsedURL::fragment): - (WTF::ParsedURL::segment): - * wtf/url/api/ParsedURL.h: Added. - (WTF): - (ParsedURL): - (WTF::ParsedURL::spec): - * wtf/url/api/URLString.h: Added. - (WTF): - (URLString): - (WTF::URLString::URLString): - (WTF::URLString::string): - * wtf/url/src/RawURLBuffer.h: Added. - (WTF): - (RawURLBuffer): - (WTF::RawURLBuffer::RawURLBuffer): - (WTF::RawURLBuffer::~RawURLBuffer): - (WTF::RawURLBuffer::resize): - * wtf/url/src/URLBuffer.h: Added. - (WTF): - (URLBuffer): - (WTF::URLBuffer::URLBuffer): - (WTF::URLBuffer::~URLBuffer): - (WTF::URLBuffer::at): - (WTF::URLBuffer::set): - (WTF::URLBuffer::capacity): - (WTF::URLBuffer::length): - (WTF::URLBuffer::data): - (WTF::URLBuffer::setLength): - (WTF::URLBuffer::append): - (WTF::URLBuffer::grow): - * wtf/url/src/URLCharacterTypes.cpp: Added. - (WTF): - (): - * wtf/url/src/URLCharacterTypes.h: Added. - (WTF): - (URLCharacterTypes): - (WTF::URLCharacterTypes::isQueryChar): - (WTF::URLCharacterTypes::isIPv4Char): - (WTF::URLCharacterTypes::isHexChar): - (): - (WTF::URLCharacterTypes::isCharOfType): - * wtf/url/src/URLComponent.h: Added. - (WTF): - (URLComponent): - (WTF::URLComponent::URLComponent): - (WTF::URLComponent::fromRange): - (WTF::URLComponent::isValid): - (WTF::URLComponent::isNonEmpty): - (WTF::URLComponent::isEmptyOrInvalid): - (WTF::URLComponent::reset): - (WTF::URLComponent::operator==): - (WTF::URLComponent::begin): - (WTF::URLComponent::setBegin): - (WTF::URLComponent::length): - (WTF::URLComponent::setLength): - (WTF::URLComponent::end): - * wtf/url/src/URLEscape.cpp: Added. - (WTF): - (): - * wtf/url/src/URLEscape.h: Added. - (WTF): - (WTF::appendURLEscapedCharacter): - * wtf/url/src/URLParser.h: Added. - (WTF): - (URLParser): - (): - (WTF::URLParser::isPossibleAuthorityTerminator): - (WTF::URLParser::parseAuthority): - (WTF::URLParser::extractScheme): - (WTF::URLParser::parseAfterScheme): - (WTF::URLParser::parseStandardURL): - (WTF::URLParser::parsePath): - (WTF::URLParser::parsePathURL): - (WTF::URLParser::parseMailtoURL): - (WTF::URLParser::parsePort): - (WTF::URLParser::extractFileName): - (WTF::URLParser::extractQueryKeyValue): - (WTF::URLParser::isURLSlash): - (WTF::URLParser::shouldTrimFromURL): - (WTF::URLParser::trimURL): - (WTF::URLParser::consecutiveSlashes): - (WTF::URLParser::isPortDigit): - (WTF::URLParser::nextAuthorityTerminator): - (WTF::URLParser::parseUserInfo): - (WTF::URLParser::parseServerInfo): - * wtf/url/src/URLQueryCanonicalizer.h: Added. - (WTF): - (URLQueryCanonicalizer): - (WTF::URLQueryCanonicalizer::canonicalize): - (WTF::URLQueryCanonicalizer::isAllASCII): - (WTF::URLQueryCanonicalizer::isRaw8Bit): - (WTF::URLQueryCanonicalizer::appendRaw8BitQueryString): - (WTF::URLQueryCanonicalizer::convertToQueryEncoding): - * wtf/url/src/URLSegments.cpp: Added. - (WTF): - (WTF::URLSegments::length): - (WTF::URLSegments::charactersBefore): - * wtf/url/src/URLSegments.h: Added. - (WTF): - (URLSegments): - (): - (WTF::URLSegments::URLSegments): - -2012-02-11 Filip Pizlo - - Old JIT put_by_id profiling counts every put_by_id_transition as taking slow path - https://bugs.webkit.org/show_bug.cgi?id=78430 - - - Reviewed by Gavin Barraclough. - - The old JIT's put_by_id transition caching involves repatching the slow call to - a generated stub. That means that the call is counted as "slow case". So, this - patch inserts code to decrement the slow case count if the stub succeeds. - - Looks like a ~1% speed-up on V8. - - * jit/JITPropertyAccess.cpp: - (JSC::JIT::privateCompilePutByIdTransition): - * jit/JITPropertyAccess32_64.cpp: - (JSC::JIT::privateCompilePutByIdTransition): - -2012-02-11 Filip Pizlo - - Build fix for Qt. - - * wtf/DataLog.h: - -2012-02-11 Filip Pizlo - - It should be possible to send all JSC debug logging to a file - https://bugs.webkit.org/show_bug.cgi?id=78418 - - Reviewed by Sam Weinig. - - Introduced wtf/DataLog, which defines WTF::dataFile, WTF::dataLog, - and WTF::dataLogV. Changed all debugging- and profiling-related printfs - to use WTF::dataLog() or one of its friends. By default, debug logging - goes to stderr, unless you change the setting in wtf/DataLog.cpp. - - * GNUmakefile.list.am: - * JavaScriptCore.gypi: - * JavaScriptCore.vcproj/WTF/WTF.vcproj: - * JavaScriptCore.xcodeproj/project.pbxproj: - * assembler/LinkBuffer.h: - (JSC::LinkBuffer::dumpLinkStatistics): - (JSC::LinkBuffer::dumpCode): - * assembler/SH4Assembler.h: - (JSC::SH4Assembler::vprintfStdoutInstr): - * bytecode/CodeBlock.cpp: - (JSC::CodeBlock::printUnaryOp): - (JSC::CodeBlock::printBinaryOp): - (JSC::CodeBlock::printConditionalJump): - (JSC::CodeBlock::printGetByIdOp): - (JSC::CodeBlock::printCallOp): - (JSC::CodeBlock::printPutByIdOp): - (JSC::printGlobalResolveInfo): - (JSC::printStructureStubInfo): - (JSC::CodeBlock::printStructure): - (JSC::CodeBlock::printStructures): - (JSC::CodeBlock::dump): - (JSC::CodeBlock::dumpStatistics): - (JSC::CodeBlock::finalizeUnconditionally): - (JSC::CodeBlock::shouldOptimizeNow): - (JSC::CodeBlock::tallyFrequentExitSites): - (JSC::CodeBlock::dumpValueProfiles): - * bytecode/Opcode.cpp: - (JSC::OpcodeStats::~OpcodeStats): - * bytecode/SamplingTool.cpp: - (JSC::SamplingFlags::stop): - (JSC::SamplingRegion::dumpInternal): - (JSC::SamplingTool::dump): - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::endBasicBlock): - (JSC::DFG::AbstractState::mergeStateAtTail): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit): - (JSC::DFG::ByteCodeParser::makeSafe): - (JSC::DFG::ByteCodeParser::makeDivSafe): - (JSC::DFG::ByteCodeParser::handleCall): - (JSC::DFG::ByteCodeParser::handleInlining): - (JSC::DFG::ByteCodeParser::parseBlock): - (JSC::DFG::ByteCodeParser::processPhiStack): - (JSC::DFG::ByteCodeParser::linkBlock): - (JSC::DFG::ByteCodeParser::parseCodeBlock): - (JSC::DFG::ByteCodeParser::parse): - * dfg/DFGCommon.h: - * dfg/DFGDriver.cpp: - (JSC::DFG::compile): - * dfg/DFGGraph.cpp: - (JSC::DFG::printWhiteSpace): - (JSC::DFG::Graph::dumpCodeOrigin): - (JSC::DFG::Graph::dump): - (JSC::DFG::Graph::predictArgumentTypes): - * dfg/DFGJITCompiler.cpp: - (JSC::DFG::JITCompiler::link): - * dfg/DFGOSREntry.cpp: - (JSC::DFG::prepareOSREntry): - * dfg/DFGOSRExitCompiler.cpp: - * dfg/DFGOSRExitCompiler32_64.cpp: - (JSC::DFG::OSRExitCompiler::compileExit): - * dfg/DFGOSRExitCompiler64.cpp: - (JSC::DFG::OSRExitCompiler::compileExit): - * dfg/DFGOperations.cpp: - * dfg/DFGPropagator.cpp: - (JSC::DFG::Propagator::fixpoint): - (JSC::DFG::Propagator::propagateArithNodeFlags): - (JSC::DFG::Propagator::propagateArithNodeFlagsForward): - (JSC::DFG::Propagator::propagateArithNodeFlagsBackward): - (JSC::DFG::Propagator::propagateNodePredictions): - (JSC::DFG::Propagator::propagatePredictionsForward): - (JSC::DFG::Propagator::propagatePredictionsBackward): - (JSC::DFG::Propagator::doRoundOfDoubleVoting): - (JSC::DFG::Propagator::fixupNode): - (JSC::DFG::Propagator::fixup): - (JSC::DFG::Propagator::startIndexForChildren): - (JSC::DFG::Propagator::endIndexForPureCSE): - (JSC::DFG::Propagator::setReplacement): - (JSC::DFG::Propagator::eliminate): - (JSC::DFG::Propagator::performNodeCSE): - (JSC::DFG::Propagator::localCSE): - (JSC::DFG::Propagator::allocateVirtualRegisters): - (JSC::DFG::Propagator::performBlockCFA): - (JSC::DFG::Propagator::performForwardCFA): - * dfg/DFGRegisterBank.h: - (JSC::DFG::RegisterBank::dump): - * dfg/DFGScoreBoard.h: - (JSC::DFG::ScoreBoard::dump): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::dump): - (JSC::DFG::SpeculativeJIT::checkConsistency): - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): - (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): - (JSC::DFG::SpeculativeJIT::fillSpeculateCell): - (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): - (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): - (JSC::DFG::SpeculativeJIT::fillSpeculateCell): - (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean): - * heap/Heap.cpp: - (JSC::Heap::destroy): - * heap/MarkedBlock.h: - * interpreter/CallFrame.cpp: - (JSC::CallFrame::dumpCaller): - * interpreter/Interpreter.cpp: - (JSC::Interpreter::dumpRegisters): - * jit/JIT.cpp: - (JSC::JIT::privateCompileMainPass): - (JSC::JIT::privateCompileSlowCases): - (JSC::JIT::privateCompile): - * jit/JITStubs.cpp: - (JSC::DEFINE_STUB_FUNCTION): - * profiler/Profile.cpp: - (JSC::Profile::debugPrintData): - (JSC::Profile::debugPrintDataSampleStyle): - * profiler/ProfileNode.cpp: - (JSC::ProfileNode::debugPrintData): - (JSC::ProfileNode::debugPrintDataSampleStyle): - * runtime/JSGlobalData.cpp: - (JSC::JSGlobalData::dumpRegExpTrace): - * runtime/RegExp.cpp: - (JSC::RegExp::matchCompareWithInterpreter): - * runtime/SamplingCounter.cpp: - (JSC::AbstractSamplingCounter::dump): - * runtime/SamplingCounter.h: - (JSC::DeletableSamplingCounter::~DeletableSamplingCounter): - * runtime/ScopeChain.cpp: - (JSC::ScopeChainNode::print): - * runtime/Structure.cpp: - (JSC::Structure::dumpStatistics): - (JSC::PropertyMapStatisticsExitLogger::~PropertyMapStatisticsExitLogger): - * tools/CodeProfile.cpp: - (JSC::CodeProfile::report): - * tools/ProfileTreeNode.h: - (JSC::ProfileTreeNode::dumpInternal): - * wtf/CMakeLists.txt: - * wtf/DataLog.cpp: Added. - (WTF): - (WTF::initializeLogFileOnce): - (WTF::initializeLogFile): - (WTF::dataFile): - (WTF::dataLogV): - (WTF::dataLog): - * wtf/DataLog.h: Added. - (WTF): - * wtf/HashTable.cpp: - (WTF::HashTableStats::~HashTableStats): - * wtf/MetaAllocator.cpp: - (WTF::MetaAllocator::dumpProfile): - * wtf/text/WTFString.cpp: - (String::show): - * yarr/YarrInterpreter.cpp: - (JSC::Yarr::ByteCompiler::dumpDisjunction): - -2012-02-11 Gavin Barraclough - - Move special __proto__ property to Object.prototype - https://bugs.webkit.org/show_bug.cgi?id=78409 - - Reviewed by Oliver Hunt. - - Re-implement this as a regular accessor property. This has three key benefits: - 1) It makes it possible for objects to be given properties named __proto__. - 2) Object.prototype.__proto__ can be deleted, preventing object prototypes from being changed. - 3) This largely removes the magic used the implement __proto__, it can just be made a regular accessor property. - - * parser/Parser.cpp: - (JSC::::parseFunctionInfo): - - No need to prohibit functions named __proto__. - * runtime/JSGlobalObject.cpp: - (JSC::JSGlobalObject::reset): - - Add __proto__ accessor to Object.prototype. - * runtime/JSGlobalObjectFunctions.cpp: - (JSC::globalFuncProtoGetter): - (JSC::globalFuncProtoSetter): - - Definition of the __proto__ accessor functions. - * runtime/JSGlobalObjectFunctions.h: - - Declaration of the __proto__ accessor functions. - * runtime/JSObject.cpp: - (JSC::JSObject::put): - - Remove the special handling for __proto__, there is still a check to allow for a fast guard for accessors excluding __proto__. - (JSC::JSObject::putDirectAccessor): - - Track on the structure whether an object contains accessors other than one for __proto__. - (JSC::JSObject::defineOwnProperty): - - No need to prohibit definition of own properties named __proto__. - * runtime/JSObject.h: - (JSC::JSObject::inlineGetOwnPropertySlot): - - Remove the special handling for __proto__. - (JSC::JSValue::get): - - Remove the special handling for __proto__. - * runtime/JSString.cpp: - (JSC::JSString::getOwnPropertySlot): - - Remove the special handling for __proto__. - * runtime/JSValue.h: - (JSValue): - - Made synthesizePrototype public (this may be needed by the __proto__ getter). - * runtime/ObjectConstructor.cpp: - (JSC::objectConstructorGetPrototypeOf): - - Perform the security check & call prototype() directly. - * runtime/Structure.cpp: - (JSC::Structure::Structure): - - Added 'ExcludingProto' variant of the 'hasGetterSetterProperties' state. - * runtime/Structure.h: - (JSC::Structure::hasGetterSetterPropertiesExcludingProto): - (JSC::Structure::setHasGetterSetterProperties): - (Structure): - - Added 'ExcludingProto' variant of the 'hasGetterSetterProperties' state. - -2012-02-11 Filip Pizlo - - DFG CFA assumes that a WeakJSConstant's structure is known - https://bugs.webkit.org/show_bug.cgi?id=78428 - - - Reviewed by Gavin Barraclough. - - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::execute): - -2012-02-11 Mark Hahnenberg - - Qt debug build fix - - * heap/MarkedBlock.cpp: - (JSC::MarkedBlock::callDestructor): Platforms that don't use clang will allocate - JSFinalObjects in the destuctor subspace, so we should remove this assert so it - doesn't cause crashes. - -2012-02-11 Filip Pizlo - - Old 32_64 JIT should assert that its use of map() is consistent with the DFG - OSR exit's expectations - https://bugs.webkit.org/show_bug.cgi?id=78419 - - - Reviewed by Oliver Hunt. - - * jit/JITInlineMethods.h: - (JSC::JIT::map): - -2012-02-11 Mark Hahnenberg - - Reduce the reentrancy limit of the interpreter for the iOS simulator - https://bugs.webkit.org/show_bug.cgi?id=78400 - - Reviewed by Gavin Barraclough. - - * interpreter/Interpreter.h: Lowered the maximum reentrancy limit for large thread stacks. - (JSC): - -2012-02-11 Filip Pizlo - - [DFG] Misuse of WeakJSConstants in silentFillGPR code. - https://bugs.webkit.org/show_bug.cgi?id=78423 - - - Reviewed by Sam Weinig. - - The code was using Node::isConstant(), when it was supposed to use Node::hasConstant(). - This patch is a surgical fix; the bigger problem is: why do we have isConstant() and - hasConstant() when hasConstant() is correct and isConstant() is almost always wrong? - - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::silentFillGPR): - -2012-02-11 Sam Weinig - - Prepare JavaScriptCore to build with libc++ - - https://bugs.webkit.org/show_bug.cgi?id=78424 - - Reviewed by Anders Carlsson. - - * wtf/NullPtr.cpp: - * wtf/NullPtr.h: - libc++ provides std::nullptr emulation, so we don't have to. - -2012-02-07 Filip Pizlo - - DFG should have polymorphic put_by_id caching - https://bugs.webkit.org/show_bug.cgi?id=78062 - - - Reviewed by Oliver Hunt. - - Implemented polymorphic put_by_id caching in the DFG, and added much of the - machinery that would be needed to implement it in the old JIT as well. - - I decided against using the old PolymorphicAccessStructureList mechanism as - this didn't quite fit with put_by_id. In particular, I wanted the ability to - have one list that captured all relevant cases (including proto put_by_id - if we ever decided to do it). And I wanted the code to have better - encapsulation. And I didn't want to get confused by the fact that the - original (non-list) put_by_id cache may itself consist of a stub routine. - - This code is still sub-optimal (for example adding a replace to a list whose - previous elements are all transitions should just repatch the original code, - but here it will generate a stub) but it already generates a >20% speed-up - on V8-splay, leading to a 2% win overall in splay. Neutral elsewhere. - - * CMakeLists.txt: - * GNUmakefile.list.am: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: - * JavaScriptCore.xcodeproj/project.pbxproj: - * Target.pri: - * bytecode/PolymorphicPutByIdList.cpp: Added. - (JSC): - (JSC::PutByIdAccess::fromStructureStubInfo): - (JSC::PutByIdAccess::visitWeak): - (JSC::PolymorphicPutByIdList::PolymorphicPutByIdList): - (JSC::PolymorphicPutByIdList::from): - (JSC::PolymorphicPutByIdList::~PolymorphicPutByIdList): - (JSC::PolymorphicPutByIdList::isFull): - (JSC::PolymorphicPutByIdList::isAlmostFull): - (JSC::PolymorphicPutByIdList::addAccess): - (JSC::PolymorphicPutByIdList::visitWeak): - * bytecode/PolymorphicPutByIdList.h: Added. - (JSC): - (PutByIdAccess): - (JSC::PutByIdAccess::PutByIdAccess): - (JSC::PutByIdAccess::transition): - (JSC::PutByIdAccess::replace): - (JSC::PutByIdAccess::isSet): - (JSC::PutByIdAccess::operator!): - (JSC::PutByIdAccess::type): - (JSC::PutByIdAccess::isTransition): - (JSC::PutByIdAccess::isReplace): - (JSC::PutByIdAccess::oldStructure): - (JSC::PutByIdAccess::structure): - (JSC::PutByIdAccess::newStructure): - (JSC::PutByIdAccess::chain): - (JSC::PutByIdAccess::stubRoutine): - (PolymorphicPutByIdList): - (JSC::PolymorphicPutByIdList::currentSlowPathTarget): - (JSC::PolymorphicPutByIdList::isEmpty): - (JSC::PolymorphicPutByIdList::size): - (JSC::PolymorphicPutByIdList::at): - (JSC::PolymorphicPutByIdList::operator[]): - (JSC::PolymorphicPutByIdList::kind): - * bytecode/PutKind.h: Added. - (JSC): - * bytecode/StructureStubInfo.cpp: - (JSC::StructureStubInfo::deref): - (JSC::StructureStubInfo::visitWeakReferences): - * bytecode/StructureStubInfo.h: - (JSC): - (JSC::isPutByIdAccess): - (JSC::StructureStubInfo::initPutByIdList): - (StructureStubInfo): - (JSC::StructureStubInfo::reset): - * dfg/DFGOperations.cpp: - * dfg/DFGOperations.h: - (DFG): - * dfg/DFGRepatch.cpp: - (JSC::DFG::appropriateGenericPutByIdFunction): - (JSC::DFG::appropriateListBuildingPutByIdFunction): - (DFG): - (JSC::DFG::emitPutReplaceStub): - (JSC::DFG::emitPutTransitionStub): - (JSC::DFG::tryCachePutByID): - (JSC::DFG::dfgRepatchPutByID): - (JSC::DFG::tryBuildPutByIdList): - (JSC::DFG::dfgBuildPutByIdList): - (JSC::DFG::dfgResetPutByID): - * dfg/DFGRepatch.h: - (DFG): - * runtime/WriteBarrier.h: - (WriteBarrierBase): - (JSC::WriteBarrierBase::copyFrom): - -2012-02-10 Vineet Chaudhary - - https://bugs.webkit.org/show_bug.cgi?id=72756 - DOMHTMLElement’s accessKey property is declared as available in WebKit version that didn’t have it - - Reviewed by Timothy Hatcher. - - * API/WebKitAvailability.h: Added AVAILABLE_AFTER_WEBKIT_VERSION_5_1 and - AVAILABLE_WEBKIT_VERSION_1_3_AND_LATER_BUT_DEPRECATED_AFTER_WEBKIT_VERSION_5_1 for the new versions. - -2012-02-10 Mark Hahnenberg - - Fixing windows build - - Unreviewed build fix - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - -2012-02-10 Adam Klein - - Enable MUTATION_OBSERVERS by default on all platforms - https://bugs.webkit.org/show_bug.cgi?id=78196 - - Reviewed by Ojan Vafai. - - * Configurations/FeatureDefines.xcconfig: - -2012-02-10 Yong Li - - ENABLE(ASSEMBLER_WX_EXCLUSIVE): LinkBuffer can leave pages not marked as executable. - https://bugs.webkit.org/show_bug.cgi?id=76724 - - Reviewed by Rob Buis. - - This issue only exists when both ENABLE(ASSEMBLER_WX_EXCLUSIVE) and ENABLE(BRANCH_COMPACTION) are on. - The size used to call makeExecutable can be smaller than the one that was used for makeWritable. - So it can leave pages behind that are not set back to default flags. When an assembly on one of those - pages is executed or JIT returns to those pages in the case it was already executing from there, the - software will crash. - - * assembler/LinkBuffer.h: Add m_initialSize and use it in performFinalization(). - (JSC::LinkBuffer::LinkBuffer): - (JSC::LinkBuffer::linkCode): - (JSC::LinkBuffer::performFinalization): - (LinkBuffer): - -2012-02-10 Mark Hahnenberg - - Split MarkedSpace into destructor and destructor-free subspaces - https://bugs.webkit.org/show_bug.cgi?id=77761 - - Reviewed by Geoffrey Garen. - - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject): Switched over to use destructor-free space. - * heap/Heap.h: - (JSC::Heap::allocatorForObjectWithoutDestructor): Added to give clients (e.g. the JIT) the ability to - pick which subspace they want to allocate out of. - (JSC::Heap::allocatorForObjectWithDestructor): Ditto. - (Heap): - (JSC::Heap::allocateWithDestructor): Added private function for CellAllocator to use. - (JSC): - (JSC::Heap::allocateWithoutDestructor): Ditto. - * heap/MarkedAllocator.cpp: Added the cellsNeedDestruction flag to allocators so that they can allocate - their MarkedBlocks correctly. - (JSC::MarkedAllocator::allocateBlock): - * heap/MarkedAllocator.h: - (JSC::MarkedAllocator::cellsNeedDestruction): - (MarkedAllocator): - (JSC::MarkedAllocator::MarkedAllocator): - (JSC): - (JSC::MarkedAllocator::init): Replaced custom set functions, which were only used upon initialization, with - an init function that does all of that stuff in fewer lines. - * heap/MarkedBlock.cpp: - (JSC::MarkedBlock::create): - (JSC::MarkedBlock::recycle): - (JSC::MarkedBlock::MarkedBlock): - (JSC::MarkedBlock::callDestructor): Templatized, along with specializedSweep and sweepHelper, to make - checking the m_cellsNeedDestructor flag faster and cleaner looking. - (JSC): - (JSC::MarkedBlock::specializedSweep): - (JSC::MarkedBlock::sweep): - (JSC::MarkedBlock::sweepHelper): - * heap/MarkedBlock.h: - (MarkedBlock): - (JSC::MarkedBlock::cellsNeedDestruction): - (JSC): - * heap/MarkedSpace.cpp: - (JSC::MarkedSpace::MarkedSpace): - (JSC::MarkedSpace::resetAllocators): - (JSC::MarkedSpace::canonicalizeCellLivenessData): - (JSC::TakeIfUnmarked::operator()): - * heap/MarkedSpace.h: - (MarkedSpace): - (Subspace): - (JSC::MarkedSpace::allocatorFor): Needed function to differentiate between the two broad subspaces of - allocators. - (JSC): - (JSC::MarkedSpace::destructorAllocatorFor): Ditto. - (JSC::MarkedSpace::allocateWithoutDestructor): Ditto. - (JSC::MarkedSpace::allocateWithDestructor): Ditto. - (JSC::MarkedSpace::forEachBlock): - * jit/JIT.h: - * jit/JITInlineMethods.h: Modified to use the proper allocator for JSFinalObjects and others. - (JSC::JIT::emitAllocateBasicJSObject): - (JSC::JIT::emitAllocateJSFinalObject): - (JSC::JIT::emitAllocateJSFunction): - * runtime/JSArray.cpp: - (JSC): - * runtime/JSArray.h: - (JSArray): - (JSC::JSArray::create): - (JSC): - (JSC::JSArray::tryCreateUninitialized): - * runtime/JSCell.h: - (JSCell): - (JSC): - (NeedsDestructor): Template struct that calculates at compile time whether the class in question requires - destruction or not using the compiler type trait __has_trivial_destructor. allocateCell then checks this - constant to decide whether to allocate in the destructor or destructor-free parts of the heap. - (JSC::allocateCell): - * runtime/JSFunction.cpp: - (JSC): - * runtime/JSFunction.h: - (JSFunction): - * runtime/JSObject.cpp: - (JSC): - * runtime/JSObject.h: - (JSNonFinalObject): - (JSC): - (JSFinalObject): - (JSC::JSFinalObject::create): - -2012-02-10 Adrienne Walker - - Remove implicit copy constructor usage in HashMaps with OwnPtr - https://bugs.webkit.org/show_bug.cgi?id=78071 - - Reviewed by Darin Adler. - - Change the return type of emptyValue() in PairHashTraits to be the - actual type returned rather than the trait type to avoid an implicit - generation of the OwnPtr copy constructor. This happens for hash - traits involving OwnPtr where the empty value is not zero and each - hash bucket needs to be initialized with emptyValue(). - - Also, update StructureTransitionTable to use default hash traits - rather than rolling its own, in order to update it to handle - EmptyValueType. - - Test: patch from bug 74154 compiles on Clang with this patch - - * runtime/StructureTransitionTable.h: - (StructureTransitionTable): - * wtf/HashTraits.h: - (GenericHashTraits): - (PairHashTraits): - (WTF::PairHashTraits::emptyValue): - -2012-02-10 Aron Rosenberg - - [Qt] Fix compiler warning in Visual Studio 2010 about TR1 - https://bugs.webkit.org/show_bug.cgi?id=63642 - - Reviewed by Simon Hausmann. - - * JavaScriptCore.pri: - -2012-02-10 Michael Saboff - - Yarr assert with regexp where alternative in *-quantified group matches empty - https://bugs.webkit.org/show_bug.cgi?id=67752 - - Reviewed by Gavin Barraclough. - - Added backtracking for the prior alternative if it matched - but didn't consume any input characters. - - * yarr/YarrJIT.cpp: - (YarrOp): New jump. - (JSC::Yarr::YarrGenerator::generate): Emit conditional jump - when an alternative matches and no input was consumed. Moved the - zero length match check for a set of alternatives to the alternative - code from the parentheses cases to the alternative end cases. - Converted the existing zero length checks in the parentheses cases - to runtime assertion checks. - (JSC::Yarr::YarrGenerator::backtrack): Link new jump to backtrack - to prior term. - -2012-02-10 Roland Takacs - - [Qt] GC should be parallel on Qt platform - https://bugs.webkit.org/show_bug.cgi?id=73309 - - Reviewed by Zoltan Herczeg. - - These changes made the parallel gc feature available for Qt port. - The implementation of "registerGCThread" and "isMainThreadOrGCThread", - and a local static function [initializeGCThreads] is moved from - MainThreadMac.mm to the common MainThread.cpp to make them available - for other platforms. - - Measurement results: - V8 speed-up: 1.025x as fast [From: 663.4ms To: 647.0ms ] - V8 Splay speed-up: 1.185x as fast [From: 138.4ms To: 116.8ms ] - - Tested on Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz with 4-core. - - * JavaScriptCore.order: - * wtf/MainThread.cpp: - (WTF::initializeMainThread): - (WTF): - (WTF::initializeGCThreads): - (WTF::registerGCThread): - (WTF::isMainThreadOrGCThread): - * wtf/MainThread.h: - (WTF): - * wtf/Platform.h: - * wtf/mac/MainThreadMac.mm: - (WTF): - -2012-02-09 Andy Wingo - - Eliminate dead code in BytecodeGenerator::resolve() - https://bugs.webkit.org/show_bug.cgi?id=78242 - - Reviewed by Gavin Barraclough. - - * bytecompiler/BytecodeGenerator.cpp: - (JSC::BytecodeGenerator::resolve): - BytecodeGenerator::shouldOptimizeLocals() is only true for - FunctionCode, and thus cannot be true for GlobalCode. - -2012-02-09 Andy Wingo - - Remove BytecodeGenerator::isLocal - https://bugs.webkit.org/show_bug.cgi?id=78241 - - Minor refactor to BytecodeGenerator. - - Reviewed by Gavin Barraclough. - - * bytecompiler/BytecodeGenerator.h: - * bytecompiler/BytecodeGenerator.cpp: - (JSC::BytecodeGenerator::isLocal): - (JSC::BytecodeGenerator::isLocalConstant): Remove now-unused - methods. - * bytecompiler/NodesCodegen.cpp: - (JSC::ResolveNode::isPure): Use the ResolveResult mechanism - instead of isLocal. This will recognize more resolve nodes as - being pure. - (JSC::PrefixResolveNode::emitBytecode): Use isReadOnly on the - location instead of isLocalConstant. - -2012-02-09 Oliver Hunt - - The JS Parser scope object needs a VectorTrait specialization - https://bugs.webkit.org/show_bug.cgi?id=78308 - - Reviewed by Gavin Barraclough. - - This showed up as a periodic crash in various bits of generated code - originally, but I've added an assertion in the bytecode generator - that makes the effected code much more crash-happy should it go - wrong again. - - * bytecompiler/BytecodeGenerator.cpp: - (JSC::BytecodeGenerator::BytecodeGenerator): - (JSC::BytecodeGenerator::resolve): - * parser/Parser.cpp: - * parser/Parser.h: - (JSC): - * runtime/JSActivation.h: - (JSC::JSActivation::isValidScopedLookup): - (JSActivation): - -2012-02-08 Oliver Hunt - - Whoops, fix the build. - - * runtime/Executable.cpp: - (JSC::FunctionExecutable::FunctionExecutable): - -2012-02-08 Oliver Hunt - - Fix issue encountered while debugging stacktraces - https://bugs.webkit.org/show_bug.cgi?id=78147 - - Reviewed by Gavin Barraclough. - - Debugging is easier if we always ensure that we have a non-null - inferred name. - - * runtime/Executable.cpp: - (JSC::FunctionExecutable::FunctionExecutable): - -2012-02-08 Oliver Hunt - - updateTopCallframe in the baseline JIT doesn't provide enough information to the stubs - https://bugs.webkit.org/show_bug.cgi?id=78145 - - Reviewed by Gavin Barraclough. - - Fix the updateTopCallFrame helper to store additional information - that becomes necessary when we are trying to provide more stack - frame information. - - * interpreter/CallFrame.h: - (JSC::ExecState::bytecodeOffsetForBaselineJIT): - (ExecState): - * jit/JIT.cpp: - (JSC::JIT::privateCompile): - * jit/JIT.h: - (JSC::JIT::compileGetByIdProto): - (JSC::JIT::compileGetByIdSelfList): - (JSC::JIT::compileGetByIdProtoList): - (JSC::JIT::compileGetByIdChainList): - (JSC::JIT::compileGetByIdChain): - (JSC::JIT::compilePutByIdTransition): - (JIT): - * jit/JITInlineMethods.h: - (JSC::JIT::updateTopCallFrame): - -2012-02-07 Robert Kroeger - - [chromium] Remove the enable marcro for the no longer necessary Chromium - gesture recognizer. - https://bugs.webkit.org/show_bug.cgi?id=77492 - - Reviewed by Adam Barth. - - * wtf/Platform.h: - -2012-02-07 Tony Chang - - merge DashboardSupportCSSPropertyNames.in into CSSPropertyNames.in - https://bugs.webkit.org/show_bug.cgi?id=78036 - - Reviewed by Darin Adler. - - * Configurations/FeatureDefines.xcconfig: Add ENABLE_DASHBOARD_SUPPORT to FEATURE_DEFINES. - -2012-02-07 Gyuyoung Kim - - [CMAKE] Use *bin* and *lib* directories for executable and libraries. - https://bugs.webkit.org/show_bug.cgi?id=77928 - - Reviewed by Daniel Bates. - - CMake has used *Programs* directory for executable. In addition, shared libraries are being - built in source directory. It is better to set common places in order to maintain executable - and libraries. *bin* is for executable and *lib* is for library. - - * shell/CMakeLists.txt: Change *Programs* with *bin*. - -2012-02-07 Gavin Barraclough - - Crash on http://www.rickshawbags.com/ - https://bugs.webkit.org/show_bug.cgi?id=78045 - - Reviewed by Darin Adler. - - Problem URL is: http://www.rickshawbags.com/customize/custom-bag#!thl=rickshaw/bag() - - This is a bug introduced by https://bugs.webkit.org/show_bug.cgi?id=71933, - isVariableObject() checks were excluding StaticScopeObjects, this patch - inadvertently changed them to be included. - - * runtime/JSType.h: - - sort JSType enum such that StaticScopeObjectType comes before VariableObjectType, - and thus is excluded from isVariableObject() checks. - -2012-02-06 Jer Noble - - Use CMClock as a timing source for PlatformClock where available. - https://bugs.webkit.org/show_bug.cgi?id=77885 - - Reviewed by Eric Carlson. - - * wtf/Platform.h: Added WTF_USE_COREMEDIA. - -2012-02-06 Filip Pizlo - - ValueToNumber and ValueToDouble nodes don't do anything and should be removed - https://bugs.webkit.org/show_bug.cgi?id=77855 - - - Reviewed by Gavin Barraclough. - - Removed ValueToNumber and ValueToDouble, because the only thing they were doing - was wasting registers. - - This looks like a 1% win on V8 (with a 5% win on crypto) and a 2-3% win on Kraken, - mostly due to a >10% win on gaussian-blur. No win anywhere else. - - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::execute): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::getToInt32): - (ByteCodeParser): - (JSC::DFG::ByteCodeParser::handleMinMax): - (JSC::DFG::ByteCodeParser::handleIntrinsic): - (JSC::DFG::ByteCodeParser::parseBlock): - * dfg/DFGNode.h: - (DFG): - (JSC::DFG::Node::hasArithNodeFlags): - * dfg/DFGPropagator.cpp: - (JSC::DFG::Propagator::propagateArithNodeFlags): - (JSC::DFG::Propagator::propagateNodePredictions): - (JSC::DFG::Propagator::vote): - (JSC::DFG::Propagator::doRoundOfDoubleVoting): - (Propagator): - (JSC::DFG::Propagator::fixupNode): - (JSC::DFG::Propagator::canonicalize): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - -2012-02-06 Patrick Gansterer - - Unreviewed WinCE build fix after r106197. - - * tools/CodeProfiling.cpp: - (JSC::CodeProfiling::notifyAllocator): getenv() isn't supported by WinCE. Don't call it. - -2012-02-05 Gavin Barraclough - - Remove JSObject defineGetter/defineSetter lookupGetter/lookupSetter - https://bugs.webkit.org/show_bug.cgi?id=77451 - - Reviewed by Sam Weinig. - - These can now all be implemented in terms of defineOwnProperty & getPropertyDescriptor. - Also remove initializeGetterSetterProperty, since this is equivalent to putDirectAccessor. - - * JavaScriptCore.exp: - * debugger/DebuggerActivation.cpp: - (JSC::DebuggerActivation::defineOwnProperty): - * debugger/DebuggerActivation.h: - (DebuggerActivation): - * runtime/ClassInfo.h: - (MethodTable): - (JSC): - * runtime/JSBoundFunction.cpp: - (JSC::JSBoundFunction::finishCreation): - * runtime/JSCell.cpp: - (JSC): - * runtime/JSCell.h: - (JSCell): - * runtime/JSFunction.cpp: - (JSC::JSFunction::getOwnPropertySlot): - (JSC::JSFunction::getOwnPropertyDescriptor): - * runtime/JSGlobalObject.cpp: - (JSC::JSGlobalObject::defineOwnProperty): - (JSC): - * runtime/JSGlobalObject.h: - (JSGlobalObject): - * runtime/JSObject.cpp: - (JSC): - * runtime/JSObject.h: - (JSObject): - * runtime/ObjectPrototype.cpp: - (JSC::objectProtoFuncDefineGetter): - (JSC::objectProtoFuncDefineSetter): - (JSC::objectProtoFuncLookupGetter): - (JSC::objectProtoFuncLookupSetter): - -2012-02-06 Carlos Garcia Campos - - Unreviewed. Fix make distcheck. - - * GNUmakefile.list.am: Add missing files. - -2012-02-05 Filip Pizlo - - DFG's child references from one node to another should have room for type information - https://bugs.webkit.org/show_bug.cgi?id=77797 - - Reviewed by Oliver Hunt. - - The DFG::Node::child fields now contain both a DFG::NodeIndex (which is just an unsigned) - and a DFG::UseKind (which is currently an effectively empty enum). They are encapsulated - together as a DFG::NodeUse, which can in most cases still be used as an index (for - example DFG::Graph, AbstractState, and SpeculativeJIT all accept NodeUse in most places - where they really want a NodeIndex). - - The NodeUse stores both the index and the UseKind without bloating the memory usage of - DFG::Node, since we really don't need full 32 bits for the NodeIndex (a DFG::Node is - roughly 11 words, so if we assume that we never want to use more than 1GB to DFG compile - something - likely a sensible assumption! - then we will only be able to have room for - about 24 million nodes, which means we only need about 24.5 bits for the node index). - Currently the DFG::NodeUse allocates 4 bits for the UseKind and 28 bits for the index, - but stores the index as a signed number to make NoNode work naturally. Hence we really - just have 27 bits for the index. - - This is performance-neutral on all benchmarks we track. - - * JavaScriptCore.xcodeproj/project.pbxproj: - * dfg/DFGAbstractState.h: - (JSC::DFG::AbstractState::forNode): - (AbstractState): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::getLocal): - (JSC::DFG::ByteCodeParser::getArgument): - (JSC::DFG::ByteCodeParser::toInt32): - (JSC::DFG::ByteCodeParser::addVarArgChild): - (JSC::DFG::ByteCodeParser::processPhiStack): - * dfg/DFGCommon.h: - * dfg/DFGGraph.cpp: - (JSC::DFG::Graph::dump): - (DFG): - * dfg/DFGGraph.h: - (Graph): - (JSC::DFG::Graph::operator[]): - (JSC::DFG::Graph::at): - (JSC::DFG::Graph::ref): - (JSC::DFG::Graph::deref): - (JSC::DFG::Graph::clearAndDerefChild1): - (JSC::DFG::Graph::clearAndDerefChild2): - (JSC::DFG::Graph::clearAndDerefChild3): - * dfg/DFGJITCompiler.h: - (JSC::DFG::JITCompiler::getPrediction): - * dfg/DFGNode.h: - (JSC::DFG::Node::Node): - (JSC::DFG::Node::child1): - (JSC::DFG::Node::child1Unchecked): - (JSC::DFG::Node::child2): - (JSC::DFG::Node::child3): - (JSC::DFG::Node::firstChild): - (JSC::DFG::Node::numChildren): - (JSC::DFG::Node::dumpChildren): - (Node): - * dfg/DFGNodeReferenceBlob.h: Added. - (DFG): - (NodeReferenceBlob): - (JSC::DFG::NodeReferenceBlob::NodeReferenceBlob): - (JSC::DFG::NodeReferenceBlob::child): - (JSC::DFG::NodeReferenceBlob::child1): - (JSC::DFG::NodeReferenceBlob::child2): - (JSC::DFG::NodeReferenceBlob::child3): - (JSC::DFG::NodeReferenceBlob::child1Unchecked): - (JSC::DFG::NodeReferenceBlob::initialize): - (JSC::DFG::NodeReferenceBlob::firstChild): - (JSC::DFG::NodeReferenceBlob::setFirstChild): - (JSC::DFG::NodeReferenceBlob::numChildren): - (JSC::DFG::NodeReferenceBlob::setNumChildren): - * dfg/DFGNodeUse.h: Added. - (DFG): - (NodeUse): - (JSC::DFG::NodeUse::NodeUse): - (JSC::DFG::NodeUse::indexUnchecked): - (JSC::DFG::NodeUse::index): - (JSC::DFG::NodeUse::setIndex): - (JSC::DFG::NodeUse::useKind): - (JSC::DFG::NodeUse::setUseKind): - (JSC::DFG::NodeUse::isSet): - (JSC::DFG::NodeUse::operator!): - (JSC::DFG::NodeUse::operator==): - (JSC::DFG::NodeUse::operator!=): - (JSC::DFG::NodeUse::shift): - (JSC::DFG::NodeUse::makeWord): - (JSC::DFG::operator==): - (JSC::DFG::operator!=): - * dfg/DFGPropagator.cpp: - (JSC::DFG::Propagator::propagateArithNodeFlags): - (JSC::DFG::Propagator::vote): - (JSC::DFG::Propagator::toDouble): - (JSC::DFG::Propagator::fixupNode): - (JSC::DFG::Propagator::canonicalize): - (JSC::DFG::Propagator::startIndex): - (JSC::DFG::Propagator::globalVarLoadElimination): - (JSC::DFG::Propagator::getByValLoadElimination): - (JSC::DFG::Propagator::getByOffsetLoadElimination): - (JSC::DFG::Propagator::performSubstitution): - (JSC::DFG::Propagator::performNodeCSE): - * dfg/DFGScoreBoard.h: - (JSC::DFG::ScoreBoard::use): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::useChildren): - (JSC::DFG::SpeculativeJIT::writeBarrier): - (JSC::DFG::SpeculativeJIT::nonSpeculativeStrictEq): - (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality): - (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch): - (JSC::DFG::SpeculativeJIT::compileMovHint): - (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): - (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray): - (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): - (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): - (JSC::DFG::SpeculativeJIT::compileSoftModulo): - (JSC::DFG::SpeculativeJIT::compileAdd): - (JSC::DFG::SpeculativeJIT::compileArithSub): - (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant): - (JSC::DFG::SpeculativeJIT::compileStrictEq): - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::at): - (JSC::DFG::SpeculativeJIT::canReuse): - (JSC::DFG::SpeculativeJIT::use): - (SpeculativeJIT): - (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch): - (JSC::DFG::SpeculativeJIT::speculationCheck): - (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution): - (JSC::DFG::IntegerOperand::IntegerOperand): - (JSC::DFG::DoubleOperand::DoubleOperand): - (JSC::DFG::JSValueOperand::JSValueOperand): - (JSC::DFG::StorageOperand::StorageOperand): - (JSC::DFG::SpeculateIntegerOperand::SpeculateIntegerOperand): - (JSC::DFG::SpeculateStrictInt32Operand::SpeculateStrictInt32Operand): - (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand): - (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand): - (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber): - (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32): - (JSC::DFG::SpeculativeJIT::cachedPutById): - (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull): - (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull): - (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull): - (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch): - (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare): - (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq): - (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq): - (JSC::DFG::SpeculativeJIT::emitCall): - (JSC::DFG::SpeculativeJIT::compileValueAdd): - (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot): - (JSC::DFG::SpeculativeJIT::compileLogicalNot): - (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): - (JSC::DFG::SpeculativeJIT::emitBranch): - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber): - (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32): - (JSC::DFG::SpeculativeJIT::cachedPutById): - (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull): - (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull): - (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull): - (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch): - (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare): - (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq): - (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq): - (JSC::DFG::SpeculativeJIT::emitCall): - (JSC::DFG::SpeculativeJIT::compileObjectEquality): - (JSC::DFG::SpeculativeJIT::compileValueAdd): - (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot): - (JSC::DFG::SpeculativeJIT::compileLogicalNot): - (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): - (JSC::DFG::SpeculativeJIT::emitBranch): - (JSC::DFG::SpeculativeJIT::compile): - -2012-02-05 Gyuyoung Kim - - [CMAKE] Support javascriptcore test for EFL port. - https://bugs.webkit.org/show_bug.cgi?id=77425 - - Reviewed by Daniel Bates. - - Efl and WinCE as well as Blackberry port are now using Cmake as its build system - and they are share the make file to create jsc excutable. In order to run - "run-javascriptcore-tests", EFL port needs to change jsc installation configuration - with executable output directory(e.g. Programs). So, this patch change jsc installation - configuration only for EFL port. - - * shell/CMakeLists.txt: - -2012-02-04 Gavin Barraclough - - Rubber stamped by Sam Weinig. - - * yarr/YarrPattern.cpp: - (JSC::Yarr::YarrPatternConstructor::quantifyAtom): - - Fix comment. - -2012-02-04 Kalev Lember - - [GTK] CurrentTime: Reorder headers for win32 - https://bugs.webkit.org/show_bug.cgi?id=77808 - - Reviewed by Martin Robinson. - - In GTK+ win32 port, monotonicallyIncreasingTime() implementation is - based on g_get_monotonic_time(). Reorder headers to make sure glib.h - gets included even when the platform is win32. - - CurrentTime.cpp: In function 'double WTF::monotonicallyIncreasingTime()': - CurrentTime.cpp:321:53: error: 'g_get_monotonic_time' was not declared in this scope - CurrentTime.cpp:322:1: warning: control reaches end of non-void function [-Wreturn-type] - - * wtf/CurrentTime.cpp: - -2012-02-03 Anders Carlsson - - Prefix the typedef in WTF_MAKE_FAST_ALLOCATED with underscores - https://bugs.webkit.org/show_bug.cgi?id=77788 - - Reviewed by Andreas Kling. - - The current typedef name, 'ThisIsHereToForceASemicolonAfterThisMacro', shows up when trying to - code-complete 'this' in Xcode. Prefix the typedef with two underscores to stop this from happening. - - * wtf/FastAllocBase.h: - -2012-02-03 Rob Buis - - Fix alignment warnings in ARMv7 - https://bugs.webkit.org/show_bug.cgi?id=55368 - - Reviewed by Filip Pizlo. - - Use reinterpret_cast_ptr and static_cast to get rid of alignment issues in ARMv7 code. - - * heap/HandleTypes.h: - (JSC::HandleTypes::getFromSlot): - * heap/MarkedBlock.cpp: - (JSC::MarkedBlock::specializedSweep): - * heap/MarkedBlock.h: - (JSC::MarkedBlock::forEachCell): - * runtime/WriteBarrier.h: - (JSC::WriteBarrierBase::get): - (JSC::WriteBarrierBase::unvalidatedGet): - -2012-02-03 Mark Hahnenberg - - Build fix - - Unreviewed build fix - - Forgot to add a couple files. - - * heap/MarkedAllocator.cpp: Added. - (JSC): - (JSC::MarkedAllocator::tryAllocateHelper): - (JSC::MarkedAllocator::tryAllocate): - (JSC::MarkedAllocator::allocateSlowCase): - (JSC::MarkedAllocator::allocateBlock): - (JSC::MarkedAllocator::addBlock): - (JSC::MarkedAllocator::removeBlock): - * heap/MarkedAllocator.h: Added. - (JSC): - (DFG): - (MarkedAllocator): - (JSC::MarkedAllocator::cellSize): - (JSC::MarkedAllocator::heap): - (JSC::MarkedAllocator::setHeap): - (JSC::MarkedAllocator::setCellSize): - (JSC::MarkedAllocator::setMarkedSpace): - (JSC::MarkedAllocator::MarkedAllocator): - (JSC::MarkedAllocator::allocate): - (JSC::MarkedAllocator::reset): - (JSC::MarkedAllocator::zapFreeList): - (JSC::MarkedAllocator::forEachBlock): - -2012-02-03 Mark Hahnenberg - - Refactor MarkedBlock::SizeClass into a separate class - https://bugs.webkit.org/show_bug.cgi?id=77600 - - Reviewed by Geoffrey Garen. - - We pulled SizeClass out into its own class, named MarkedAllocator, and gave it - the responsibility of allocating objects from the collection of MarkedBlocks - that it manages. Also limited the amount of coupling to internal data fields - from other places, although it's mostly unavoidable in the JIT code. - - Eventually MarkedAllocator will implement various policies to do with object - management, e.g. whether or not to run destructors on objects that it manages. - MarkedSpace will manage a collection of MarkedAllocators with varying policies, - as it does now but to a larger extent. - - * CMakeLists.txt: - * GNUmakefile.list.am: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: - * JavaScriptCore.xcodeproj/project.pbxproj: - * Target.pri: - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject): - * heap/Heap.cpp: - (JSC::Heap::collect): - (JSC::Heap::resetAllocators): - * heap/Heap.h: - (JSC::Heap::allocatorForObject): - (Heap): - * heap/MarkedAllocator.cpp: Added. - (JSC): - (JSC::MarkedAllocator::tryAllocateHelper): - (JSC::MarkedAllocator::tryAllocate): - (JSC::MarkedAllocator::allocateSlowCase): - (JSC::MarkedAllocator::allocateBlock): - (JSC::MarkedAllocator::addBlock): - (JSC::MarkedAllocator::removeBlock): - * heap/MarkedAllocator.h: Added. - (JSC): - (DFG): - (MarkedAllocator): - (JSC::MarkedAllocator::cellSize): - (JSC::MarkedAllocator::heap): - (JSC::MarkedAllocator::setHeap): - (JSC::MarkedAllocator::setCellSize): - (JSC::MarkedAllocator::setMarkedSpace): - (JSC::MarkedAllocator::MarkedAllocator): - (JSC::MarkedAllocator::allocate): - (JSC::MarkedAllocator::reset): - (JSC::MarkedAllocator::zapFreeList): - (JSC::MarkedAllocator::forEachBlock): - * heap/MarkedSpace.cpp: - (JSC::MarkedSpace::MarkedSpace): - (JSC::MarkedSpace::resetAllocators): - (JSC::MarkedSpace::canonicalizeCellLivenessData): - (JSC::TakeIfUnmarked::operator()): - * heap/MarkedSpace.h: - (MarkedSpace): - (JSC::MarkedSpace::allocatorFor): - (JSC::MarkedSpace::allocate): - (JSC::MarkedSpace::forEachBlock): - (JSC::MarkedSpace::didAddBlock): - (JSC::MarkedSpace::didConsumeFreeList): - * jit/JITInlineMethods.h: - (JSC::JIT::emitAllocateBasicJSObject): - -2012-02-03 Simon Hausmann - - [Qt] Replace GNU linker script for exports with export macros in WTF/JSC - https://bugs.webkit.org/show_bug.cgi?id=77723 - - Reviewed by Tor Arne Vestbø. - - * wtf/Platform.h: Enable use of export macros. - -2012-02-02 Hajime Morrita - - Unreviewed, removing an unnecessarily JS_PRIVATE_EXPORT annotation. - - * interpreter/Interpreter.h: - (Interpreter): - -2012-01-31 Hajime Morrita - - [Mac] eliminate JavaScriptCore.exp - https://bugs.webkit.org/show_bug.cgi?id=72854 - - Reviewed by Darin Adler. - - - Removed exp files and corresponding makefile entries. - - Changed the build configuration no to use exp file. - - * Configurations/JavaScriptCore.xcconfig: - * DerivedSources.make: - * JavaScriptCore.JSVALUE32_64only.exp: Removed. - * JavaScriptCore.JSVALUE64only.exp: Removed. - * JavaScriptCore.exp: Removed. - * JavaScriptCore.xcodeproj/project.pbxproj: - * wtf/Platform.h: - -2012-02-02 Benjamin Poulain - - Running a Web Worker on about:blank crashes the interpreter - https://bugs.webkit.org/show_bug.cgi?id=77593 - - Reviewed by Michael Saboff. - - The method Interpreter::execute() was crashing on empty programs because - the assumption is made the source is not null. - - This patch shortcut the execution when the String is null to avoid invalid - memory access. - - * interpreter/Interpreter.cpp: - (JSC::Interpreter::execute): - -2012-02-02 Kalev Lember - - [GTK] Use win32 native threading - https://bugs.webkit.org/show_bug.cgi?id=77676 - - Reviewed by Martin Robinson. - - r97269 switched from glib threading to pthreads, breaking win32 GTK+. - This is a follow up, removing some leftovers in ThreadSpecific.h and - switching win32 to use the native threading in ThreadingWin.cpp. - - * GNUmakefile.list.am: Compile in win32 native threading support - * wtf/ThreadSpecific.h: Remove GTK+-specific definitions - (ThreadSpecific): - (WTF::::destroy): - -2012-02-02 Filip Pizlo - - retrieveCallerFromVMCode should call trueCallerFrame - https://bugs.webkit.org/show_bug.cgi?id=77684 - - Reviewed by Oliver Hunt. - - * interpreter/Interpreter.cpp: - (JSC::Interpreter::retrieveCallerFromVMCode): - -2012-02-02 Kalev Lember - - [GTK] Implement current executable path finding for win32 - https://bugs.webkit.org/show_bug.cgi?id=77677 - - Reviewed by Martin Robinson. - - The WTF helper for getting the binary path that was added in r101710 - left out the win32 implementation. Fix this. - - * wtf/gobject/GlibUtilities.cpp: - (getCurrentExecutablePath): - -2012-02-02 Filip Pizlo - - Throwing away bytecode and then reparsing during DFG optimization is just - plain wrong and makes things crash - https://bugs.webkit.org/show_bug.cgi?id=77680 - - - Reviewed by Oliver Hunt. - - This is the minimal surgical fix: it removes the code that triggered bytecode - throw-away. Once we're confident that this is a good idea, we can kill all of - the code that implements the feature. - - * bytecode/CodeBlock.h: - (JSC::CodeBlock::discardBytecodeLater): - (JSC::CodeBlock::addValueProfile): - * jit/JITDriver.h: - (JSC::jitCompileIfAppropriate): - (JSC::jitCompileFunctionIfAppropriate): - -2012-02-02 Filip Pizlo - - Release build debugging should be easier - https://bugs.webkit.org/show_bug.cgi?id=77669 - - Reviewed by Gavin Barraclough. - - * assembler/ARMAssembler.h: - (ARMAssembler): - (JSC::ARMAssembler::debugOffset): - * assembler/ARMv7Assembler.h: - (ARMv7Assembler): - (JSC::ARMv7Assembler::debugOffset): - (ARMInstructionFormatter): - (JSC::ARMv7Assembler::ARMInstructionFormatter::debugOffset): - * assembler/AbstractMacroAssembler.h: - (AbstractMacroAssembler): - (JSC::AbstractMacroAssembler::debugOffset): - * assembler/AssemblerBuffer.h: - (AssemblerBuffer): - (JSC::AssemblerBuffer::debugOffset): - * assembler/LinkBuffer.h: - (LinkBuffer): - (JSC::LinkBuffer::debugSize): - * assembler/MIPSAssembler.h: - (MIPSAssembler): - (JSC::MIPSAssembler::debugOffset): - * assembler/X86Assembler.h: - (X86Assembler): - (JSC::X86Assembler::debugOffset): - (X86InstructionFormatter): - (JSC::X86Assembler::X86InstructionFormatter::debugOffset): - * bytecode/CodeBlock.cpp: - (JSC): - * bytecode/CodeBlock.h: - (CodeBlock): - * bytecode/CodeOrigin.h: - (CodeOrigin): - (JSC): - (JSC::CodeOrigin::inlineStack): - * bytecode/DFGExitProfile.h: - (JSC::DFG::exitKindToString): - * bytecode/DataFormat.h: - (JSC::dataFormatToString): - * bytecode/PredictedType.cpp: - (JSC): - (JSC::predictionToString): - * bytecode/PredictedType.h: - (JSC): - * bytecode/ValueRecovery.h: - (ValueRecovery): - (JSC::ValueRecovery::dump): - * bytecompiler/BytecodeGenerator.cpp: - (JSC): - (JSC::BytecodeGenerator::setDumpsGeneratedCode): - (JSC::BytecodeGenerator::dumpsGeneratedCode): - (JSC::BytecodeGenerator::generate): - * dfg/DFGAbstractValue.h: - (StructureAbstractValue): - (JSC::DFG::StructureAbstractValue::dump): - (AbstractValue): - (JSC::DFG::AbstractValue::dump): - * dfg/DFGAssemblyHelpers.h: - (DFG): - (AssemblyHelpers): - (JSC::DFG::AssemblyHelpers::debugCall): - * dfg/DFGFPRInfo.h: - (FPRInfo): - (JSC::DFG::FPRInfo::debugName): - * dfg/DFGGPRInfo.h: - (GPRInfo): - (JSC::DFG::GPRInfo::debugName): - * dfg/DFGGraph.cpp: - (DFG): - * dfg/DFGGraph.h: - (Graph): - * dfg/DFGNode.h: - (DFG): - (JSC::DFG::arithNodeFlagsAsString): - (Node): - (JSC::DFG::Node::hasIdentifier): - (JSC::DFG::Node::dumpChildren): - * dfg/DFGOSRExit.cpp: - (DFG): - (JSC::DFG::OSRExit::dump): - * dfg/DFGOSRExit.h: - (OSRExit): - * runtime/JSValue.cpp: - (JSC): - (JSC::JSValue::description): - * runtime/JSValue.h: - (JSValue): - * wtf/BitVector.cpp: - (WTF): - (WTF::BitVector::dump): - * wtf/BitVector.h: - (BitVector): - -2012-02-02 Oliver Hunt - - Getters and setters cause line numbers in errors/console.log to be offset for the whole file - https://bugs.webkit.org/show_bug.cgi?id=77675 - - Reviewed by Timothy Hatcher. - - Our default literal parsing logic doesn't handle the extra work required for - getters and setters. When it encounters one, it rolls back the lexer and - then switches to a more complete parsing function. Unfortunately it was only - winding back the character position, and was ignoring the line number and - other lexer data. This led to every getter and setter causing the line number - to be incorrectly incremented leading to increasingly incorrect numbers for - the rest of the file. - - * parser/Parser.cpp: - (JSC::::parseObjectLiteral): - -2012-02-02 Andy Wingo - - Fix type punning warning in HashTable.h debug builds - https://bugs.webkit.org/show_bug.cgi?id=77422 - - Reviewed by Gavin Barraclough. - - * wtf/HashTable.h (WTF::HashTable::checkKey): Fix type punning - warning appearing in debug builds with gcc-4.6.2 on GNU/Linux. - -2012-02-01 Michael Saboff - - Yarr crash with regexp replace - https://bugs.webkit.org/show_bug.cgi?id=67454 - - Reviewed by Gavin Barraclough. - - Properly handle the case of a back reference to an unmatched - subpattern by always matching without consuming any characters. - - * yarr/YarrInterpreter.cpp: - (JSC::Yarr::Interpreter::matchBackReference): - (JSC::Yarr::Interpreter::backtrackBackReference): - -2012-02-01 Gavin Barraclough - - calling function on catch block scope containing an eval result in wrong this value being passed - https://bugs.webkit.org/show_bug.cgi?id=77581 - - Reviewed by Oliver Hunt. - - javascript:function F(){ return 'F' in this; }; try { throw F; } catch (e) { eval(""); alert(e()); } - - * bytecompiler/NodesCodegen.cpp: - (JSC::TryNode::emitBytecode): - * interpreter/Interpreter.cpp: - (JSC::Interpreter::execute): - * parser/ASTBuilder.h: - (JSC::ASTBuilder::createTryStatement): - * parser/NodeConstructors.h: - (JSC::TryNode::TryNode): - * parser/Nodes.h: - (TryNode): - * parser/Parser.cpp: - (JSC::::parseTryStatement): - * parser/SyntaxChecker.h: - (JSC::SyntaxChecker::createTryStatement): - * runtime/JSObject.h: - (JSObject): - (JSC::JSObject::isStaticScopeObject): - (JSC): - -2012-02-01 Oliver Hunt - - Add support for inferred function names - https://bugs.webkit.org/show_bug.cgi?id=77579 - - Reviewed by Gavin Barraclough. - - Add new "inferred" names to function expressions, getters, and setters. - This property is not exposed to JS, so is only visible in the debugger - and profiler. - - * JavaScriptCore.exp: - * bytecompiler/BytecodeGenerator.h: - (JSC::BytecodeGenerator::makeFunction): - * debugger/DebuggerCallFrame.cpp: - (JSC::DebuggerCallFrame::calculatedFunctionName): - * parser/ASTBuilder.h: - (JSC::ASTBuilder::createAssignResolve): - (JSC::ASTBuilder::createGetterOrSetterProperty): - (JSC::ASTBuilder::createProperty): - (JSC::ASTBuilder::makeAssignNode): - * parser/Nodes.h: - (JSC::FunctionBodyNode::setInferredName): - (JSC::FunctionBodyNode::inferredName): - (FunctionBodyNode): - * profiler/Profiler.cpp: - (JSC): - (JSC::Profiler::createCallIdentifier): - (JSC::createCallIdentifierFromFunctionImp): - * runtime/Executable.cpp: - (JSC::FunctionExecutable::FunctionExecutable): - (JSC::FunctionExecutable::fromGlobalCode): - * runtime/Executable.h: - (JSC::FunctionExecutable::create): - (JSC::FunctionExecutable::inferredName): - (FunctionExecutable): - * runtime/JSFunction.cpp: - (JSC::JSFunction::calculatedDisplayName): - (JSC): - (JSC::getCalculatedDisplayName): - * runtime/JSFunction.h: - (JSC): - -2012-02-01 Filip Pizlo - - DFG should fold double-to-int conversions - https://bugs.webkit.org/show_bug.cgi?id=77532 - - Reviewed by Oliver Hunt. - - Performance neutral on major benchmarks. But it makes calling V8's - Math.random() 4x faster. - - * bytecode/CodeBlock.cpp: - (JSC): - (JSC::CodeBlock::addOrFindConstant): - * bytecode/CodeBlock.h: - (JSC::CodeBlock::addConstant): - (CodeBlock): - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::execute): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::toInt32): - (ByteCodeParser): - (JSC::DFG::ByteCodeParser::getJSConstantForValue): - (JSC::DFG::ByteCodeParser::isInt32Constant): - * dfg/DFGGraph.h: - (JSC::DFG::Graph::addShouldSpeculateInteger): - (Graph): - (JSC::DFG::Graph::addImmediateShouldSpeculateInteger): - * dfg/DFGPropagator.cpp: - (JSC::DFG::Propagator::propagateNodePredictions): - (JSC::DFG::Propagator::doRoundOfDoubleVoting): - (JSC::DFG::Propagator::fixupNode): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compileAdd): - (DFG): - (JSC::DFG::SpeculativeJIT::compileArithSub): - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::valueOfNumberConstantAsInt32): - (SpeculativeJIT): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * runtime/JSValueInlineMethods.h: - (JSC::JSValue::asDouble): - -2012-02-01 Filip Pizlo - - DFG graph dump for GetScopedVar should show the correct prediction - https://bugs.webkit.org/show_bug.cgi?id=77530 - - Reviewed by Geoff Garen. - - GetScopedVar has a heap prediction, not a variable prediction. But it does - have a variable. Hence we need to check for heap predictions before checking - for variable predictions. - - * dfg/DFGGraph.cpp: - (JSC::DFG::Graph::dump): - -2012-02-01 Mark Hahnenberg - - Replace JSArray destructor with finalizer - https://bugs.webkit.org/show_bug.cgi?id=77488 - - Reviewed by Geoffrey Garen. - - * JavaScriptCore.exp: - * runtime/JSArray.cpp: - (JSC::JSArray::finalize): Added finalizer. - (JSC::JSArray::allocateSparseMap): Factored out code for allocating new sparse maps. - (JSC): - (JSC::JSArray::deallocateSparseMap): Factored out code for deallocating sparse maps. - (JSC::JSArray::enterDictionaryMode): Renamed enterSparseMode to enterDictionaryMode - because the old name was confusing because we could have a sparse array that never - called enterSparseMode. - (JSC::JSArray::defineOwnNumericProperty): - (JSC::JSArray::setLengthWritable): - (JSC::JSArray::putByIndexBeyondVectorLength): - (JSC::JSArray::setLength): - (JSC::JSArray::pop): - (JSC::JSArray::sort): - (JSC::JSArray::compactForSorting): - * runtime/JSArray.h: - (JSArray): - -2012-02-01 Andy Wingo - - Refactor identifier resolution in BytecodeGenerator - https://bugs.webkit.org/show_bug.cgi?id=76285 - - Reviewed by Geoffrey Garen. - - * bytecompiler/BytecodeGenerator.h: - (JSC::ResolveResult): New class, to describe the storage - location corresponding to an identifier in a program. - * bytecompiler/BytecodeGenerator.cpp: - (JSC::BytecodeGenerator::resolve): New function, replacing - findScopedProperty. - (JSC::BytecodeGenerator::resolveConstDecl): New function, - encapsulating what ConstDeclNode::emitBytecode used to do. - (JSC::BytecodeGenerator::emitGetStaticVar): - (JSC::BytecodeGenerator::emitPutStaticVar): New functions, - corresponding to the old emitGetScopedVar and emitPutScopedVar. - (JSC::BytecodeGenerator::registerFor): Remove version that took an - Identifier&; replaced by ResolveResult::local(). - (JSC::BytecodeGenerator::emitResolve): - (JSC::BytecodeGenerator::emitResolveBase): - (JSC::BytecodeGenerator::emitResolveBaseForPut): - (JSC::BytecodeGenerator::emitResolveWithBase): - (JSC::BytecodeGenerator::emitResolveWithThis): Change to accept a - "resolveResult" argument. This is more clear, and reduces the - amount of double analysis happening at compile-time. - * bytecompiler/NodesCodegen.cpp: - (JSC::ResolveNode::emitBytecode): - (JSC::EvalFunctionCallNode::emitBytecode): - (JSC::FunctionCallResolveNode::emitBytecode): - (JSC::PostfixResolveNode::emitBytecode): - (JSC::DeleteResolveNode::emitBytecode): - (JSC::TypeOfResolveNode::emitBytecode): - (JSC::PrefixResolveNode::emitBytecode): - (JSC::ReadModifyResolveNode::emitBytecode): - (JSC::AssignResolveNode::emitBytecode): - (JSC::ConstDeclNode::emitCodeSingle): - (JSC::ForInNode::emitBytecode): Refactor to use the new - ResolveResult structure. - -2012-02-01 Csaba Osztrogonác - - Implement Error.stack - https://bugs.webkit.org/show_bug.cgi?id=66994 - - Unreviewed, rolling out r106407. - - * JavaScriptCore.exp: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - * interpreter/AbstractPC.cpp: - (JSC::AbstractPC::AbstractPC): - * interpreter/Interpreter.cpp: - (JSC::Interpreter::throwException): - * interpreter/Interpreter.h: - (JSC): - (Interpreter): - * jsc.cpp: - (GlobalObject::finishCreation): - * parser/Parser.h: - (JSC::::parse): - * runtime/CommonIdentifiers.h: - * runtime/Error.cpp: - (JSC::addErrorInfo): - * runtime/Error.h: - (JSC): - -2012-01-31 Hajime Morrita - - Add missing JS_PRIVATE_EXPORTs - https://bugs.webkit.org/show_bug.cgi?id=77507 - - Reviewed by Kevin Ollivier. - - * heap/MarkedSpace.h: - (MarkedSpace): - * interpreter/Interpreter.h: - (Interpreter): - * runtime/JSValue.h: - (JSValue): - * wtf/text/AtomicString.h: - (WTF::AtomicString::add): - * wtf/text/WTFString.h: - (WTF): - -2012-01-31 Geoffrey Garen - - Stop using -fomit-frame-pointer - https://bugs.webkit.org/show_bug.cgi?id=77403 - - Reviewed by Filip Pizlo. - - JavaScriptCore is too fast. I'm just the man to fix it. - - * Configurations/JavaScriptCore.xcconfig: - -2012-01-31 Michael Saboff - - StringProtoFuncToUpperCase should call StringImpl::upper similar to StringProtoToLowerCase - https://bugs.webkit.org/show_bug.cgi?id=76647 - - Reviewed by Darin Adler. - - Changed stringProtoFuncToUpperCase to call StringImpl::upper() in a manor similar - to stringProtoFuncToLowerCase(). Fixed StringImpl::upper() to handle to special - cases. One case is s-sharp (0xdf) which converts to "SS". The other case is - for characters which become 16 bit values when converted to upper case. For - those, we up convert the the source string and use the 16 bit path. - - * runtime/StringPrototype.cpp: - (JSC::stringProtoFuncToUpperCase): - * wtf/text/StringImpl.cpp: - (WTF::StringImpl::upper): - * wtf/unicode/CharacterNames.h: - (smallLetterSharpS): New constant - -2012-01-31 Oliver Hunt - - Remove unneeded sourceId property - https://bugs.webkit.org/show_bug.cgi?id=77495 - - Reviewed by Filip Pizlo. - - sourceId isn't used anymore, so we'll just remove it. - - * runtime/Error.cpp: - (JSC): - (JSC::addErrorInfo): - (JSC::hasErrorInfo): - -2012-01-31 Oliver Hunt - - Implement Error.stack - https://bugs.webkit.org/show_bug.cgi?id=66994 - - Reviewed by Gavin Barraclough. - - Original patch by Juan Carlos Montemayor Elosua: - This patch utilizes topCallFrame to create a stack trace when - an error is thrown. Users will also be able to use the stack() - command in jsc to get arrays with stack trace information. - - Modified to be correct on ToT, with a variety of correctness, - performance, and security improvements. - - * JavaScriptCore.exp: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - * interpreter/Interpreter.cpp: - (JSC::getCallerLine): - (JSC::getSourceURLFromCallFrame): - (JSC::getStackFrameCodeType): - (JSC::Interpreter::getStackTrace): - (JSC::Interpreter::throwException): - * interpreter/Interpreter.h: - (JSC::StackFrame::toString): - * jsc.cpp: - (GlobalObject::finishCreation): - (functionJSCStack): - * parser/Parser.h: - (JSC::Parser::parse): - * runtime/CommonIdentifiers.h: - * runtime/Error.cpp: - (JSC::addErrorInfo): - * runtime/Error.h: - -2012-01-31 Scott Graham - - [Chromium] Remove references to gyp cygwin build target - https://bugs.webkit.org/show_bug.cgi?id=77253 - - Reviewed by Julien Chaffraix. - - Target dependency is no longer required, it's done earlier in the - build process. - - * JavaScriptCore.gyp/JavaScriptCore.gyp: - -2012-01-31 Michael Saboff - - ASSERT(m_jumpsToLink.isEmpty()) failing in ARMv7Assembler dtor - https://bugs.webkit.org/show_bug.cgi?id=77443 - - Reviewed by Gavin Barraclough. - - Removed failing ASSERT() and thus destructor. The ASSERT isn't needed. - We are hitting it in the YARR JIT case where we bail out and go to the - interpreter with a partially JIT'ed function. Since we haven't linked - the JIT'ed code, there is likely to be some unresolved jumps in the vector - when the ARMv7Assembler destructor is called. For the case where we - complete the JIT process, we clear the vector at the end of - LinkBuffer::linkCode (LinkBuffer.h:292). - - * assembler/ARMv7Assembler.h: - (ARMv7Assembler): - -2012-01-31 Anders Carlsson - - Vector::operator== shouldn't require T to have operator!= - https://bugs.webkit.org/show_bug.cgi?id=77448 - - Reviewed by Andreas Kling. - - Change VectorComparer::compare to use !(a == b) instead of a != b since - it makes more sense for Vector::operator== to use the element's operator==. - - * wtf/Vector.h: - -2012-01-30 Oliver Hunt - - get_by_val_arguments is broken in the interpreter - https://bugs.webkit.org/show_bug.cgi?id=77389 - - Reviewed by Gavin Barraclough. - - When get_by_val had wad a value profile added, the same slot was not added to - get_by_val_arguments. This broke the interpreter as the interpreter falls - back on its regular get_by_val implementation. - - No tests are added as the interpreter is fairly broken in its - current state (multiple tests fail due to this bug). - - * bytecode/CodeBlock.cpp: - (JSC::CodeBlock::dump): - * bytecode/Opcode.h: - (JSC): - (): - * bytecompiler/BytecodeGenerator.cpp: - (JSC::BytecodeGenerator::emitGetArgumentByVal): - -2012-01-30 Oliver Hunt - - Unexpected syntax error - https://bugs.webkit.org/show_bug.cgi?id=77340 - - Reviewed by Gavin Barraclough. - - Function calls and new expressions have the same semantics for - assignment, so should simply share their lhs handling. - - * parser/Parser.cpp: - (JSC::::parseMemberExpression): - -2012-01-30 Gavin Barraclough - - Unreviewed ARMv7 build fix. - - * tools/CodeProfiling.cpp: - (JSC): - (JSC::setProfileTimer): - (JSC::CodeProfiling::begin): - (JSC::CodeProfiling::end): - -2012-01-30 David Levin - - Using OS(WIN) or OS(MAC) should cause a build error. - https://bugs.webkit.org/show_bug.cgi?id=77162 - - Reviewed by Darin Adler. - - * wtf/Platform.h: Expand them into something that will - cause a compile error. - -2012-01-30 Yong Li - - [BlackBerry] OS(QNX) also has TM_GMTOFF, TM_ZONE, and TIMEGM - https://bugs.webkit.org/show_bug.cgi?id=77360 - - Reviewed by Rob Buis. - - Turn on HAVE(TM_GMTOFF), HAVE(TM_ZONE), and HAVE(TIMEGM) - for OS(QNX). - - * wtf/Platform.h: - -2012-01-30 Gavin Barraclough - - Speculative Windows build fix. - - * assembler/MacroAssemblerCodeRef.h: - (FunctionPtr): - -2012-01-30 Gavin Barraclough - - https://bugs.webkit.org/show_bug.cgi?id=77163 - MacroAssemblerCodeRef.h uses OS(WIN) instead of OS(WINDOWS) - - Rubber stamped by Geoff Garen - - * assembler/MacroAssemblerCodeRef.h: - -2012-01-30 Gavin Barraclough - - Unreviewed build fix for interpreter builds. - - * bytecode/CodeBlock.cpp: - (JSC::CodeBlock::CodeBlock): - * bytecode/CodeBlock.h: - (CodeBlock): - * interpreter/Interpreter.cpp: - (JSC::Interpreter::privateExecute): - * tools/CodeProfile.cpp: - (JSC::CodeProfile::sample): - -2012-01-30 Gavin Barraclough - - Unreviewed build fix following bug#76855 - - * JavaScriptCore.exp: - -2012-01-30 Michael Saboff - - CaseFoldingHash::hash() doesn't handle 8 bit strings directly - https://bugs.webkit.org/show_bug.cgi?id=76652 - - Reviewed by Andreas Kling. - - * wtf/text/StringHash.h: - (WTF::CaseFoldingHash::hash): Added 8 bit string code path. - -2012-01-30 Michael Saboff - - stringProtoFuncReplace converts 8 bit strings to 16 bit during replacement - https://bugs.webkit.org/show_bug.cgi?id=76651 - - Reviewed by Geoffrey Garen. - - Made local function substituteBackreferencesSlow a template function - based on character width. Cleaned up getCharacters() in both UString - and StringImpl. Changed getCharacters to up convert an 8 bit - string to 16 bits if necessary. - - * runtime/StringPrototype.cpp: - (JSC::substituteBackreferencesSlow): - (JSC::substituteBackreferences): - * runtime/UString.h: - (JSC::LChar): - (JSC::UChar): - * wtf/text/StringImpl.h: - (WTF::UChar): - -2012-01-30 Gavin Barraclough - - Clean up putDirect - https://bugs.webkit.org/show_bug.cgi?id=76232 - - Reviewed by Sam Weinig. - - Part 3 - merge op_put_getter & op_put_setter. - - Putting these separately is inefficient (and makes future optimiation, - e.g. making GetterSetter immutable) harder. Change to emit a single - op_put_getter_setter bytecode op. Ultimately we should probably be - able to merge this with put direct, to create a common op to initialize - object literal properties. - - * bytecode/CodeBlock.cpp: - (JSC::CodeBlock::dump): - * bytecode/Opcode.h: - (JSC): - (): - * bytecompiler/BytecodeGenerator.cpp: - (JSC::BytecodeGenerator::emitPutGetterSetter): - * bytecompiler/BytecodeGenerator.h: - (BytecodeGenerator): - * bytecompiler/NodesCodegen.cpp: - (JSC::PropertyListNode::emitBytecode): - * interpreter/Interpreter.cpp: - (JSC::Interpreter::privateExecute): - * jit/JIT.cpp: - (JSC::JIT::privateCompileMainPass): - * jit/JIT.h: - (JIT): - * jit/JITPropertyAccess.cpp: - (JSC::JIT::emit_op_put_getter_setter): - * jit/JITPropertyAccess32_64.cpp: - (JSC::JIT::emit_op_put_getter_setter): - * jit/JITStubs.cpp: - (JSC::DEFINE_STUB_FUNCTION): - * jit/JITStubs.h: - (): - * runtime/JSObject.cpp: - (JSC::JSObject::putDirectVirtual): - (JSC::JSObject::putDirectAccessor): - (JSC): - (JSC::putDescriptor): - (JSC::JSObject::defineOwnProperty): - * runtime/JSObject.h: - (): - (JSC::JSObject::putDirectInternal): - (JSC::JSObject::putDirect): - (JSC::JSObject::putDirectWithoutTransition): - -2012-01-30 Michael Saboff - - Dromaeo tests call parseSimpleLengthValue() on 8 bit strings - https://bugs.webkit.org/show_bug.cgi?id=76649 - - Reviewed by Geoffrey Garen. - - * JavaScriptCore.exp: Added export for charactersToDouble. - -2012-01-30 Michael Saboff - - WebCore decodeEscapeSequences unnecessarily converts 8 bit strings to 16 bit when decoding. - https://bugs.webkit.org/show_bug.cgi?id=76648 - - Reviewed by Geoffrey Garen. - - Added a new overloaded append member that takes a String& argument, an offest - and a length to do direct sub string appending to a StringBuilder. - - * wtf/text/StringBuilder.h: - (WTF::StringBuilder::append): - -2012-01-29 Zoltan Herczeg - - Custom written CSS lexer - https://bugs.webkit.org/show_bug.cgi?id=70107 - - Reviewed by Antti Koivisto and Oliver Hunt. - - Add new helper functions for the custom written CSS lexer. - - * wtf/ASCIICType.h: - (WTF::toASCIILowerUnchecked): - (WTF): - (WTF::isASCIIAlphaCaselessEqual): - -2012-01-29 Filip Pizlo - - REGRESSION (r105576-r105582): Web Inspector Crash in JSC::JSValue::toString(JSC::ExecState*) const - https://bugs.webkit.org/show_bug.cgi?id=77146 - - - Reviewed by Oliver Hunt. - - The old JIT expects that the result of the last operation is in the lastResultRegister. The DFG JIT is - designed to correctly track the lastResultRegister by looking at SetLocal nodes. However, when the DFG - JIT inlines a code block, it forgets that the inlined code block's result would have been placed in the - lastResultRegister. Hence if we OSR exit on the first node following the end of an inlined code block - that had a return value, and that first node uses the return value, the old JIT will get massively - confused. This patch takes a surgical approach: instead of making the DFG smarter, it makes the old - JIT slightly dumber. - - * jit/JITCall.cpp: - (JSC::JIT::emit_op_call_put_result): - -2012-01-29 Filip Pizlo - - Build fix for Mac non-x64 platforms. - - * tools/CodeProfiling.cpp: - (JSC): - -2012-01-28 Gavin Barraclough - - Reserve 'let' - https://bugs.webkit.org/show_bug.cgi?id=77293 - - Rubber stamped by Oliver Hunt. - - 'let' may become a keyword in ES6. We're going to try experimentally reserving it, - to see if this breaks the web. - - * parser/Keywords.table: - -2012-01-27 Gavin Barraclough - - Implement a JIT-code aware sampling profiler for JSC - https://bugs.webkit.org/show_bug.cgi?id=76855 - - Reviewed by Oliver Hunt. - - To enable the profiler, set the JSC_CODE_PROFILING environment variable to - 1 (no tracing the C stack), 2 (trace one level of C code) or 3 (recursively - trace all samples). - - The profiler requires -fomit-frame-pointer to be removed from the build flags. - - * JavaScriptCore.exp: - - Removed an export. - * JavaScriptCore.xcodeproj/project.pbxproj: - - Added new files - * bytecode/CodeBlock.cpp: - - For baseline codeblocks, cache the result of canCompileWithDFG. - * bytecode/CodeBlock.h: - - For baseline codeblocks, cache the result of canCompileWithDFG. - * jit/ExecutableAllocator.cpp: - (JSC::ExecutableAllocator::initializeAllocator): - - Notify the profiler when the allocator is created. - (JSC::ExecutableAllocator::allocate): - - Inform the allocated of the ownerUID. - * jit/ExecutableAllocatorFixedVMPool.cpp: - (JSC::ExecutableAllocator::initializeAllocator): - - Notify the profiler when the allocator is created. - (JSC::ExecutableAllocator::allocate): - - Inform the allocated of the ownerUID. - * jit/JITStubs.cpp: - - If profiling, don't mask the return address in JIT code. - (We do so to provide nicer backtraces in debug builds). - * runtime/Completion.cpp: - (JSC::evaluate): - - Notify the profiler of script evaluations. - * tools: Added. - * tools/CodeProfile.cpp: Added. - (JSC::symbolName): - - Helper function to get the name of a symbol in the framework. - (JSC::truncateTrace): - - Helper to truncate traces into methods know to have uninformatively deep stacks. - (JSC::CodeProfile::sample): - - Record a stack trace classifying samples. - (JSC::CodeProfile::report): - - {Print profiler output. - * tools/CodeProfile.h: Added. - - new class, captures a set of samples associated with an evaluated script, - and nested to record samples from subscripts. - * tools/CodeProfiling.cpp: Added. - (JSC::CodeProfiling::profilingTimer): - - callback fired then a timer event occurs. - (JSC::CodeProfiling::notifyAllocator): - - called when the executable allocator is constructed. - (JSC::CodeProfiling::getOwnerUIDForPC): - - helper to lookup the codeblock from an address in JIT code - (JSC::CodeProfiling::begin): - - enter a profiling scope. - (JSC::CodeProfiling::end): - - exit a profiling scope. - * tools/CodeProfiling.h: Added. - - new class, instantialed from Completion to define a profiling scope. - * tools/ProfileTreeNode.h: Added. - - new class, used to construct a tree of samples. - * tools/TieredMMapArray.h: Added. - - new class, a malloc-free vector (can be used while the main thread is suspended, - possibly holding the malloc heap lock). - * wtf/MetaAllocator.cpp: - (WTF::MetaAllocatorHandle::MetaAllocatorHandle): - (WTF::MetaAllocator::allocate): - - Allow allocation handles to track information about their owner. - * wtf/MetaAllocator.h: - (MetaAllocator): - - Allow allocation handles to track information about their owner. - * wtf/MetaAllocatorHandle.h: - (MetaAllocatorHandle): - (WTF::MetaAllocatorHandle::ownerUID): - - Allow allocation handles to track information about their owner. - * wtf/OSAllocator.h: - (WTF::OSAllocator::reallocateCommitted): - - reallocate an existing, committed memory allocation. - -2012-01-28 Sheriff Bot - - Unreviewed, rolling out r106187. - http://trac.webkit.org/changeset/106187 - https://bugs.webkit.org/show_bug.cgi?id=77276 - - The last rollout was a false charge. (Requested by morrita on - #webkit). - - * runtime/ExceptionHelpers.h: - (InterruptedExecutionError): - * runtime/JSBoundFunction.h: - (JSBoundFunction): - * runtime/RegExp.h: - (RegExp): - * runtime/RegExpMatchesArray.h: - (RegExpMatchesArray): - -2012-01-28 Sheriff Bot - - Unreviewed, rolling out r106151. - http://trac.webkit.org/changeset/106151 - https://bugs.webkit.org/show_bug.cgi?id=77275 - - may break windows build (Requested by morrita on #webkit). - - * runtime/ExceptionHelpers.h: - (InterruptedExecutionError): - * runtime/JSBoundFunction.h: - (JSBoundFunction): - * runtime/RegExp.h: - (RegExp): - * runtime/RegExpMatchesArray.h: - (RegExpMatchesArray): - -2012-01-28 Filip Pizlo - - GC invoked while doing an old JIT property storage reallocation may lead - to an object that refers to a dead structure - https://bugs.webkit.org/show_bug.cgi?id=77273 - - - Reviewed by Gavin Barraclough. - - The put_by_id transition was already saving the old structure by virtue of - having the object on the stack, so that wasn't going to get deleted. But the - new structure was unprotected in the transition. I've now changed the - transition code to save the new structure, ensuring that the GC will know it - to be marked if invoked from within put_by_id_transition_realloc. - - * jit/JITPropertyAccess.cpp: - (JSC::JIT::privateCompilePutByIdTransition): - * jit/JITPropertyAccess32_64.cpp: - (JSC::JIT::privateCompilePutByIdTransition): - * jit/JITStubs.cpp: - (JSC::DEFINE_STUB_FUNCTION): - * jit/JITStubs.h: - (JSC): - (): - -2012-01-27 Sheriff Bot - - Unreviewed, rolling out r106167. - http://trac.webkit.org/changeset/106167 - https://bugs.webkit.org/show_bug.cgi?id=77264 - - broke LayoutTests/fast/js/string-capitalization.html - (Requested by msaboff on #webkit). - - * runtime/StringPrototype.cpp: - (JSC::stringProtoFuncToLowerCase): - (JSC::stringProtoFuncToUpperCase): - * wtf/text/StringImpl.cpp: - (WTF::StringImpl::upper): - -2012-01-27 Filip Pizlo - - Build fix for interpreter platforms. - - * interpreter/AbstractPC.cpp: - (JSC::AbstractPC::AbstractPC): - -2012-01-27 Michael Saboff - - StringProtoFuncToUpperCase should call StringImpl::upper similar to StringProtoToLowerCase - https://bugs.webkit.org/show_bug.cgi?id=76647 - - Reviewed by Geoffrey Garen. - - Changed stringProtoFuncToUpperCase to call StringImpl::upper() is a manor similar - to stringProtoFuncToLowerCase(). Fixed StringImpl::upper() to handle the two - 8 bit characters that when converted to upper case become 16 bit characters. - - * runtime/StringPrototype.cpp: - (JSC::stringProtoFuncToLowerCase): Removed extra trailing whitespace. - (JSC::stringProtoFuncToUpperCase): - * wtf/text/StringImpl.cpp: - (WTF::StringImpl::upper): - -2012-01-27 Hajime Morita - - [JSC] ThunkGenerators.cpp should hide its asm-defined symbols - https://bugs.webkit.org/show_bug.cgi?id=77244 - - Reviewed by Filip Pizlo. - - * jit/ThunkGenerators.cpp: Added HIDE_SYMBOLS() - * wtf/InlineASM.h: Moved some duplicated macros from ThunkGenerators.cpp - -2012-01-27 Simon Hausmann - - [JSC] Asm-originated symbols should be marked as hidden - https://bugs.webkit.org/show_bug.cgi?id=77150 - - Reviewed by Filip Pizlo. - - * dfg/DFGOperations.cpp: The HIDE_SYMBOLS macros were present in the CPU(ARM) preprocessor branches, - but they were missing in the CPU(X86) and the CPU(X86_64) cases. - -2012-01-27 MORITA Hajime - - [JSC] Some JS_EXPORTDATA may not be necessary. - https://bugs.webkit.org/show_bug.cgi?id=77145 - - Reviewed by Darin Adler. - - Removed JS_EXPORTDATA attributes whose attributing symbols are - not exported on Mac port. - - * runtime/ExceptionHelpers.h: - (InterruptedExecutionError): - * runtime/JSBoundFunction.h: - (JSBoundFunction): - * runtime/RegExp.h: - (RegExp): - * runtime/RegExpMatchesArray.h: - (RegExpMatchesArray): - -2012-01-27 MORITA Hajime - - [WTF] WTFString.h has some extra JS_EXPORT_PRIVATEs - https://bugs.webkit.org/show_bug.cgi?id=77113 - - Reviewed by Darin Adler. - - * wtf/text/WTFString.h: Removed some WTF_EXPORT_PRIVATE attributes which we don't need to export. - -2012-01-27 Zeno Albisser - - [Qt][Mac] Build fails after adding ICU support (r105997). - https://bugs.webkit.org/show_bug.cgi?id=77118 - - Use Apple code path for unicode date formats on mac. - - Reviewed by Tor Arne Vestbø. - - * runtime/DatePrototype.cpp: - (): - -2012-01-27 Carlos Garcia Campos - - [GTK] Add a GKeyFile especialization to GOwnPtr - https://bugs.webkit.org/show_bug.cgi?id=77191 - - Reviewed by Martin Robinson. - - * wtf/gobject/GOwnPtr.cpp: - (WTF::GKeyFile): Implement freeOwnedGPtr for GKeyFile. - * wtf/gobject/GOwnPtr.h: Add GKeyFile template. - * wtf/gobject/GTypedefs.h: Add forward declaration for GKeyFile. - -2012-01-25 Yury Semikhatsky - - Web Inspector: should be possible to open function declaration from script popover - https://bugs.webkit.org/show_bug.cgi?id=76913 - - Added display function name and source location to the popover in scripts panel. - Now when a function is hovered user can navigate to its definition. - - Reviewed by Pavel Feldman. - - * JavaScriptCore/JavaScriptCore.exp - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - * runtime/JSFunction.h: - (JSFunction): - -2012-01-26 Kevin Ollivier - - [wx] Unreviewed. Build fix, wx uses the Mac ICU headers so we must match Mac behavior. - - * runtime/DatePrototype.cpp: - (): - -2012-01-26 Mark Hahnenberg - - Merge AllocationSpace into MarkedSpace - https://bugs.webkit.org/show_bug.cgi?id=77116 - - Reviewed by Geoffrey Garen. - - Merging AllocationSpace and MarkedSpace in preparation for future refactoring/enhancement to - MarkedSpace allocation. - - * CMakeLists.txt: - * GNUmakefile.list.am: - * JavaScriptCore.exp: - * JavaScriptCore.gypi: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: - * JavaScriptCore.xcodeproj/project.pbxproj: - * Target.pri: - * heap/AllocationSpace.cpp: Removed. - * heap/AllocationSpace.h: Removed. - * heap/BumpSpace.h: - (BumpSpace): - * heap/Heap.h: - (JSC::Heap::objectSpace): - (Heap): - (): - * heap/HeapBlock.h: - (): - * heap/MarkedSpace.cpp: - (JSC::MarkedSpace::tryAllocateHelper): - (JSC): - (JSC::MarkedSpace::tryAllocate): - (JSC::MarkedSpace::allocateSlowCase): - (JSC::MarkedSpace::allocateBlock): - (JSC::MarkedSpace::freeBlocks): - (TakeIfUnmarked): - (JSC::TakeIfUnmarked::TakeIfUnmarked): - (JSC::TakeIfUnmarked::operator()): - (JSC::TakeIfUnmarked::returnValue): - (JSC::MarkedSpace::shrink): - (GatherDirtyCells): - (JSC::GatherDirtyCells::returnValue): - (JSC::GatherDirtyCells::GatherDirtyCells): - (JSC::GatherDirtyCells::operator()): - (JSC::MarkedSpace::gatherDirtyCells): - * heap/MarkedSpace.h: - (MarkedSpace): - (JSC::MarkedSpace::blocks): - (JSC::MarkedSpace::forEachCell): - (JSC): - (JSC::MarkedSpace::allocate): - -2012-01-26 Oliver Hunt - - MSVC bug fix. - MSVC generates bad code for enum compare. - - RS=Geoff - - Make bitfield large enough to work around MSVC's desire to make enums - signed types. - - * bytecode/CallLinkInfo.h: - (CallLinkInfo): - -2012-01-26 Filip Pizlo - - All DFG helpers that may call out to arbitrary JS code must know where they - were called from due to inlining and call stack walking - https://bugs.webkit.org/show_bug.cgi?id=77070 - - - Reviewed by Geoff Garen. - - Changed the DFG to always record a code origin index in the tag of the argument - count (which we previously left blank for the benefit of LLInt, but is still - otherwise unused by the DFG), so that if we ever need to walk the stack accurately - we know where to start. In particular, if the current ExecState* points several - semantic call frames away from the true semantic call frame because we had - performed inlining, having the code origin index recorded means that we can reify - those call frames as necessary to give runtime/library code an accurate view of - the current JS state. - - This required several large but mechanical changes: - - - Calling a function from the DFG now plants a store32 instruction to store the - code origin index. But the indices of code origins were previously picked by - the DFG::JITCompiler after code generation completed. I changed this somewhat; - even though the code origins are put into the CodeBlock after code gen, the - code gen now knows a priori what their indices will be. Extensive assertions - are in place to ensure that the two don't get out of sync, in the form of the - DFG::CallBeginToken. Note that this mechanism has almost no effect on JS calls; - those don't need the code origin index set in the call frame because we can get - it by doing a binary search on the return PC. - - - Stack walking now always calls trueCallFrame() first before beginning the walk, - since even the top call frame may be wrong. It still calls trueCallerFrame() as - before to get to the next frame, though trueCallerFrame() is now mostly a - wrapper around callerFrame()->trueCallFrame(). - - - Because the mechanism for getting the code origin of a call frame is bimodal - (either the call frame knows its code origin because the code origin index was - set, or it's necessary to use the callee frame's return PC), I put in extra - mechanisms to determine whether your caller, or your callee, corresponds to - a call out of C++ code. Previously we just had the host call flag, but this is - insufficient as it does not cover the case of someone calling JSC::call(). But - luckily we can determine this just by looking at the return PC: if the return - PC is in range of the ctiTrampiline, then two things are true: this call - frame's PC will tell you nothing about where you came from in your caller, and - the caller already knows where it's at because it must have set the code origin - index (unless it's not DFG code, in which case we don't care because there is - no inlining to worry about). - - - During testing this revealed a simple off-by-one goof in DFG::ByteCodeParser's - inlining code, so I fixed it. - - - Finally because I was tired of doing random #if's for checking if I should be - passing around an Instruction* or a ReturnAddressPtr, I created a class called - AbstractPC that holds whatever notion of a PC is appropriate for the current - execution environment. It's designed to work gracefully even if both the - interpreter and the JIT are compiled in, and should integrate nicely with the - LLInt. - - This is neutral on all benchmarks and fixes some nasty corner-case regressions of - evil code that uses combinations of getters/setters and function.arguments. - - * CMakeLists.txt: - * GNUmakefile.list.am: - * JavaScriptCore.exp: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: - * JavaScriptCore.xcodeproj/project.pbxproj: - * Target.pri: - * bytecode/CodeBlock.h: - (JSC::CodeBlock::codeOrigin): - (CodeBlock): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::handleInlining): - * dfg/DFGJITCompiler.cpp: - (JSC::DFG::JITCompiler::link): - * dfg/DFGJITCompiler.h: - (CallBeginToken): - (JSC::DFG::CallBeginToken::CallBeginToken): - (JSC::DFG::CallBeginToken::assertCodeOriginIndex): - (JSC::DFG::CallBeginToken::assertNoCodeOriginIndex): - (DFG): - (JSC::DFG::CallExceptionRecord::CallExceptionRecord): - (CallExceptionRecord): - (JSC::DFG::JITCompiler::JITCompiler): - (JITCompiler): - (JSC::DFG::JITCompiler::nextCallBeginToken): - (JSC::DFG::JITCompiler::beginCall): - (JSC::DFG::JITCompiler::notifyCall): - (JSC::DFG::JITCompiler::addExceptionCheck): - (JSC::DFG::JITCompiler::addFastExceptionCheck): - * dfg/DFGOperations.cpp: - (): - * dfg/DFGRepatch.cpp: - (JSC::DFG::tryBuildGetByIDList): - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::emitCall): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::emitCall): - * interpreter/AbstractPC.cpp: Added. - (JSC): - (JSC::AbstractPC::AbstractPC): - * interpreter/AbstractPC.h: Added. - (JSC): - (AbstractPC): - (JSC::AbstractPC::AbstractPC): - (JSC::AbstractPC::hasJITReturnAddress): - (JSC::AbstractPC::jitReturnAddress): - (JSC::AbstractPC::hasInterpreterReturnAddress): - (JSC::AbstractPC::interpreterReturnAddress): - (JSC::AbstractPC::isSet): - (JSC::AbstractPC::operator!): - (): - * interpreter/CallFrame.cpp: - (JSC): - (JSC::CallFrame::trueCallFrame): - (JSC::CallFrame::trueCallerFrame): - * interpreter/CallFrame.h: - (JSC::ExecState::abstractReturnPC): - (JSC::ExecState::codeOriginIndexForDFGWithInlining): - (ExecState): - (JSC::ExecState::trueCallFrame): - (JSC::ExecState::trueCallFrameFromVMCode): - * interpreter/Interpreter.cpp: - (JSC::Interpreter::retrieveArgumentsFromVMCode): - (JSC::Interpreter::retrieveCallerFromVMCode): - (JSC::Interpreter::findFunctionCallFrameFromVMCode): - * interpreter/Interpreter.h: - (Interpreter): - (): - * jit/JITStubs.cpp: - (JSC): - (): - * jit/JITStubs.h: - (JSC): - (JSC::returnAddressIsInCtiTrampoline): - * runtime/JSFunction.cpp: - (JSC::JSFunction::argumentsGetter): - (JSC::JSFunction::callerGetter): - (JSC::JSFunction::getOwnPropertyDescriptor): - -2012-01-26 Peter Varga - - Fix build when VERBOSE_SPECULATION_FAILURE is enabled in DFG - https://bugs.webkit.org/show_bug.cgi?id=77104 - - Reviewed by Filip Pizlo. - - * dfg/DFGOperations.cpp: - (): - -2012-01-26 Michael Saboff - - String::latin1() should take advantage of 8 bit strings - https://bugs.webkit.org/show_bug.cgi?id=76646 - - Reviewed by Geoffrey Garen. - - * wtf/text/WTFString.cpp: - (WTF::String::latin1): For 8 bit strings, use existing buffer - without conversion. - -2012-01-26 Michael Saboff - - Dromaeo tests usage of StringImpl find routines cause 8->16 bit conversions - https://bugs.webkit.org/show_bug.cgi?id=76645 - - Reviewed by Geoffrey Garen. - - * wtf/text/StringImpl.cpp: - (WTF::equalIgnoringCase): New LChar version. - (WTF::findInner): New helper function. - (WTF::StringImpl::find): Added 8 bit path. - (WTF::reverseFindInner): New helper funciton. - (WTF::StringImpl::reverseFind): Added 8 bit path. - (WTF::StringImpl::reverseFindIgnoringCase): Added 8 bit path. - * wtf/text/StringImpl.h: - (WTF): - -2012-01-26 Csaba Osztrogonác - - [Qt][Win] One more speculative buildfix after r105970. - - * JavaScriptCore.pri: - -2012-01-26 Csaba Osztrogonác - - [Qt][Win] Speculative buildfix after r105970. - - * JavaScriptCore.pri: Link lgdi for DeleteObject() and DeleteDC(). - -2012-01-26 Sheriff Bot - - Unreviewed, rolling out r105982. - http://trac.webkit.org/changeset/105982 - https://bugs.webkit.org/show_bug.cgi?id=77090 - - breaks the world (Requested by WildFox on #webkit). - - * wtf/MainThread.cpp: - (WTF): - * wtf/Platform.h: - * wtf/mac/MainThreadMac.mm: - (WTF): - (WTF::registerGCThread): - (WTF::isMainThreadOrGCThread): - -2012-01-26 Roland Takacs - - [Qt] GC should be parallel on Qt platform - https://bugs.webkit.org/show_bug.cgi?id=73309 - - Reviewed by Zoltan Herczeg. - - These changes made the parallel gc feature available for Qt port. - The implementation of "registerGCThread" and "isMainThreadOrGCThread" - is moved from MainThreadMac.mm to the common MainThread.cpp to make - them available for other platforms. - - Measurement results: - V8 speed-up: 1.071x as fast [From: 746.1ms To: 696.4ms ] - WindScorpion speed-up: 1.082x as fast [From: 3490.4ms To: 3226.7ms] - V8 Splay speed-up: 1.158x as fast [From: 145.8ms To: 125.9ms ] - - Tested on Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz with 4-core. - - * wtf/MainThread.cpp: - (WTF): - (WTF::registerGCThread): - (WTF::isMainThreadOrGCThread): - * wtf/Platform.h: - * wtf/mac/MainThreadMac.mm: - -2012-01-26 Andy Estes - - REGRESSION (r105555): Incorrect use of OS() macro breaks OwnPtr when used with Win32 data types - https://bugs.webkit.org/show_bug.cgi?id=77073 - - Reviewed by Ryosuke Niwa. - - r105555 changed PLATFORM(WIN) to OS(WIN), but WTF_OS_WIN isn't defined. - This should have been changed to OS(WINDOWS). This causes the - preprocessor to strip out Win32 data type overrides for deleteOwnedPtr, - causing allocations made by Win32 to be deleted by fastmalloc. - - * wtf/OwnPtrCommon.h: - (WTF): Use OS(WINDOWS) instead of OS(WIN). - -2012-01-25 Mark Rowe - - Attempted Mac build fix after r105939. - - * runtime/DatePrototype.cpp: Don't #include unicode/udat.h on Mac or iOS. - It isn't used on these platforms and isn't available in the ICU headers - for Mac. - -2012-01-25 Mark Rowe - - Build in to an alternate location when USE_STAGING_INSTALL_PATH is set. - - Adopt USE_STAGING_INSTALL_PATH - - Reviewed by David Kilzer. - - * Configurations/Base.xcconfig: Define NORMAL_JAVASCRIPTCORE_FRAMEWORKS_DIR, which contains - the path where JavaScriptCore is normally installed. Update JAVASCRIPTCORE_FRAMEWORKS_DIR - to point to the staged frameworks directory when USE_STAGING_INSTALL_PATH is set. - * Configurations/JavaScriptCore.xcconfig: Always set the framework's install name based on - the normal framework location. This prevents an incorrect install name from being used when - installing in to the staged frameworks directory. - -2012-01-25 Eli Fidler - - Implement Date.toLocaleString() using ICU - https://bugs.webkit.org/show_bug.cgi?id=76714 - - Reviewed by Darin Adler. - - * runtime/DatePrototype.cpp: - (JSC::formatLocaleDate): - -2012-01-25 Hajime Morita - - ENABLE_SHADOW_DOM should be available via build-webkit --shadow-dom - https://bugs.webkit.org/show_bug.cgi?id=76863 - - Reviewed by Dimitri Glazkov. - - Added a feature flag. - - * Configurations/FeatureDefines.xcconfig: - -2012-01-25 Yong Li - - [BlackBerry] Implement OSAllocator::commit/decommit. - BlackBerry port should support virtual memory decommiting. - https://bugs.webkit.org/show_bug.cgi?id=77013 - - Reviewed by Rob Buis. - - * wtf/OSAllocatorPosix.cpp: - (WTF::OSAllocator::reserveUncommitted): - (WTF::OSAllocator::commit): - (WTF::OSAllocator::decommit): - * wtf/Platform.h: - -2012-01-24 Oliver Hunt - - Make DFG update topCallFrame - https://bugs.webkit.org/show_bug.cgi?id=76969 - - Reviewed by Filip Pizlo. - - Add NativeCallFrameTracer to manage topCallFrame assignment - in the DFG operations, and make use of it. - - * dfg/DFGOperations.cpp: - (JSC::DFG::operationPutByValInternal): - (): - * interpreter/Interpreter.h: - (JSC): - (NativeCallFrameTracer): - (JSC::NativeCallFrameTracer::NativeCallFrameTracer): - -2012-01-24 Filip Pizlo - - Inlining breaks call frame walking when the walking is done from outside the inlinee, - but inside a code block that had inlining - https://bugs.webkit.org/show_bug.cgi?id=76978 - - - Reviewed by Oliver Hunt. - - * bytecode/CodeBlock.h: - (JSC::CodeBlock::codeOriginForReturn): - * interpreter/CallFrame.cpp: - (JSC::CallFrame::trueCallerFrame): - -2012-01-24 Gavin Barraclough - - https://bugs.webkit.org/show_bug.cgi?id=76855 - Implement a JIT-code aware sampling profiler for JSC - - Reviewed by Oliver Hunt. - - Add support to MetaAllocator.cpp to track all live handles in a map, - allowing lookup based on any address within the allocation. - - * wtf/MetaAllocator.cpp: - (WTF::MetaAllocatorTracker::notify): - (WTF::MetaAllocatorTracker::release): - - Track live handle objects in a map. - (WTF::MetaAllocator::release): - - Removed support for handles with null m_allocator (no longer used). - - Notify the tracker of handles being released. - (WTF::MetaAllocatorHandle::~MetaAllocatorHandle): - - Moved functionality out into MetaAllocator::release. - (WTF::MetaAllocatorHandle::shrink): - - Removed support for handles with null m_allocator (no longer used). - (WTF::MetaAllocator::MetaAllocator): - - Initialize m_tracker. - (WTF::MetaAllocator::allocate): - - Notify the tracker of new allocations. - * wtf/MetaAllocator.h: - (WTF::MetaAllocatorTracker::find): - - Lookup a MetaAllocatorHandle based on an address inside the allocation. - (WTF::MetaAllocator::trackAllocations): - - Register a callback object to track allocation state. - * wtf/MetaAllocatorHandle.h: - - Remove unused createSelfManagedHandle/constructor. - (WTF::MetaAllocatorHandle::key): - - Added, for use in RedBlackTree. - -2012-01-24 Mark Hahnenberg - - Use copying collector for out-of-line JSObject property storage - https://bugs.webkit.org/show_bug.cgi?id=76665 - - Reviewed by Geoffrey Garen. - - * runtime/JSObject.cpp: - (JSC::JSObject::visitChildren): Changed to use copyAndAppend whenever the property storage is out-of-line. - Also added a temporary variable to avoid warnings from GCC. - (JSC::JSObject::allocatePropertyStorage): Changed to use tryAllocateStorage/tryReallocateStorage as opposed to - operator new. Also added a temporary variable to avoid warnings from GCC. - * runtime/JSObject.h: - -2012-01-24 Geoffrey Garen - - JSValue::toString() should return a JSString* instead of a UString - https://bugs.webkit.org/show_bug.cgi?id=76861 - - Fixed two failing layout tests after my last patch. - - Reviewed by Gavin Barraclough. - - * runtime/ArrayPrototype.cpp: - (JSC::arrayProtoFuncSort): Call value() after calling toString(), as - in all other cases. - - I missed this case because the JSString* type has a valid operator<, - so the compiler didn't complain. - -2012-01-24 Kenichi Ishibashi - - [V8] Add Uint8ClampedArray support - https://bugs.webkit.org/show_bug.cgi?id=76803 - - Reviewed by Kenneth Russell. - - * wtf/ArrayBufferView.h: - (WTF::ArrayBufferView::isUnsignedByteClampedArray): Added. - * wtf/Uint8ClampedArray.h: - (WTF::Uint8ClampedArray::isUnsignedByteClampedArray): Overridden to return true. - -2012-01-23 Carlos Garcia Campos - - [GTK] Add WebKitDownload to WebKit2 GTK+ API - https://bugs.webkit.org/show_bug.cgi?id=72949 - - Reviewed by Martin Robinson. - - * wtf/gobject/GOwnPtr.cpp: - (WTF::GTimer): Use g_timer_destroy() to free a GTimer. - * wtf/gobject/GOwnPtr.h: Add GTimer template. - * wtf/gobject/GTypedefs.h: Add GTimer forward declaration. - -2012-01-24 Ilya Tikhonovsky - - Unreviewed build fix for Qt LinuxSH4 build after r105698. - - * interpreter/Interpreter.cpp: - (JSC::Interpreter::privateExecute): - -2012-01-23 Geoffrey Garen - - JSValue::toString() should return a JSString* instead of a UString - https://bugs.webkit.org/show_bug.cgi?id=76861 - - Reviewed by Gavin Barraclough. - - This makes the common case -- toString() on a string -- faster and - inline-able. (Not a measureable speedup, but we can now remove a bunch - of duplicate hand-rolled code for this optimization.) - - This also clarifies the boundary between "C++ strings" and "JS strings". - - In all cases other than true, false, null, undefined, and multi-digit - numbers, the JS runtime was just retrieving a UString from a JSString, - so returning a JSString* is strictly better. In the other cases, we can - optimize to avoid creating a new JSString if we care to, but it doesn't - seem to be a big deal. - - * JavaScriptCore.exp: Export! - - * jsc.cpp: - (functionPrint): - (functionDebug): - (functionRun): - (functionLoad): - (functionCheckSyntax): - (runWithScripts): - (runInteractive): - * API/JSValueRef.cpp: - (JSValueToStringCopy): - * bytecode/CodeBlock.cpp: - (JSC::valueToSourceString): Call value() after calling toString(), to - convert from "JS string" (JSString*) to "C++ string" (UString), since - toString() no longer returns a "C++ string". - - * dfg/DFGOperations.cpp: - (JSC::DFG::operationValueAddNotNumber): - * jit/JITStubs.cpp: - (op_add): Updated for removal of toPrimitiveString(): - all '+' operands can use toString(), except for object operands, which - need to take a slow path to call toPrimitive(). - - * runtime/ArrayPrototype.cpp: - (JSC::arrayProtoFuncToString): - (JSC::arrayProtoFuncToLocaleString): - (JSC::arrayProtoFuncJoin): - (JSC::arrayProtoFuncPush): - * runtime/CommonSlowPaths.h: - (JSC::CommonSlowPaths::opIn): - * runtime/DateConstructor.cpp: - (JSC::dateParse): - * runtime/DatePrototype.cpp: - (JSC::formatLocaleDate): Call value() after calling toString(), as above. - - * runtime/ErrorInstance.h: - (JSC::ErrorInstance::create): Simplified down to one canonical create() - function, to make string handling easier. - - * runtime/ErrorPrototype.cpp: - (JSC::errorProtoFuncToString): - * runtime/ExceptionHelpers.cpp: - (JSC::createInvalidParamError): - (JSC::createNotAConstructorError): - (JSC::createNotAFunctionError): - (JSC::createNotAnObjectError): - * runtime/FunctionConstructor.cpp: - (JSC::constructFunctionSkippingEvalEnabledCheck): - * runtime/FunctionPrototype.cpp: - (JSC::functionProtoFuncBind): - * runtime/JSArray.cpp: - (JSC::JSArray::sort): Call value() after calling toString(), as above. - - * runtime/JSCell.cpp: - * runtime/JSCell.h: Removed JSCell::toString() because JSValue does this - job now. Doing it in JSCell is slower (requires extra type checking), and - creates the misimpression that language-defined toString() behavior is - an implementation detail of JSCell. - - * runtime/JSGlobalObjectFunctions.cpp: - (JSC::encode): - (JSC::decode): - (JSC::globalFuncEval): - (JSC::globalFuncParseInt): - (JSC::globalFuncParseFloat): - (JSC::globalFuncEscape): - (JSC::globalFuncUnescape): Call value() after calling toString(), as above. - - * runtime/JSONObject.cpp: - (JSC::unwrapBoxedPrimitive): - (JSC::Stringifier::Stringifier): - (JSC::JSONProtoFuncParse): Removed some manual optimization that toString() - takes care of. - - * runtime/JSObject.cpp: - (JSC::JSObject::toString): - * runtime/JSObject.h: Updated to return JSString*. - - * runtime/JSString.cpp: - * runtime/JSString.h: - (JSC::JSValue::toString): Removed, since I removed JSCell::toString(). - - * runtime/JSValue.cpp: - (JSC::JSValue::toStringSlowCase): Removed toPrimitiveString(), and re- - spawned toStringSlowCase() from its zombie corpse, since toPrimitiveString() - basically did what we want all the time. (Note that the toPrimitive() - preference changes from NoPreference to PreferString, because that's - how ToString is defined in the language. op_add does not want this behavior.) - - * runtime/NumberPrototype.cpp: - (JSC::numberProtoFuncToString): - (JSC::numberProtoFuncToLocaleString): A little simpler, now that toString() - returns a JSString*. - - * runtime/ObjectConstructor.cpp: - (JSC::objectConstructorGetOwnPropertyDescriptor): - (JSC::objectConstructorDefineProperty): - * runtime/ObjectPrototype.cpp: - (JSC::objectProtoFuncHasOwnProperty): - (JSC::objectProtoFuncDefineGetter): - (JSC::objectProtoFuncDefineSetter): - (JSC::objectProtoFuncLookupGetter): - (JSC::objectProtoFuncLookupSetter): - (JSC::objectProtoFuncPropertyIsEnumerable): More calls to value(), as above. - - * runtime/Operations.cpp: - (JSC::jsAddSlowCase): Need to check for object before taking the toString() - fast path becuase adding an object to a string requires calling toPrimitive() - on the object, not toString(). (They differ in their preferred conversion - type.) - - * runtime/Operations.h: - (JSC::jsString): - (JSC::jsStringFromArguments): This code gets simpler, now that toString() - does the right thing. - - (JSC::jsAdd): Now checks for object, just like jsAddSlowCase(). - - * runtime/RegExpConstructor.cpp: - (JSC::setRegExpConstructorInput): - (JSC::constructRegExp): - * runtime/RegExpObject.cpp: - (JSC::RegExpObject::match): - * runtime/RegExpPrototype.cpp: - (JSC::regExpProtoFuncCompile): - (JSC::regExpProtoFuncToString): More calls to value(), as above. - - * runtime/StringConstructor.cpp: - (JSC::constructWithStringConstructor): - (JSC::callStringConstructor): This code gets simpler, now that toString() - does the right thing. - - * runtime/StringPrototype.cpp: - (JSC::replaceUsingRegExpSearch): - (JSC::replaceUsingStringSearch): - (JSC::stringProtoFuncReplace): - (JSC::stringProtoFuncCharAt): - (JSC::stringProtoFuncCharCodeAt): - (JSC::stringProtoFuncConcat): - (JSC::stringProtoFuncIndexOf): - (JSC::stringProtoFuncLastIndexOf): - (JSC::stringProtoFuncMatch): - (JSC::stringProtoFuncSearch): - (JSC::stringProtoFuncSlice): - (JSC::stringProtoFuncSplit): - (JSC::stringProtoFuncSubstr): - (JSC::stringProtoFuncSubstring): - (JSC::stringProtoFuncToLowerCase): - (JSC::stringProtoFuncToUpperCase): - (JSC::stringProtoFuncLocaleCompare): - (JSC::stringProtoFuncBig): - (JSC::stringProtoFuncSmall): - (JSC::stringProtoFuncBlink): - (JSC::stringProtoFuncBold): - (JSC::stringProtoFuncFixed): - (JSC::stringProtoFuncItalics): - (JSC::stringProtoFuncStrike): - (JSC::stringProtoFuncSub): - (JSC::stringProtoFuncSup): - (JSC::stringProtoFuncFontcolor): - (JSC::stringProtoFuncFontsize): - (JSC::stringProtoFuncAnchor): - (JSC::stringProtoFuncLink): - (JSC::trimString): Some of this code gets simpler, now that toString() - does the right thing. More calls to value(), as above. - -2012-01-23 Luke Macpherson - - Unreviewed, rolling out r105676. - http://trac.webkit.org/changeset/105676 - https://bugs.webkit.org/show_bug.cgi?id=76665 - - Breaks build on max due to compile warnings. - - * runtime/JSObject.cpp: - (JSC::JSObject::finalize): - (JSC::JSObject::visitChildren): - (JSC::JSObject::allocatePropertyStorage): - * runtime/JSObject.h: - -2012-01-23 Mark Hahnenberg - - Use copying collector for out-of-line JSObject property storage - https://bugs.webkit.org/show_bug.cgi?id=76665 - - Reviewed by Geoffrey Garen. - - * runtime/JSObject.cpp: - (JSC::JSObject::visitChildren): Changed to use copyAndAppend whenever the property storage is out-of-line. - (JSC::JSObject::allocatePropertyStorage): Changed to use tryAllocateStorage/tryReallocateStorage as opposed to - operator new. - * runtime/JSObject.h: - -2012-01-23 Brian Weinstein - - More build fixing after r105646. - - * JavaScriptCore.exp: - -2012-01-23 Gavin Barraclough - - https://bugs.webkit.org/show_bug.cgi?id=76855 - Implement a JIT-code aware sampling profiler for JSC - - Reviewed by Geoff Garen. - - Step 2: generalize RedBlackTree. The profiler is going to want tio use - a RedBlackTree, allow this class to work with subclasses of - RedBlackTree::Node, Node should not need to know the names of the m_key - and m_value fields (the subclass can provide a key() accessor), and - RedBlackTree does not need to know anything about ValueType. - - * JavaScriptCore.exp: - * wtf/MetaAllocator.cpp: - (WTF::MetaAllocator::findAndRemoveFreeSpace): - (WTF::MetaAllocator::debugFreeSpaceSize): - (WTF::MetaAllocator::addFreeSpace): - * wtf/MetaAllocator.h: - (WTF::MetaAllocator::FreeSpaceNode::FreeSpaceNode): - (WTF::MetaAllocator::FreeSpaceNode::key): - * wtf/MetaAllocatorHandle.h: - (WTF::MetaAllocatorHandle::key): - * wtf/RedBlackTree.h: - (WTF::RedBlackTree::Node::successor): - (WTF::RedBlackTree::Node::predecessor): - (WTF::RedBlackTree::Node::parent): - (WTF::RedBlackTree::Node::setParent): - (WTF::RedBlackTree::Node::left): - (WTF::RedBlackTree::Node::setLeft): - (WTF::RedBlackTree::Node::right): - (WTF::RedBlackTree::Node::setRight): - (WTF::RedBlackTree::insert): - (WTF::RedBlackTree::remove): - (WTF::RedBlackTree::findExact): - (WTF::RedBlackTree::findLeastGreaterThanOrEqual): - (WTF::RedBlackTree::findGreatestLessThanOrEqual): - (WTF::RedBlackTree::first): - (WTF::RedBlackTree::last): - (WTF::RedBlackTree::size): - (WTF::RedBlackTree::treeMinimum): - (WTF::RedBlackTree::treeMaximum): - (WTF::RedBlackTree::treeInsert): - (WTF::RedBlackTree::leftRotate): - (WTF::RedBlackTree::rightRotate): - (WTF::RedBlackTree::removeFixup): - -2012-01-23 Andy Estes - - Fix the build after r105635. - - * JavaScriptCore.exp: - -2012-01-23 Mark Hahnenberg - - Remove StackBounds from JSGlobalData - https://bugs.webkit.org/show_bug.cgi?id=76310 - - Reviewed by Sam Weinig. - - Removed StackBounds and the stack() function from JSGlobalData since it no - longer accessed any members of JSGlobalData. - - * bytecompiler/BytecodeGenerator.cpp: - (JSC::BytecodeGenerator::BytecodeGenerator): - * heap/MachineStackMarker.cpp: - (JSC::MachineThreads::addCurrentThread): - (JSC::MachineThreads::gatherFromCurrentThread): - * parser/Parser.cpp: - (JSC::::Parser): - * runtime/JSGlobalData.cpp: - (JSC::JSGlobalData::JSGlobalData): - * runtime/JSGlobalData.h: - -2012-01-23 Gavin Barraclough - - Implement a JIT-code aware sampling profiler for JSC - https://bugs.webkit.org/show_bug.cgi?id=76855 - - Rubber stanmped by Geoff Garen. - - Mechanical change - pass CodeBlock through to the executable allocator, - such that we will be able to map ranges of JIT code back to their owner. - - * assembler/ARMAssembler.cpp: - (JSC::ARMAssembler::executableCopy): - * assembler/ARMAssembler.h: - * assembler/AssemblerBuffer.h: - (JSC::AssemblerBuffer::executableCopy): - * assembler/AssemblerBufferWithConstantPool.h: - (JSC::AssemblerBufferWithConstantPool::executableCopy): - * assembler/LinkBuffer.h: - (JSC::LinkBuffer::LinkBuffer): - (JSC::LinkBuffer::linkCode): - * assembler/MIPSAssembler.h: - (JSC::MIPSAssembler::executableCopy): - * assembler/SH4Assembler.h: - (JSC::SH4Assembler::executableCopy): - * assembler/X86Assembler.h: - (JSC::X86Assembler::executableCopy): - (JSC::X86Assembler::X86InstructionFormatter::executableCopy): - * dfg/DFGJITCompiler.cpp: - (JSC::DFG::JITCompiler::compile): - (JSC::DFG::JITCompiler::compileFunction): - * dfg/DFGOSRExitCompiler.cpp: - * dfg/DFGRepatch.cpp: - (JSC::DFG::generateProtoChainAccessStub): - (JSC::DFG::tryCacheGetByID): - (JSC::DFG::tryBuildGetByIDList): - (JSC::DFG::tryCachePutByID): - * dfg/DFGThunks.cpp: - (JSC::DFG::osrExitGenerationThunkGenerator): - * jit/ExecutableAllocator.cpp: - (JSC::ExecutableAllocator::allocate): - * jit/ExecutableAllocator.h: - * jit/ExecutableAllocatorFixedVMPool.cpp: - (JSC::ExecutableAllocator::allocate): - * jit/JIT.cpp: - (JSC::JIT::privateCompile): - * jit/JITOpcodes.cpp: - (JSC::JIT::privateCompileCTIMachineTrampolines): - * jit/JITOpcodes32_64.cpp: - (JSC::JIT::privateCompileCTIMachineTrampolines): - (JSC::JIT::privateCompileCTINativeCall): - * jit/JITPropertyAccess.cpp: - (JSC::JIT::stringGetByValStubGenerator): - (JSC::JIT::privateCompilePutByIdTransition): - (JSC::JIT::privateCompilePatchGetArrayLength): - (JSC::JIT::privateCompileGetByIdProto): - (JSC::JIT::privateCompileGetByIdSelfList): - (JSC::JIT::privateCompileGetByIdProtoList): - (JSC::JIT::privateCompileGetByIdChainList): - (JSC::JIT::privateCompileGetByIdChain): - * jit/JITPropertyAccess32_64.cpp: - (JSC::JIT::stringGetByValStubGenerator): - (JSC::JIT::privateCompilePutByIdTransition): - (JSC::JIT::privateCompilePatchGetArrayLength): - (JSC::JIT::privateCompileGetByIdProto): - (JSC::JIT::privateCompileGetByIdSelfList): - (JSC::JIT::privateCompileGetByIdProtoList): - (JSC::JIT::privateCompileGetByIdChainList): - (JSC::JIT::privateCompileGetByIdChain): - * jit/JITStubs.cpp: - * jit/SpecializedThunkJIT.h: - (JSC::SpecializedThunkJIT::finalize): - * yarr/YarrJIT.cpp: - (JSC::Yarr::YarrGenerator::compile): - -2012-01-23 Xianzhu Wang - - Basic enhancements to StringBuilder - https://bugs.webkit.org/show_bug.cgi?id=67081 - - This change contains the following enhancements to StringBuilder, - for convenience, performance, testability, etc.: - - Change toStringPreserveCapacity() to const - - new public methods: capacity(), swap(), toAtomicString(), canShrink() - and append(const StringBuilder&) - - == and != opearators to compare StringBuilders and a StringBuilder/String - - Unit tests: Tools/TestWebKitAPI/Tests/WTF/StringBuilder.cpp - - Reviewed by Darin Adler. - - * JavaScriptCore.exp: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - * wtf/text/AtomicString.cpp: - (WTF::SubstringTranslator::hash): - (WTF::SubstringTranslator::equal): - (WTF::SubstringTranslator::translate): - (WTF::AtomicString::add): - (WTF::AtomicString::addSlowCase): - * wtf/text/AtomicString.h: - (WTF::AtomicString::AtomicString): - (WTF::AtomicString::add): - * wtf/text/StringBuilder.cpp: - (WTF::StringBuilder::reifyString): - (WTF::StringBuilder::resize): - (WTF::StringBuilder::canShrink): - (WTF::StringBuilder::shrinkToFit): - * wtf/text/StringBuilder.h: - (WTF::StringBuilder::append): - (WTF::StringBuilder::toString): - (WTF::StringBuilder::toStringPreserveCapacity): - (WTF::StringBuilder::toAtomicString): - (WTF::StringBuilder::isEmpty): - (WTF::StringBuilder::capacity): - (WTF::StringBuilder::is8Bit): - (WTF::StringBuilder::swap): - (WTF::equal): - (WTF::operator==): - (WTF::operator!=): - * wtf/text/StringImpl.h: - -2012-01-23 Carlos Garcia Campos - - Unreviewed. Fix make distcheck. - - * GNUmakefile.list.am: Add missing files, remove deleted files and - fix indentation. - -2012-01-22 Filip Pizlo - - Build fix for non-DFG platforms that error out on warn-unused-parameter. - - * bytecode/CallLinkStatus.cpp: - (JSC::CallLinkStatus::computeFor): - * bytecode/GetByIdStatus.cpp: - (JSC::GetByIdStatus::computeFor): - * bytecode/MethodCallLinkStatus.cpp: - (JSC::MethodCallLinkStatus::computeFor): - * bytecode/PutByIdStatus.cpp: - (JSC::PutByIdStatus::computeFor): - -2012-01-22 Filip Pizlo - - Build fix for non-DFG platforms. - - * bytecode/CallLinkStatus.cpp: - (JSC::CallLinkStatus::computeFor): - * bytecode/GetByIdStatus.cpp: - (JSC::GetByIdStatus::computeFor): - * bytecode/MethodCallLinkStatus.cpp: - (JSC::MethodCallLinkStatus::computeFor): - * bytecode/PutByIdStatus.cpp: - (JSC::PutByIdStatus::computeFor): - -2012-01-20 Filip Pizlo - - DFG should not have code that directly decodes the states of old JIT inline - cache data structures - https://bugs.webkit.org/show_bug.cgi?id=76768 - - Reviewed by Sam Weinig. - - Introduced new classes (like GetByIdStatus) that encapsulate the set of things - that the DFG would like to know about property accesses and calls. Whereas it - previously got this information by directly decoding the data structures used - by the old JIT for inline caching, it now uses these classes, which do the work - for it. This should make it somewhat more straight forward to introduce new - ways of profiling the same information. - - Also hoisted StructureSet into bytecode/ from dfg/, because it's now used by - code in bytecode/. - - Making this work right involved carefully ensuring that the heuristics for - choosing how to handle property accesses was at least as good as what we had - before, since I completely restructured that code. Currently the performance - looks neutral. Since I rewrote the code I did change some things that I never - liked before, like previously if a put_bu_id had executed exactly once then - we'd compile it as if it had taken slow-path. Executing once is special because - then the inline cache is not baked in, so there is no information about how the - DFG should optimize the code. Now this is rationalized: if the put_by_id does - not offer enough information to be optimized (i.e. had executed 0 or 1 times) - then we turn it into a forced OSR exit (i.e. a patch point). However, get_by_id - still has the old behavior; I left it that way because I didn't want to make - too many changes at once. - - * CMakeLists.txt: - * GNUmakefile.list.am: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: - * JavaScriptCore.xcodeproj/project.pbxproj: - * Target.pri: - * bytecode/CallLinkStatus.cpp: Added. - (JSC::CallLinkStatus::computeFor): - * bytecode/CallLinkStatus.h: Added. - (JSC::CallLinkStatus::CallLinkStatus): - (JSC::CallLinkStatus::isSet): - (JSC::CallLinkStatus::operator!): - (JSC::CallLinkStatus::couldTakeSlowPath): - (JSC::CallLinkStatus::callTarget): - * bytecode/GetByIdStatus.cpp: Added. - (JSC::GetByIdStatus::computeFor): - * bytecode/GetByIdStatus.h: Added. - (JSC::GetByIdStatus::GetByIdStatus): - (JSC::GetByIdStatus::state): - (JSC::GetByIdStatus::isSet): - (JSC::GetByIdStatus::operator!): - (JSC::GetByIdStatus::isSimpleDirect): - (JSC::GetByIdStatus::takesSlowPath): - (JSC::GetByIdStatus::makesCalls): - (JSC::GetByIdStatus::structureSet): - (JSC::GetByIdStatus::offset): - * bytecode/MethodCallLinkStatus.cpp: Added. - (JSC::MethodCallLinkStatus::computeFor): - * bytecode/MethodCallLinkStatus.h: Added. - (JSC::MethodCallLinkStatus::MethodCallLinkStatus): - (JSC::MethodCallLinkStatus::isSet): - (JSC::MethodCallLinkStatus::operator!): - (JSC::MethodCallLinkStatus::needsPrototypeCheck): - (JSC::MethodCallLinkStatus::structure): - (JSC::MethodCallLinkStatus::prototypeStructure): - (JSC::MethodCallLinkStatus::function): - (JSC::MethodCallLinkStatus::prototype): - * bytecode/PutByIdStatus.cpp: Added. - (JSC::PutByIdStatus::computeFor): - * bytecode/PutByIdStatus.h: Added. - (JSC::PutByIdStatus::PutByIdStatus): - (JSC::PutByIdStatus::state): - (JSC::PutByIdStatus::isSet): - (JSC::PutByIdStatus::operator!): - (JSC::PutByIdStatus::isSimpleReplace): - (JSC::PutByIdStatus::isSimpleTransition): - (JSC::PutByIdStatus::takesSlowPath): - (JSC::PutByIdStatus::oldStructure): - (JSC::PutByIdStatus::newStructure): - (JSC::PutByIdStatus::structureChain): - (JSC::PutByIdStatus::offset): - * bytecode/StructureSet.h: Added. - (JSC::StructureSet::StructureSet): - (JSC::StructureSet::clear): - (JSC::StructureSet::add): - (JSC::StructureSet::addAll): - (JSC::StructureSet::remove): - (JSC::StructureSet::contains): - (JSC::StructureSet::isSubsetOf): - (JSC::StructureSet::isSupersetOf): - (JSC::StructureSet::size): - (JSC::StructureSet::at): - (JSC::StructureSet::operator[]): - (JSC::StructureSet::last): - (JSC::StructureSet::predictionFromStructures): - (JSC::StructureSet::operator==): - (JSC::StructureSet::dump): - * dfg/DFGAbstractValue.h: - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::handleCall): - (JSC::DFG::ByteCodeParser::parseBlock): - * dfg/DFGStructureSet.h: Removed. - -2012-01-20 Filip Pizlo - - JIT compilation should not require ExecState - https://bugs.webkit.org/show_bug.cgi?id=76729 - - - Reviewed by Gavin Barraclough. - - Changed the relevant JIT driver functions to take JSGlobalData& instead of - ExecState*, since really they just needed the global data. - - * dfg/DFGDriver.cpp: - (JSC::DFG::compile): - (JSC::DFG::tryCompile): - (JSC::DFG::tryCompileFunction): - * dfg/DFGDriver.h: - (JSC::DFG::tryCompile): - (JSC::DFG::tryCompileFunction): - * jit/JITDriver.h: - (JSC::jitCompileIfAppropriate): - (JSC::jitCompileFunctionIfAppropriate): - * runtime/Executable.cpp: - (JSC::EvalExecutable::compileInternal): - (JSC::ProgramExecutable::compileInternal): - (JSC::FunctionExecutable::compileForCallInternal): - (JSC::FunctionExecutable::compileForConstructInternal): - -2012-01-20 David Levin - - Make OwnPtr work for the Chromium Windows port. - https://bugs.webkit.org/show_bug.cgi?id=76738 - - Reviewed by Jian Li. - - * JavaScriptCore.gyp/JavaScriptCore.gyp: Added OwnPtrWin.cpp to the - Chromium Windows build. - * wtf/OwnPtrCommon.h: Changed from platform WIN to OS WIN for - OwnPtr and similar constructs. - -2012-01-19 Geoffrey Garen - - Removed some regexp entry boilerplate code - https://bugs.webkit.org/show_bug.cgi?id=76687 - - Reviewed by Darin Adler. - - 1% - 2% speedup on regexp tests, no change overall. - - * runtime/RegExp.cpp: - (JSC::RegExp::match): - - ASSERT that our startIndex is non-negative, because anything less - would be uncivilized. - - - ASSERT that our input is not the null string for the same reason. - - - No need to test for startOffset being past the end of the string, - since the regular expression engine will do this test for us. - - - No need to initialize the output vector, since the regular expression - engine will fill it in for us. - - * yarr/YarrInterpreter.cpp: - (JSC::Yarr::Interpreter::interpret): - * yarr/YarrJIT.cpp: - (JSC::Yarr::YarrGenerator::compile): - - RegExp used to do these jobs for us, but now we do them for ourselves - because it's a better separation of concerns, and the JIT can do them - more efficiently than C++ code: - - - Test for "past the end" before doing any matching -- otherwise - a* will match with zero length past the end of the string, which is wrong. - - - Initialize the output vector before doing any matching. - -2012-01-20 Filip Pizlo - - Build fix for no-DFG configuration. - Needed for . - - * bytecompiler/BytecodeGenerator.cpp: - (JSC::BytecodeGenerator::emitProfiledOpcode): - * jit/JIT.h: - (JSC::JIT::emitValueProfilingSite): - -2012-01-19 Filip Pizlo - - Bytecode instructions that may have value profiling should have a direct inline - link to the ValueProfile instance - https://bugs.webkit.org/show_bug.cgi?id=76682 - - - Reviewed by Sam Weinig. - - Each opcode that gets value profiled now has a link to its ValueProfile. This - required rationalizing the emission of value profiles for opcode combos, like - op_method_check/op_get_by_id and op_call/op_call_put_result. It only makes - sense for one of them to have a value profile link, and it makes most sense - for it to be the one that actually sets the result. The previous behavior was - to have op_method_check profile for op_get_by_id when they were used together, - but otherwise for op_get_by_id to have its own profiles. op_call already did - the right thing; all profiling was done by op_call_put_result. - - But rationalizing this code required breaking some of the natural boundaries - that the code had; for instance the code in DFG that emits a GetById in place - of both op_method_check and op_get_by_id must now know that it's the latter of - those that has the value profile, while the first of those constitutes the OSR - target. Hence each CodeOrigin must now have two bytecode indices - one for - OSR exit and one for profiling. - - Finally this change required some refiddling of our optimization heuristics, - because now all code blocks have "more instructions" due to the value profile - slots. - - * bytecode/CodeBlock.cpp: - (JSC::CodeBlock::printGetByIdOp): - (JSC::CodeBlock::dump): - * bytecode/CodeBlock.h: - (JSC::CodeBlock::valueProfileForBytecodeOffset): - * bytecode/CodeOrigin.h: - (JSC::CodeOrigin::CodeOrigin): - (JSC::CodeOrigin::bytecodeIndexForValueProfile): - * bytecode/Instruction.h: - (JSC::Instruction::Instruction): - * bytecode/Opcode.h: - * bytecompiler/BytecodeGenerator.cpp: - (JSC::BytecodeGenerator::emitProfiledOpcode): - (JSC::BytecodeGenerator::emitResolve): - (JSC::BytecodeGenerator::emitGetScopedVar): - (JSC::BytecodeGenerator::emitResolveBase): - (JSC::BytecodeGenerator::emitResolveBaseForPut): - (JSC::BytecodeGenerator::emitResolveWithBase): - (JSC::BytecodeGenerator::emitResolveWithThis): - (JSC::BytecodeGenerator::emitGetById): - (JSC::BytecodeGenerator::emitGetByVal): - (JSC::BytecodeGenerator::emitCall): - (JSC::BytecodeGenerator::emitCallVarargs): - (JSC::BytecodeGenerator::emitConstruct): - * bytecompiler/BytecodeGenerator.h: - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::ByteCodeParser): - (JSC::DFG::ByteCodeParser::currentCodeOrigin): - (JSC::DFG::ByteCodeParser::addCall): - (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit): - (JSC::DFG::ByteCodeParser::getPrediction): - (JSC::DFG::ByteCodeParser::handleCall): - (JSC::DFG::ByteCodeParser::handleInlining): - (JSC::DFG::ByteCodeParser::parseBlock): - (JSC::DFG::ByteCodeParser::parse): - * dfg/DFGGraph.h: - (JSC::DFG::Graph::valueProfileFor): - * jit/JIT.h: - (JSC::JIT::emitValueProfilingSite): - * jit/JITCall.cpp: - (JSC::JIT::emit_op_call_put_result): - * jit/JITCall32_64.cpp: - (JSC::JIT::emit_op_call_put_result): - * jit/JITInlineMethods.h: - (JSC::JIT::emitValueProfilingSite): - * jit/JITOpcodes.cpp: - (JSC::JIT::emit_op_resolve): - (JSC::JIT::emit_op_resolve_base): - (JSC::JIT::emit_op_resolve_skip): - (JSC::JIT::emit_op_resolve_global): - (JSC::JIT::emitSlow_op_resolve_global): - (JSC::JIT::emit_op_resolve_with_base): - (JSC::JIT::emit_op_resolve_with_this): - (JSC::JIT::emitSlow_op_resolve_global_dynamic): - * jit/JITOpcodes32_64.cpp: - (JSC::JIT::emit_op_resolve): - (JSC::JIT::emit_op_resolve_base): - (JSC::JIT::emit_op_resolve_skip): - (JSC::JIT::emit_op_resolve_global): - (JSC::JIT::emitSlow_op_resolve_global): - (JSC::JIT::emit_op_resolve_with_base): - (JSC::JIT::emit_op_resolve_with_this): - * jit/JITPropertyAccess.cpp: - (JSC::JIT::emit_op_get_by_val): - (JSC::JIT::emitSlow_op_get_by_val): - (JSC::JIT::emit_op_method_check): - (JSC::JIT::emitSlow_op_method_check): - (JSC::JIT::emit_op_get_by_id): - (JSC::JIT::emitSlow_op_get_by_id): - (JSC::JIT::emit_op_get_scoped_var): - (JSC::JIT::emit_op_get_global_var): - * jit/JITPropertyAccess32_64.cpp: - (JSC::JIT::emit_op_method_check): - (JSC::JIT::emitSlow_op_method_check): - (JSC::JIT::emit_op_get_by_val): - (JSC::JIT::emitSlow_op_get_by_val): - (JSC::JIT::emit_op_get_by_id): - (JSC::JIT::emitSlow_op_get_by_id): - (JSC::JIT::emit_op_get_scoped_var): - (JSC::JIT::emit_op_get_global_var): - * jit/JITStubCall.h: - (JSC::JITStubCall::callWithValueProfiling): - * runtime/Options.cpp: - (JSC::Options::initializeOptions): - -2012-01-20 ChangSeok Oh - - undefined reference to symbol eina_module_free - https://bugs.webkit.org/show_bug.cgi?id=76681 - - Reviewed by Martin Robinson. - - eina_module_free has been used without including eina libraries after r104936. - - * wtf/PlatformEfl.cmake: Add EINA_LIBRARIES. - -2012-01-19 Tony Chang - - [chromium] Remove an obsolete comment about features.gypi - https://bugs.webkit.org/show_bug.cgi?id=76643 - - There can be only one features.gypi. - - Reviewed by James Robinson. - - * JavaScriptCore.gyp/JavaScriptCore.gyp: - -2012-01-19 Geoffrey Garen - - Implicit creation of a regular expression should eagerly check for syntax errors - https://bugs.webkit.org/show_bug.cgi?id=76642 - - Reviewed by Oliver Hunt. - - This is a correctness fix and a slight optimization. - - * runtime/StringPrototype.cpp: - (JSC::stringProtoFuncMatch): - (JSC::stringProtoFuncSearch): Check for syntax errors because that's the - correct behavior. - - * runtime/RegExp.cpp: - (JSC::RegExp::match): ASSERT that we aren't a syntax error. (One line - of code change, many lines of indentation change.) - - Since we have no clients that try to match a RegExp that is a syntax error, - let's optimize out the check. - -2012-01-19 Mark Hahnenberg - - Implement a new allocator for backing stores - https://bugs.webkit.org/show_bug.cgi?id=75181 - - Reviewed by Filip Pizlo. - - We want to move away from using fastMalloc for the backing stores for - some of our objects (e.g. JSArray, JSObject, JSString, etc). These backing - stores have a nice property in that they only have a single owner (i.e. a - single pointer to them at any one time). One way that we can take advantage - of this property is to implement a simple bump allocator/copying collector, - which will run alongside our normal mark/sweep collector, that only needs to - update the single owner pointer rather than having to redirect an arbitrary - number of pointers in from-space to to-space. - - This plan can give us a number of benefits. We can beat fastMalloc in terms - of both performance and memory usage, we can track how much memory we're using - far more accurately than our rough estimation now through the use of - reportExtraMemoryCost, and we can allocate arbitrary size objects (as opposed - to being limited to size classes like we have been historically). This is also - another step toward moving away from lazy destruction, which will improve our memory footprint. - - We start by creating said allocator and moving the ArrayStorage for JSArray - to use it rather than fastMalloc. - - The design of the collector is as follows: - Allocation: - -The collector allocates 64KB chunks from the OS to use for object allocation. - -Each chunk contains an offset, a flag indicating if the block has been pinned, - and a payload, along with next and prev pointers so that they can be put in DoublyLinkedLists. - -Any allocation greater than 64KB gets its own separate oversize block, which - is managed separately from the rest. - -If the allocator receives a request for more than the remaining amount in the - current block, it grabs a fresh block. - -Grabbing a fresh block means grabbing one off of the global free list (which is now - shared between the mark/sweep allocator and the bump allocator) if there is one. - If there isn't a new one we do one of two things: allocate a new block from the OS - if we're not ready for a GC yet, or run a GC and then try again. If we still don't - have enough space after the GC, we allocate a new block from the OS. - - Garbage collection: - -At the start of garbage collection during conservative stack scanning, if we encounter - what appears to be a pointer to a bump-allocated block of memory, we pin that block so - that it will not be copied for this round of collection. - -We also pin any oversize blocks that we encounter, which effectively doubles as a - "mark bit" for that block. Any oversize blocks that aren't pinned at the end of copying - are given back to the OS. - -Marking threads are now also responsible for copying bump-allocated objects to newSpace - -Each marking thread has a private 64KB block into which it copies bump-allocated objects that it encounters. - -When that block fills up, the marking thread gives it back to the allocator and requests a new one. - -When all marking has concluded, each thread gives back its copy block, even if it isn't full. - -At the conclusion of copying (which is done by the end of the marking phase), we un-pin - any pinned blocks and give any blocks left in from-space to the global free list. - - * CMakeLists.txt: - * GNUmakefile.list.am: - * JavaScriptCore.gypi: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: - * JavaScriptCore.vcproj/WTF/WTF.vcproj: - * JavaScriptCore.xcodeproj/project.pbxproj: - * Target.pri: - * heap/AllocationSpace.cpp: - (JSC::AllocationSpace::allocateSlowCase): - (JSC::AllocationSpace::allocateBlock): - (JSC::AllocationSpace::freeBlocks): - * heap/AllocationSpace.h: - (JSC::AllocationSpace::waterMark): - * heap/BumpBlock.h: Added. - (JSC::BumpBlock::BumpBlock): - * heap/BumpSpace.cpp: Added. - (JSC::BumpSpace::tryAllocateSlowCase): - * heap/BumpSpace.h: Added. - (JSC::BumpSpace::isInCopyPhase): - (JSC::BumpSpace::totalMemoryAllocated): - (JSC::BumpSpace::totalMemoryUtilized): - * heap/BumpSpaceInlineMethods.h: Added. - (JSC::BumpSpace::BumpSpace): - (JSC::BumpSpace::init): - (JSC::BumpSpace::contains): - (JSC::BumpSpace::pin): - (JSC::BumpSpace::startedCopying): - (JSC::BumpSpace::doneCopying): - (JSC::BumpSpace::doneFillingBlock): - (JSC::BumpSpace::recycleBlock): - (JSC::BumpSpace::getFreshBlock): - (JSC::BumpSpace::borrowBlock): - (JSC::BumpSpace::addNewBlock): - (JSC::BumpSpace::allocateNewBlock): - (JSC::BumpSpace::fitsInBlock): - (JSC::BumpSpace::fitsInCurrentBlock): - (JSC::BumpSpace::tryAllocate): - (JSC::BumpSpace::tryAllocateOversize): - (JSC::BumpSpace::allocateFromBlock): - (JSC::BumpSpace::tryReallocate): - (JSC::BumpSpace::tryReallocateOversize): - (JSC::BumpSpace::isOversize): - (JSC::BumpSpace::isPinned): - (JSC::BumpSpace::oversizeBlockFor): - (JSC::BumpSpace::blockFor): - * heap/ConservativeRoots.cpp: - (JSC::ConservativeRoots::ConservativeRoots): - (JSC::ConservativeRoots::genericAddPointer): - (JSC::ConservativeRoots::add): - * heap/ConservativeRoots.h: - * heap/Heap.cpp: - (JSC::Heap::Heap): - (JSC::Heap::blockFreeingThreadMain): - (JSC::Heap::reportExtraMemoryCostSlowCase): - (JSC::Heap::getConservativeRegisterRoots): - (JSC::Heap::markRoots): - (JSC::Heap::collect): - (JSC::Heap::releaseFreeBlocks): - * heap/Heap.h: - (JSC::Heap::waterMark): - (JSC::Heap::highWaterMark): - (JSC::Heap::setHighWaterMark): - (JSC::Heap::tryAllocateStorage): - (JSC::Heap::tryReallocateStorage): - * heap/HeapBlock.h: Added. - (JSC::HeapBlock::HeapBlock): - * heap/MarkStack.cpp: - (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData): - (JSC::SlotVisitor::drain): - (JSC::SlotVisitor::drainFromShared): - (JSC::SlotVisitor::startCopying): - (JSC::SlotVisitor::allocateNewSpace): - (JSC::SlotVisitor::copy): - (JSC::SlotVisitor::copyAndAppend): - (JSC::SlotVisitor::doneCopying): - * heap/MarkStack.h: - * heap/MarkedBlock.cpp: - (JSC::MarkedBlock::recycle): - (JSC::MarkedBlock::MarkedBlock): - * heap/MarkedBlock.h: - * heap/MarkedSpace.cpp: - (JSC::MarkedSpace::MarkedSpace): - * heap/MarkedSpace.h: - (JSC::MarkedSpace::allocate): - (JSC::MarkedSpace::forEachBlock): - (JSC::MarkedSpace::SizeClass::resetAllocator): - * heap/SlotVisitor.h: - (JSC::SlotVisitor::SlotVisitor): - * heap/TinyBloomFilter.h: - (JSC::TinyBloomFilter::reset): - * runtime/JSArray.cpp: - (JSC::JSArray::JSArray): - (JSC::JSArray::finishCreation): - (JSC::JSArray::tryFinishCreationUninitialized): - (JSC::JSArray::~JSArray): - (JSC::JSArray::enterSparseMode): - (JSC::JSArray::defineOwnNumericProperty): - (JSC::JSArray::setLengthWritable): - (JSC::JSArray::getOwnPropertySlotByIndex): - (JSC::JSArray::getOwnPropertyDescriptor): - (JSC::JSArray::putByIndexBeyondVectorLength): - (JSC::JSArray::deletePropertyByIndex): - (JSC::JSArray::getOwnPropertyNames): - (JSC::JSArray::increaseVectorLength): - (JSC::JSArray::unshiftCountSlowCase): - (JSC::JSArray::setLength): - (JSC::JSArray::pop): - (JSC::JSArray::unshiftCount): - (JSC::JSArray::visitChildren): - (JSC::JSArray::sortNumeric): - (JSC::JSArray::sort): - (JSC::JSArray::compactForSorting): - (JSC::JSArray::subclassData): - (JSC::JSArray::setSubclassData): - (JSC::JSArray::checkConsistency): - * runtime/JSArray.h: - (JSC::JSArray::inSparseMode): - (JSC::JSArray::isLengthWritable): - * wtf/CheckedBoolean.h: Added. - (CheckedBoolean::CheckedBoolean): - (CheckedBoolean::~CheckedBoolean): - (CheckedBoolean::operator bool): - * wtf/DoublyLinkedList.h: - (WTF::::push): - * wtf/StdLibExtras.h: - (WTF::isPointerAligned): - -2012-01-19 Joi Sigurdsson - - Enable use of precompiled headers in Chromium port on Windows. - - Bug 76381 - Use precompiled headers in Chromium port on Windows - https://bugs.webkit.org/show_bug.cgi?id=76381 - - Reviewed by Tony Chang. - - * JavaScriptCore.gyp/JavaScriptCore.gyp: Include WinPrecompile.gypi. - -2012-01-18 Roland Takacs - - Cross-platform processor core counter fix - https://bugs.webkit.org/show_bug.cgi?id=76540 - - Reviewed by Zoltan Herczeg. - - I attached "OS(FREEBSD)" to "#if OS(DARWIN) || OS(OPENBSD) || OS(NETBSD)" - and I removed the OS checking macros from ParallelJobsGeneric.cpp because - the NumberOfCores.cpp contains them for counting CPU cores. - The processor core counter patch located at - https://bugs.webkit.org/show_bug.cgi?id=76530 - - * wtf/NumberOfCores.cpp: - * wtf/ParallelJobsGeneric.cpp: - -2012-01-18 Csaba Osztrogonác - - Cross-platform processor core counter - https://bugs.webkit.org/show_bug.cgi?id=76530 - - Unreviewed cross-MinGW buildfix after r105270. - - * wtf/NumberOfCores.cpp: Use windows.h instead of Windows.h. - -2012-01-18 Roland Takacs - - Cross-platform processor core counter - https://bugs.webkit.org/show_bug.cgi?id=76530 - - Reviewed by Zoltan Herczeg. - - Two files have been created that include the processor core counter function. - It used to be in ParallelJobsGeneric.h/cpp before. - - * GNUmakefile.list.am: - * JavaScriptCore.gypi: - * JavaScriptCore.vcproj/WTF/WTF.vcproj: - * JavaScriptCore.xcodeproj/project.pbxproj: - * runtime/Options.cpp: - (JSC::Options::initializeOptions): - * wtf/CMakeLists.txt: - * wtf/NumberOfCores.cpp: Added. - (WTF::numberOfProcessorCores): - * wtf/NumberOfCores.h: Added. - * wtf/ParallelJobsGeneric.cpp: - (WTF::ParallelEnvironment::ParallelEnvironment): - * wtf/ParallelJobsGeneric.h: - -2012-01-18 Balazs Kelemen - - [Qt] Consolidate layout test crash logging - https://bugs.webkit.org/show_bug.cgi?id=75088 - - Reviewed by Simon Hausmann. - - Move backtrace generating logic into WTFReportBacktrace - and add a way to deinstall signal handlers if we know - that we have already printed the backtrace. - - * JavaScriptCore.exp: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - * wtf/Assertions.cpp: - (WTFLogLocker::WTFReportBacktrace): - (WTFLogLocker::WTFSetCrashHook): - (WTFLogLocker::WTFInvokeCrashHook): - * wtf/Assertions.h: - -2012-01-17 Geoffrey Garen - - Factored out some code into a helper function. - - I think this might help getting rid of omit-frame-pointer. - - Reviewed by Sam Weinig. - - No benchmark change. - - * runtime/StringPrototype.cpp: - (JSC::removeUsingRegExpSearch): Moved to here... - (JSC::replaceUsingRegExpSearch): ...from here. - -2012-01-17 Caio Marcelo de Oliveira Filho - - Uint8ClampedArray support - https://bugs.webkit.org/show_bug.cgi?id=74455 - - Reviewed by Filip Pizlo. - - * GNUmakefile.list.am: - * JavaScriptCore.xcodeproj/project.pbxproj: - * bytecode/PredictedType.cpp: - (JSC::predictionToString): - (JSC::predictionFromClassInfo): - * bytecode/PredictedType.h: - (JSC::isUint8ClampedArrayPrediction): - (JSC::isActionableMutableArrayPrediction): - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::initialize): - (JSC::DFG::AbstractState::execute): - * dfg/DFGNode.h: - (JSC::DFG::Node::shouldSpeculateUint8ClampedArray): - * dfg/DFGPropagator.cpp: - (JSC::DFG::Propagator::propagateNodePredictions): - (JSC::DFG::Propagator::fixupNode): - (JSC::DFG::Propagator::performNodeCSE): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::checkArgumentTypes): - (JSC::DFG::clampDoubleToByte): - (JSC::DFG::compileClampIntegerToByte): - (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray): - (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): - (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): - * dfg/DFGSpeculativeJIT.h: - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * runtime/JSCell.h: - * runtime/JSGlobalData.h: - * wtf/Forward.h: - * wtf/Uint8Array.h: - * wtf/Uint8ClampedArray.h: Added. - (WTF::Uint8ClampedArray::set): - (WTF::Uint8ClampedArray::create): - (WTF::Uint8ClampedArray::Uint8ClampedArray): - (WTF::Uint8ClampedArray::subarray): - -2012-01-17 Sam Weinig - - Add helper macro for forward declaring objective-c classes - https://bugs.webkit.org/show_bug.cgi?id=76485 - - Reviewed by Anders Carlsson. - - * wtf/Compiler.h: - Add OBJC_CLASS macro which helps reduce code when forward declaring an - objective-c class in a header which can be included from both Objective-C - and non-Objective-C files. - -2012-01-17 Filip Pizlo - - DFG should be able to do JS and custom getter caching - https://bugs.webkit.org/show_bug.cgi?id=76361 - - Reviewed by Csaba Osztrogonác. - - Fix for 32-bit. - - * dfg/DFGRepatch.cpp: - (JSC::DFG::tryBuildGetByIDList): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - -2012-01-15 Filip Pizlo - - DFG should be able to do JS and custom getter caching - https://bugs.webkit.org/show_bug.cgi?id=76361 - - - Reviewed by Geoff Garen. - - Added the ability to cache JS getter calls and custom getter calls in the DFG. - Most of this is pretty mundane, since the old JIT supported this functionality - as well. But a couple interesting things had to happen: - - - There are now two variants of GetById: GetById, which works as before, and - GetByIdFlush, which flushes registers prior to doing the GetById. Only - GetByIdFlush can be used for caching getters. We detect which GetById style - to use by looking at the inline caches of the old JIT. - - - Exception handling for getter calls planted in stubs uses a separate lookup - handler routine, which uses the CodeOrigin stored in the StructureStubInfo. - - This is a 40% speed-up in the Dromaeo DOM Traversal average. It removes all of - the DFG regressions we saw in Dromaeo. This is neutral on SunSpider, V8, and - Kraken. - - * bytecode/StructureStubInfo.h: - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::execute): - * dfg/DFGAssemblyHelpers.h: - (JSC::DFG::AssemblyHelpers::emitExceptionCheck): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::willNeedFlush): - (JSC::DFG::ByteCodeParser::parseBlock): - * dfg/DFGCCallHelpers.h: - (JSC::DFG::CCallHelpers::setupResults): - * dfg/DFGJITCompiler.cpp: - (JSC::DFG::JITCompiler::link): - * dfg/DFGJITCompiler.h: - (JSC::DFG::PropertyAccessRecord::PropertyAccessRecord): - (JSC::DFG::JITCompiler::addExceptionCheck): - * dfg/DFGNode.h: - (JSC::DFG::Node::hasIdentifier): - (JSC::DFG::Node::hasHeapPrediction): - * dfg/DFGOperations.cpp: - * dfg/DFGOperations.h: - * dfg/DFGPropagator.cpp: - (JSC::DFG::Propagator::propagateNodePredictions): - * dfg/DFGRepatch.cpp: - (JSC::DFG::tryCacheGetByID): - (JSC::DFG::tryBuildGetByIDList): - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheckSetResult): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::cachedGetById): - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::cachedGetById): - (JSC::DFG::SpeculativeJIT::compile): - -2012-01-16 Jon Lee - - Build fix for r105086. - - * Configurations/FeatureDefines.xcconfig: - * wtf/Platform.h: - -2012-01-16 Jon Lee - - Remove HTML notifications support on Mac - https://bugs.webkit.org/show_bug.cgi?id=76401 - - - Reviewed by Sam Weinig. - - * wtf/Platform.h: Define ENABLE_HTML_NOTIFICATIONS macro. - -2012-01-16 Zeno Albisser - - [Qt] Fix QT_VERSION related warnings when building on Mac OS X - https://bugs.webkit.org/show_bug.cgi?id=76340 - - This bug was caused by r104826. - As already mentioned for https://bugs.webkit.org/show_bug.cgi?id=57239 - we should not use "using namespace WebCore" in header files, - because it might cause ambiguous references. - This patch reverts the changes from r104826 and r104981 - and removes the "using namespace WebCore" statement from - two header files. - - Reviewed by Tor Arne Vestbø. - - * wtf/Platform.h: - -2012-01-16 Carlos Garcia Campos - - Unreviewed. Fix make distcheck. - - * GNUmakefile.list.am: Fix typo. - -2012-01-16 Pavel Heimlich - - Solaris Studio supports alignment macros too - https://bugs.webkit.org/show_bug.cgi?id=75453 - - Reviewed by Hajime Morita. - - * wtf/Alignment.h: - -2012-01-16 Yuqiang Xian - - Build fix on 32bit if verbose debug is enabled in DFG - https://bugs.webkit.org/show_bug.cgi?id=76351 - - Reviewed by Hajime Morita. - - Mostly change "%lu" to "%zu" to print a "size_t" variable. - - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::endBasicBlock): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::handleCall): - (JSC::DFG::ByteCodeParser::handleInlining): - (JSC::DFG::ByteCodeParser::parseBlock): - (JSC::DFG::ByteCodeParser::parseCodeBlock): - * dfg/DFGGraph.cpp: - (JSC::DFG::Graph::predictArgumentTypes): - * dfg/DFGJITCompiler.cpp: - (JSC::DFG::JITCompiler::link): - * dfg/DFGOSREntry.cpp: - (JSC::DFG::prepareOSREntry): - -2012-01-15 Filip Pizlo - - The C calling convention logic in DFG::SpeculativeJIT should be available even - when not generating code for the DFG speculative path - https://bugs.webkit.org/show_bug.cgi?id=76355 - - Reviewed by Dan Bernstein. - - Moved all of the logic for placing C call arguments into the right place (stack - or registers) into a new class, DFG::CCallHelpers. This class inherits from - AssemblyHelpers, another DFG grab-bag of helper functions. I could have moved - this code into AssemblyHelpers, but decided against it, because I wanted to - limit the number of methods each class in the JIT has. Hence now we have a - slightly odd organization of JIT classes in DFG: MacroAssembler (basic instruction - emission) <= AssemblyHelpers (some additional JS smarts) <= CCallHelpers - (understands calls to C functions) <= JITCompiler (can compile a graph to machine - code). Each of these except for JITCompiler can be reused for stub compilation. - - * GNUmakefile.list.am: - * JavaScriptCore.xcodeproj/project.pbxproj: - * dfg/DFGCCallHelpers.h: Added. - (JSC::DFG::CCallHelpers::CCallHelpers): - (JSC::DFG::CCallHelpers::resetCallArguments): - (JSC::DFG::CCallHelpers::addCallArgument): - (JSC::DFG::CCallHelpers::setupArguments): - (JSC::DFG::CCallHelpers::setupArgumentsExecState): - (JSC::DFG::CCallHelpers::setupArgumentsWithExecState): - (JSC::DFG::CCallHelpers::setupTwoStubArgs): - (JSC::DFG::CCallHelpers::setupStubArguments): - * dfg/DFGJITCompiler.h: - (JSC::DFG::JITCompiler::JITCompiler): - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::callOperation): - -2012-01-15 Pablo Flouret - - Fix compilation errors on build-webkit --debug --no-video on mac. - https://bugs.webkit.org/show_bug.cgi?id=75867 - - Reviewed by Philippe Normand. - - Make ENABLE_VIDEO_TRACK conditional on ENABLE_VIDEO, video track feature - doesn't build without video. - - * wtf/Platform.h: - -2012-01-14 David Levin - - HWndDC should be in platform/win instead of wtf. - https://bugs.webkit.org/show_bug.cgi?id=76314 - - Reviewed by Sam Weinig. - - * JavaScriptCore.gyp/JavaScriptCore.gyp: - * JavaScriptCore.gypi: - -2012-01-13 David Levin - - check-webkit-style: should encourage the use of Own* classes for Windows DC. - https://bugs.webkit.org/show_bug.cgi?id=76227 - - Reviewed by Dirk Pranke. - - * wtf/win/HWndDCWin.h: - (WTF::HwndDC::HwndDC): Add a way to do GetDCEx. - There are no users, but I want to catch this in check-webkit-style - and tell any users to use HwndDC to avoid leaks. - -2012-01-13 David Levin - - Header file is missing header guard. - - Reviewed by Dirk Pranke. - - * wtf/win/HWndDCWin.h: Added the guards. - -2012-01-13 Andy Wingo - - Eval in strict mode does not need dynamic checks - https://bugs.webkit.org/show_bug.cgi?id=76286 - - Reviewed by Oliver Hunt. - - * runtime/JSActivation.cpp (JSC::JSActivation::JSActivation): - Eval in strict mode cannot introduce variables, so it not impose - the need for dynamic checks. - -2012-01-13 David Levin - - HWndDC is a better name than HwndDC. - https://bugs.webkit.org/show_bug.cgi?id=76281 - - Reviewed by Darin Adler. - - * JavaScriptCore.gyp/JavaScriptCore.gyp: - * JavaScriptCore.gypi: - * wtf/win/HWndDCWin.h: Renamed from Source/JavaScriptCore/wtf/win/HwndDCWin.h. - (WTF::HWndDC::HWndDC): - (WTF::HWndDC::~HWndDC): - (WTF::HWndDC::operator HDC): - -2012-01-13 YoungTaeck Song - - [EFL] Add OwnPtr specialization for Eina_Module. - https://bugs.webkit.org/show_bug.cgi?id=76255 - - Reviewed by Andreas Kling. - - Add an overload for deleteOwnedPtr(Eina_Module*) on EFL port. - - * wtf/OwnPtrCommon.h: - * wtf/efl/OwnPtrEfl.cpp: - (WTF::deleteOwnedPtr): - -2012-01-13 Yuqiang Xian - - Unreviewed build fix after r104787 if JIT_VERBOSE_OSR is defined - - * jit/JITStubs.cpp: - (JSC::DEFINE_STUB_FUNCTION): - -2012-01-12 Hajime Morrita - - JavaScriptCore: Mark all exported symbols in the header file automatically. - https://bugs.webkit.org/show_bug.cgi?id=72855 - - Reviewed by Darin Adler. - - Added WTF_EXPORT_PRIVATE and JS_EXPORT_PRIVATE based on JavaScriptCore.exp files. - The change is generated by a tool calledListExportables (https://github.com/omo/ListExportables) - - * API/OpaqueJSString.h: - * bytecode/CodeBlock.h: - * bytecode/SamplingTool.h: - * debugger/Debugger.h: - * debugger/DebuggerActivation.h: - * debugger/DebuggerCallFrame.h: - * heap/AllocationSpace.h: - * heap/HandleHeap.h: - * heap/Heap.h: - * heap/MachineStackMarker.h: - * heap/MarkStack.h: - * heap/VTableSpectrum.h: - * heap/WriteBarrierSupport.h: - * parser/Nodes.h: - * parser/ParserArena.h: - * profiler/Profile.h: - * runtime/ArgList.h: - * runtime/CallData.h: - * runtime/Completion.h: - * runtime/ConstructData.h: - * runtime/DateInstance.h: - * runtime/Error.h: - * runtime/ExceptionHelpers.h: - * runtime/FunctionConstructor.h: - * runtime/Identifier.h: - * runtime/InitializeThreading.h: - * runtime/InternalFunction.h: - * runtime/JSArray.h: - * runtime/JSByteArray.h: - * runtime/JSCell.h: - * runtime/JSFunction.h: - * runtime/JSGlobalData.cpp: - * runtime/JSGlobalData.h: - * runtime/JSGlobalObject.h: - * runtime/JSGlobalThis.h: - * runtime/JSLock.h: - * runtime/JSObject.h: - * runtime/JSString.h: - * runtime/JSValue.h: - * runtime/JSVariableObject.h: - * runtime/Lookup.h: - * runtime/MemoryStatistics.h: - * runtime/ObjectPrototype.h: - * runtime/Options.h: - * runtime/PropertyDescriptor.h: - * runtime/PropertyNameArray.h: - * runtime/PropertySlot.h: - * runtime/RegExp.h: - * runtime/RegExpObject.h: - * runtime/SamplingCounter.h: - * runtime/SmallStrings.h: - * runtime/StringObject.h: - * runtime/Structure.h: - * runtime/TimeoutChecker.h: - * runtime/UString.h: - * runtime/WriteBarrier.h: - * wtf/ArrayBufferView.h: - * wtf/ByteArray.h: - * wtf/CryptographicallyRandomNumber.h: - * wtf/CurrentTime.h: - * wtf/DateMath.h: - * wtf/DecimalNumber.h: - * wtf/FastMalloc.cpp: - * wtf/FastMalloc.h: - * wtf/MD5.h: - * wtf/MainThread.h: - * wtf/MetaAllocator.h: - * wtf/MetaAllocatorHandle.h: - * wtf/OSAllocator.h: - * wtf/PageBlock.h: - * wtf/RandomNumber.h: - * wtf/RefCountedLeakCounter.h: - * wtf/SHA1.h: - * wtf/Threading.cpp: - * wtf/Threading.h: - * wtf/ThreadingPrimitives.h: - * wtf/WTFThreadData.h: - * wtf/dtoa.h: - * wtf/text/AtomicString.h: - * wtf/text/CString.h: - * wtf/text/StringBuilder.h: - * wtf/text/StringImpl.h: - * wtf/text/WTFString.h: - * wtf/unicode/Collator.h: - * wtf/unicode/UTF8.h: - * yarr/Yarr.h: - * yarr/YarrPattern.h: - -2012-01-12 MORITA Hajime - - [Chromium] JSExportMacros.h should be visible. - https://bugs.webkit.org/show_bug.cgi?id=76147 - - Reviewed by Tony Chang. - - * config.h: - -2012-01-12 David Levin - - HwndDC is a better name than OwnGetDC. - https://bugs.webkit.org/show_bug.cgi?id=76235 - - Reviewed by Dmitry Titov. - - This is a better name for two reasons: - 1. "Own" implies "delete". In this case, the final call is a release (ReleaseDC). - 2. "Ref" would be a better name due to the release but the RefPtr (and OwnPtr) - classes always take something to hold on to. In this case, the object (the DC) - is created by the class once it is given a Window to ensure that the HDC - was actually created using GetDC. - - * JavaScriptCore.gyp/JavaScriptCore.gyp: - * JavaScriptCore.gypi: - * wtf/win/HwndDCWin.h: Renamed from Source/JavaScriptCore/wtf/win/OwnGetDCWin.h. - (WTF::HwndDC::HwndDC): - (WTF::HwndDC::~HwndDC): - (WTF::HwndDC::operator HDC): - -2012-01-12 Gavin Barraclough - - Clean up putDirect (part 2) - https://bugs.webkit.org/show_bug.cgi?id=76232 - - Reviewed by Sam Weinig. - - Rename putWithAttributes to putDirectVirtual, to identify that this - has the same unchecked-DefineOwnProperty behaviour, change putDirectInternal - to be templated on an enum indicating which behaviour it is supposed to be - implementing, and change clients that are defining properties to call - putDirectInternal correctly. - - * API/JSObjectRef.cpp: - (JSObjectSetProperty): - * JavaScriptCore.exp: - * debugger/DebuggerActivation.cpp: - (JSC::DebuggerActivation::putDirectVirtual): - * debugger/DebuggerActivation.h: - * interpreter/Interpreter.cpp: - (JSC::Interpreter::execute): - * runtime/ClassInfo.h: - * runtime/Error.cpp: - (JSC::addErrorInfo): - * runtime/JSActivation.cpp: - (JSC::JSActivation::putDirectVirtual): - * runtime/JSActivation.h: - * runtime/JSCell.cpp: - (JSC::JSCell::putDirectVirtual): - * runtime/JSCell.h: - * runtime/JSGlobalObject.cpp: - (JSC::JSGlobalObject::putDirectVirtual): - * runtime/JSGlobalObject.h: - * runtime/JSObject.cpp: - (JSC::JSObject::put): - (JSC::JSObject::putDirectVirtual): - (JSC::JSObject::defineGetter): - (JSC::JSObject::initializeGetterSetterProperty): - (JSC::JSObject::defineSetter): - (JSC::putDescriptor): - * runtime/JSObject.h: - (JSC::JSObject::putDirectInternal): - (JSC::JSObject::putOwnDataProperty): - (JSC::JSObject::putDirect): - * runtime/JSStaticScopeObject.cpp: - (JSC::JSStaticScopeObject::putDirectVirtual): - * runtime/JSStaticScopeObject.h: - * runtime/JSVariableObject.cpp: - (JSC::JSVariableObject::putDirectVirtual): - * runtime/JSVariableObject.h: - -2012-01-12 Gavin Barraclough - - Clean up putDirect (part 1) - https://bugs.webkit.org/show_bug.cgi?id=76232 - - Reviewed by Sam Weinig. - - putDirect has ambiguous semantics, clean these up a bit. - - putDirect generally behaves a bit like a fast defineOwnProperty, but one that - always creates the property, with no checking to validate the put it permitted. - - It also encompasses two slightly different behaviors. - (1) a fast form of put for JSActivation, which doesn't have to handle searching - the prototype chain, getter/setter properties, or the magic __proto__ value. - Break this out as a new method, 'putOwnDataProperty'. - (2) the version of putDirect on JSValue will also check for overwriting ReadOnly - values, in strict mode. This is, however, not so smart on a few level, since - it is only called from op_put_by_id with direct set, which is only used with - an object as the base, and is only used to put new properties onto objects. - - * dfg/DFGOperations.cpp: - * interpreter/Interpreter.cpp: - (JSC::Interpreter::privateExecute): - * jit/JITStubs.cpp: - (JSC::DEFINE_STUB_FUNCTION): - * runtime/JSActivation.cpp: - (JSC::JSActivation::put): - * runtime/JSFunction.cpp: - (JSC::JSFunction::getOwnPropertySlot): - * runtime/JSObject.h: - (JSC::JSObject::putOwnDataProperty): - * runtime/JSValue.h: - -2012-01-12 Gavin Barraclough - - https://bugs.webkit.org/show_bug.cgi?id=76141 - defineSetter/defineGetter may fail to update Accessor attribute - - Reviewed by Oliver Hunt. - - * runtime/JSObject.cpp: - (JSC::JSObject::defineGetter): - (JSC::JSObject::initializeGetterSetterProperty): - (JSC::JSObject::defineSetter): - * runtime/Structure.cpp: - (JSC::Structure::attributeChangeTransition): - * runtime/Structure.h: - -2012-01-12 David Levin - - [chromium] Fix DC leak in WebScreenInfoFactory. - https://bugs.webkit.org/show_bug.cgi?id=76203 - - Reviewed by Dmitry Titov. - - * JavaScriptCore.gyp/JavaScriptCore.gyp: Added OwnGetDCWin.h - * JavaScriptCore.gypi: Added OwnGetDCWin.h - * JavaScriptCore/wtf/win/OwnGetDCWin.h: Made an owner class for GetDC which needs ReleaseDC as opposed to DeleteDC. - -2012-01-11 Gavin Barraclough - - Allow accessor get/set property to be set to undefined - https://bugs.webkit.org/show_bug.cgi?id=76148 - - Reviewed by Oliver Hunt. - - AccessorDescriptor properties may have their get & set properties defined to reference a function - (Callable object) or be set to undefined. Valid PropertyDescriptors created by toPropertyDescriptor - (defined from JS code via Object.defineProperty, etc) have get and set properties that are in one of - three states (1) nonexistent, (2) set to undefined, or (3) a function (any Callable object). - - On the PropertyDescriptor object these three states are represneted by JSValue(), jsUndefined(), and - any JSObject* (with a constraint that this must be callable). - - Logically the get/set property of an accessor descriptor on an object might be in any of the three - states above, but in practice there is no way to distinguish between the first two states. As such - we stor the get/set values in property storage in a JSObject* field, with 0 indicating absent or - undefined. When unboxing to a PropertyDescriptor, map this back to a JS undefined value. - - * runtime/GetterSetter.h: - (JSC::GetterSetter::setGetter): - (JSC::GetterSetter::setSetter): - - Allow the getter/setter to be cleared. - * runtime/JSArray.cpp: - (JSC::JSArray::putDescriptor): - - Changed to call getterObject/setterObject. - (JSC::JSArray::defineOwnNumericProperty): - - Added ASSERT. - * runtime/JSObject.cpp: - (JSC::putDescriptor): - (JSC::JSObject::defineOwnProperty): - - Changed to call getterObject/setterObject. - * runtime/ObjectConstructor.cpp: - (JSC::objectConstructorGetOwnPropertyDescriptor): - - getter/setter values read from properties on object are never missing, they will now be set as undefined by 'setDescriptor'. - (JSC::toPropertyDescriptor): - - Do not translate undefined->empty, this loses an important distinction between a get/set property being absent, or being explicitly set to undefined. - * runtime/PropertyDescriptor.cpp: - (JSC::PropertyDescriptor::getterObject): - (JSC::PropertyDescriptor::setterObject): - - Accessors to convert the get/set property to an object pointer, converting undefined to 0. - (JSC::PropertyDescriptor::setDescriptor): - (JSC::PropertyDescriptor::setAccessorDescriptor): - - Translate a getter/setter internally represented at 0 to undefined, indicating that it is present. - * runtime/PropertyDescriptor.h: - - Declare getterObject/setterObject. - -2012-01-12 Zeno Albisser - - [Qt][WK2][Mac] Conflict of MacTypes.h defining a Fixed type after r104560. - https://bugs.webkit.org/show_bug.cgi?id=76175 - - Defining ENABLE_CSS_FILTERS leads to ambiguous references - due to MacTypes.h being included. - Defining CF_OPEN_SOURCE works around this problem. - - Reviewed by Simon Hausmann. - - * wtf/Platform.h: - -2012-01-12 Simon Hausmann - - Make the new WTF module build on Qt - https://bugs.webkit.org/show_bug.cgi?id=76163 - - Reviewed by Tor Arne Vestbø. - - * JavaScriptCore.pro: Removed wtf from the subdirs to build. - -2012-01-11 Filip Pizlo - - CodeBlock::m_executeCounter should be renamed to CodeBlock::m_jitExecuteCounter - https://bugs.webkit.org/show_bug.cgi?id=76144 - - - Rubber stamped by Gavin Barraclough. - - * bytecode/CodeBlock.h: - (JSC::CodeBlock::addressOfJITExecuteCounter): - (JSC::CodeBlock::offsetOfJITExecuteCounter): - (JSC::CodeBlock::jitExecuteCounter): - (JSC::CodeBlock::optimizeNextInvocation): - (JSC::CodeBlock::dontOptimizeAnytimeSoon): - (JSC::CodeBlock::optimizeAfterWarmUp): - (JSC::CodeBlock::optimizeAfterLongWarmUp): - (JSC::CodeBlock::optimizeSoon): - * dfg/DFGOSRExitCompiler32_64.cpp: - (JSC::DFG::OSRExitCompiler::compileExit): - * dfg/DFGOSRExitCompiler64.cpp: - (JSC::DFG::OSRExitCompiler::compileExit): - * jit/JIT.cpp: - (JSC::JIT::emitOptimizationCheck): - -2012-01-11 Gavin Barraclough - - Merge 'Getter'/'Setter' attributes into 'Accessor' - https://bugs.webkit.org/show_bug.cgi?id=76141 - - Reviewed by Filip Pizlo. - - These are currently ambiguous (and used inconsistently). It would logically appear - that either being bit set implies that the corresponding type of accessor is present - but (a) we don't correctly enforce this, and (b) this means the attributes would not - be able to distinguish between a data descriptor and an accessor descriptor with - neither a getter nor setter defined (which is a descriptor permissible under the spec). - This ambiguity would lead to unsafe property caching behavior (though this does not - represent an actual current bug, since we are currently unable to create descriptors - that have neither a getter nor setter, it just prevents us from doing so). - - * runtime/Arguments.cpp: - (JSC::Arguments::createStrictModeCallerIfNecessary): - (JSC::Arguments::createStrictModeCalleeIfNecessary): - * runtime/JSArray.cpp: - (JSC::SparseArrayValueMap::put): - (JSC::JSArray::putDescriptor): - * runtime/JSBoundFunction.cpp: - (JSC::JSBoundFunction::finishCreation): - * runtime/JSFunction.cpp: - (JSC::JSFunction::getOwnPropertySlot): - (JSC::JSFunction::getOwnPropertyDescriptor): - * runtime/JSObject.cpp: - (JSC::JSObject::defineGetter): - (JSC::JSObject::initializeGetterSetterProperty): - (JSC::JSObject::defineSetter): - (JSC::putDescriptor): - (JSC::JSObject::defineOwnProperty): - * runtime/JSObject.h: - * runtime/ObjectConstructor.cpp: - (JSC::objectConstructorDefineProperty): - * runtime/PropertyDescriptor.cpp: - (JSC::PropertyDescriptor::setDescriptor): - (JSC::PropertyDescriptor::setAccessorDescriptor): - (JSC::PropertyDescriptor::setSetter): - (JSC::PropertyDescriptor::setGetter): - (JSC::PropertyDescriptor::attributesOverridingCurrent): - -2012-01-11 Gavin Barraclough - - Object.defineProperty([], 'length', {}) should not make length read-only - https://bugs.webkit.org/show_bug.cgi?id=76097 - - Reviewed by Oliver Hunt. - - * runtime/JSArray.cpp: - (JSC::JSArray::defineOwnProperty): - - We should be checking writablePresent(). - -2012-01-11 Filip Pizlo - - Code duplication for invoking the JIT and DFG should be reduced - https://bugs.webkit.org/show_bug.cgi?id=76117 - - - Rubber stamped by Geoff Garen. - - * GNUmakefile.list.am: - * JavaScriptCore.xcodeproj/project.pbxproj: - * jit/JITDriver.h: Added. - (JSC::jitCompileIfAppropriate): - (JSC::jitCompileFunctionIfAppropriate): - * runtime/Executable.cpp: - (JSC::EvalExecutable::compileInternal): - (JSC::ProgramExecutable::compileInternal): - (JSC::FunctionExecutable::compileForCallInternal): - (JSC::FunctionExecutable::compileForConstructInternal): - -2012-01-11 Geoffrey Garen - - Bytecode dumping is broken for call opcodes (due to two new operands) - https://bugs.webkit.org/show_bug.cgi?id=75886 - - Reviewed by Oliver Hunt. - - * bytecode/CodeBlock.cpp: - (JSC::CodeBlock::printCallOp): Made a helper function, so I wouldn't have - to fix this more than once. The helper function skips the extra two operands - at the end of the opcode, used for optimization. - - (JSC::CodeBlock::dump): Used the helper function. - - * bytecode/CodeBlock.h: Declared the helper function. - -2012-01-09 Geoffrey Garen - - REGRESSION: d3 Bullet Charts demo doesn't work (call with argument assignment is broken) - https://bugs.webkit.org/show_bug.cgi?id=75911 - - * bytecompiler/BytecodeGenerator.h: - (JSC::BytecodeGenerator::emitNodeForLeftHandSide): Cleanup: No need to - explicitly cast to our return type in C++. - - * bytecompiler/NodesCodegen.cpp: - (JSC::FunctionCallResolveNode::emitBytecode): - (JSC::ApplyFunctionCallDotNode::emitBytecode): Make sure to copy our function - into a temporary register before evaluating our arguments, since argument - evaluation might include function calls or assignments that overwrite our callee by name. - -2012-01-11 Michael Saboff - - v8-regexp spends 35% of its time allocating and copying internal regexp results data - https://bugs.webkit.org/show_bug.cgi?id=76079 - - Reviewed by Geoffrey Garen. - - Added a new RegExpResults struct that has the input string, the number of - subexpressions and the output vector. Changed RegExpConstructor to - include a RegExpConstructorPrivate instead of having a reference to one. - Changed RegExpMatchesArray to include a RegExpResults instead of a - reference to a RegExpConstructorPrivate. Created an overloaded assignment - operator to assign a RegExpConstructorPrivate to a RegExpResults. - Collectively this change is worth 24% performance improvement to v8-regexp. - - * runtime/RegExpConstructor.cpp: - (JSC::RegExpResult::operator=): - (JSC::RegExpConstructor::RegExpConstructor): - (JSC::RegExpMatchesArray::RegExpMatchesArray): - (JSC::RegExpMatchesArray::finishCreation): - (JSC::RegExpMatchesArray::~RegExpMatchesArray): - (JSC::RegExpMatchesArray::fillArrayInstance): - (JSC::RegExpConstructor::arrayOfMatches): - (JSC::RegExpConstructor::getBackref): - (JSC::RegExpConstructor::getLastParen): - (JSC::RegExpConstructor::getLeftContext): - (JSC::RegExpConstructor::getRightContext): - (JSC::RegExpConstructor::setInput): - (JSC::RegExpConstructor::input): - (JSC::RegExpConstructor::setMultiline): - (JSC::RegExpConstructor::multiline): - * runtime/RegExpConstructor.h: - (JSC::RegExpResult::RegExpResult): - (JSC::RegExpConstructor::performMatch): - * runtime/RegExpMatchesArray.h: - (JSC::RegExpMatchesArray::create): - (JSC::RegExpMatchesArray::getOwnPropertySlot): - (JSC::RegExpMatchesArray::getOwnPropertySlotByIndex): - (JSC::RegExpMatchesArray::getOwnPropertyDescriptor): - (JSC::RegExpMatchesArray::put): - (JSC::RegExpMatchesArray::putByIndex): - (JSC::RegExpMatchesArray::deleteProperty): - (JSC::RegExpMatchesArray::deletePropertyByIndex): - (JSC::RegExpMatchesArray::getOwnPropertyNames): - -2012-01-11 Eugene Girard - - Typo in error message: Unexpected token 'defualt' - https://bugs.webkit.org/show_bug.cgi?id=75105 - - Reviewed by Simon Fraser. - - * parser/Parser.h: - (JSC::Parser::getTokenName): - -2012-01-11 Anders Carlsson - - Assertion failure in JSC::allocateCell trying to allocate a JSString - https://bugs.webkit.org/show_bug.cgi?id=76101 - - Reviewed by Adam Roben. - - Remove the ExecutableBase::s_info and JSString::s_info static member variables from the .def file and - export them explicitly using the JS_EXPORTDATA macro. - - member variables explicitly using - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - * runtime/Executable.h: - * runtime/JSString.h: - -2012-01-10 Mark Rowe - - jsc should install directly in to versioned Resources subfolder - - This ensures that jsc ends up in a consistent location whether built in to the same DSTROOT - as JavaScriptCore.framework or in to a different one. - - Rubber-stamped by Dan Bernstein. - - * Configurations/JSC.xcconfig: Update INSTALL_PATH. - -2012-01-10 Filip Pizlo - - DFG inlining block linking compares BlockIndex against bytecode index - https://bugs.webkit.org/show_bug.cgi?id=76018 - - - Reviewed by Gavin Barraclough. - - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::parseCodeBlock): - -2012-01-10 Filip Pizlo - - CodeBlock.h declares too many things - https://bugs.webkit.org/show_bug.cgi?id=76001 - - Rubber stamped by Gavin Barraclough. - - Removed all non-CodeBlock type declarations from CodeBlock.h, and put them - into separate header files. Also removed all non-CodeBlock method implementations - from CodeBlock.cpp and put them into corresponding cpp files. - - * CMakeLists.txt: - * GNUmakefile.list.am: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: - * JavaScriptCore.xcodeproj/project.pbxproj: - * Target.pri: - * assembler/RepatchBuffer.h: - * bytecode/CallLinkInfo.cpp: Added. - (JSC::CallLinkInfo::unlink): - * bytecode/CallLinkInfo.h: Added. - (JSC::CallLinkInfo::callTypeFor): - (JSC::CallLinkInfo::CallLinkInfo): - (JSC::CallLinkInfo::~CallLinkInfo): - (JSC::CallLinkInfo::isLinked): - (JSC::CallLinkInfo::seenOnce): - (JSC::CallLinkInfo::setSeen): - (JSC::getCallLinkInfoReturnLocation): - (JSC::getCallLinkInfoBytecodeIndex): - * bytecode/CallReturnOffsetToBytecodeOffset.h: Added. - (JSC::CallReturnOffsetToBytecodeOffset::CallReturnOffsetToBytecodeOffset): - (JSC::getCallReturnOffset): - * bytecode/CodeBlock.cpp: - * bytecode/CodeBlock.h: - * bytecode/CodeType.h: Added. - * bytecode/ExpressionRangeInfo.h: Added. - * bytecode/GlobalResolveInfo.h: Added. - (JSC::GlobalResolveInfo::GlobalResolveInfo): - * bytecode/HandlerInfo.h: Added. - * bytecode/LineInfo.h: Added. - * bytecode/MethodCallLinkInfo.cpp: Added. - (JSC::MethodCallLinkInfo::reset): - * bytecode/MethodCallLinkInfo.h: Added. - (JSC::MethodCallLinkInfo::MethodCallLinkInfo): - (JSC::MethodCallLinkInfo::seenOnce): - (JSC::MethodCallLinkInfo::setSeen): - (JSC::getMethodCallLinkInfoReturnLocation): - (JSC::getMethodCallLinkInfoBytecodeIndex): - * bytecode/StructureStubInfo.h: - (JSC::getStructureStubInfoReturnLocation): - (JSC::getStructureStubInfoBytecodeIndex): - -2012-01-10 Anders Carlsson - - Hang opening movie that requires authentication - https://bugs.webkit.org/show_bug.cgi?id=75989 - - - Reviewed by Sam Weinig. - - * wtf/Functional.h: - Add function wrapper for a function that takes three parameters. - -2012-01-10 Filip Pizlo - - CodeBlock::m_numParameters should be encapsulated - https://bugs.webkit.org/show_bug.cgi?id=75985 - - - Reviewed by Oliver Hunt. - - Encapsulated CodeBlock::m_numParameters and hooked argument profile creation - into it. This appears to be performance neutral. - - * bytecode/CodeBlock.cpp: - (JSC::CodeBlock::CodeBlock): - (JSC::CodeBlock::setNumParameters): - (JSC::CodeBlock::addParameter): - * bytecode/CodeBlock.h: - (JSC::CodeBlock::numParameters): - (JSC::CodeBlock::addressOfNumParameters): - (JSC::CodeBlock::offsetOfNumParameters): - (JSC::CodeBlock::numberOfArgumentValueProfiles): - * bytecompiler/BytecodeGenerator.cpp: - (JSC::BytecodeGenerator::BytecodeGenerator): - (JSC::BytecodeGenerator::addParameter): - (JSC::BytecodeGenerator::emitReturn): - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::AbstractState): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::ByteCodeParser): - (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): - * dfg/DFGGraph.cpp: - (JSC::DFG::Graph::predictArgumentTypes): - * dfg/DFGJITCompiler.cpp: - (JSC::DFG::JITCompiler::compileFunction): - * dfg/DFGOperations.cpp: - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::checkArgumentTypes): - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::SpeculativeJIT): - * interpreter/Interpreter.cpp: - (JSC::Interpreter::slideRegisterWindowForCall): - (JSC::Interpreter::dumpRegisters): - (JSC::Interpreter::execute): - (JSC::Interpreter::prepareForRepeatCall): - * jit/JIT.cpp: - (JSC::JIT::privateCompile): - * jit/JITStubs.cpp: - (JSC::arityCheckFor): - (JSC::lazyLinkFor): - * runtime/Executable.cpp: - (JSC::FunctionExecutable::compileForCallInternal): - (JSC::FunctionExecutable::compileForConstructInternal): - -2012-01-10 Gavin Barraclough - - Build fix following https://bugs.webkit.org/show_bug.cgi?id=75935 - - Fix 32-bit builds. - - * runtime/JSArray.cpp: - (JSC::JSArray::getOwnPropertyNames): - (JSC::JSArray::setLength): - -2012-01-10 Gavin Barraclough - - Windows build fix. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - -2012-01-10 Gavin Barraclough - - Do not allow Array length to be set if it is non-configurable - https://bugs.webkit.org/show_bug.cgi?id=75935 - - Reviewed by Sam Weinig. - - Do not allow Array length to be set if it is non-configurable, and if the new - length is less than the old length then intervening properties should removed - in reverse order. Removal of properties should cease if an intervening indexed - property being removed is non-configurable. - - * JavaScriptCore.exp: - - Removed export for setLength. - * runtime/ArrayPrototype.cpp: - (JSC::arrayProtoFuncConcat): - - JSArray::setLength now takes an ExecState* - (JSC::arrayProtoFuncSlice): - - JSArray::setLength now takes an ExecState* - * runtime/JSArray.cpp: - (JSC::JSArray::defineOwnProperty): - - JSArray::setLength now takes an ExecState* - (JSC::JSArray::put): - - JSArray::setLength now takes an ExecState* - (JSC::compareKeysForQSort): - - Keys extracted from the map can be stored as unsigneds. - (JSC::JSArray::getOwnPropertyNames): - - Keys extracted from the map can be stored as unsigneds. - (JSC::JSArray::setLength): - - Check lengthIsReadOnly(), rather than copying the entire map to iterate - over to determine which keys to remove, instead just copy the keys from - the map to a Vector. When inSparseMode sort the keys in the Vector so - that we can remove properties in reverse order. - * runtime/JSArray.h: - - JSArray::setLength now takes an ExecState* - -2012-01-10 Gavin Barraclough - - Use SameValue to compare property descriptor values - https://bugs.webkit.org/show_bug.cgi?id=75975 - - Reviewed by Sam Weinig. - - Rather than strictEqual. - - * runtime/JSArray.cpp: - (JSC::JSArray::defineOwnNumericProperty): - - Missing configurablePresent() check. - * runtime/JSObject.cpp: - (JSC::JSObject::defineOwnProperty): - - call sameValue. - * runtime/PropertyDescriptor.cpp: - (JSC::sameValue): - - Moved from JSArray.cpp, fix NaN comparison. - (JSC::PropertyDescriptor::equalTo): - - call sameValue. - * runtime/PropertyDescriptor.h: - - Added declaration for sameValue. -2012-01-09 Gavin Barraclough - - Error handling : in ISO8601 timezone - https://bugs.webkit.org/show_bug.cgi?id=75919 - - Reviewed by Sam Weinig. - - * wtf/DateMath.cpp: - (WTF::parseDateFromNullTerminatedCharacters): - - need to increment the string position. - -2012-01-09 Mark Rowe - - JavaScriptCore executable targets shouldn't explicitly depend on the JavaScriptCore framework target - / - - We'd like for it to be possible to build jsc without building JavaScriptCore.framework and the explicit - dependencies prevent this. - - Reviewed by Dan Bernstein. - - * JavaScriptCore.xcodeproj/project.pbxproj: - -2012-01-09 Adam Treat - - Log is a little to verbose for blackberry port - https://bugs.webkit.org/show_bug.cgi?id=75728 - - The BlackBerry::Platform::Log* functions take care of the call to vfprintf - which is resulting in unintentional noise in our logs. Add a conditional - directive to fix. - - Change to using BlackBerry::Platform::logStreamV which does not insert - threading info and newlines unlike BlackBerry::Platform::log. - - Finally, add log locking and unlocking which the BlackBerry platform - uses to ensure that N threads do not trample on each other's logs. - - Reviewed by Rob Buis. - - * wtf/Assertions.cpp: - (WTFLogLocker::WTFReportAssertionFailure): - (WTFLogLocker::WTFReportAssertionFailureWithMessage): - (WTFLogLocker::WTFReportArgumentAssertionFailure): - (WTFLogLocker::WTFReportFatalError): - (WTFLogLocker::WTFReportError): - (WTFLogLocker::WTFLog): - (WTFLogLocker::WTFLogVerbose): - -2012-01-09 Gavin Barraclough - - https://bugs.webkit.org/show_bug.cgi?id=75789 - defineOwnProperty not implemented for Array objects - - Reviewed by Sam Weinig. - - Implements support for getter/setter & non-default attribute properties on arrays, - by forcing them into a dictionary-like 'SparseMode'. This fixes ~300 test-262 - test failures. - - * JavaScriptCore.exp: - - Updated exports. - * dfg/DFGOperations.cpp: - - JSArray::pop now requires an exec state. - * runtime/ArrayPrototype.cpp: - (JSC::arrayProtoFuncPop): - - JSArray::pop now requires an exec state. - * runtime/JSArray.cpp: - (JSC::SparseArrayValueMap::add): - - Add a potentially empty entry into the map. - (JSC::SparseArrayValueMap::put): - - Changed to call setter. - (JSC::SparseArrayEntry::get): - - calls getters. - (JSC::SparseArrayEntry::getNonSparseMode): - - does not call getters. - (JSC::JSArray::enterSparseMode): - - Convert into 'SparseMode' - removes the vectors, don't allow it to be recreated. - (JSC::JSArray::putDescriptor): - - Create a numeric property based on a descriptor. - (JSC::sameValue): - - See ES5.1 9.12. - (JSC::reject): - - Helper for the [[DefineOwnProperty]] algorithm. - (JSC::JSArray::defineOwnNumericProperty): - - Define an indexed property on an array object. - (JSC::JSArray::setLengthWritable): - - Marks the length read-only, enters SparseMode as necessary. - (JSC::JSArray::defineOwnProperty): - - Defines either an indexed property or 'length' on an array object. - (JSC::JSArray::getOwnPropertySlotByIndex): - - Updated to correctly handle accessor descriptors & attributes. - (JSC::JSArray::getOwnPropertyDescriptor): - - Updated to correctly handle accessor descriptors & attributes. - (JSC::JSArray::put): - - Pass strict mode flag to setLength. - (JSC::JSArray::putByIndex): - - putByIndexBeyondVectorLength requires an ExecState* rather than a JSGloablData&. - (JSC::JSArray::putByIndexBeyondVectorLength): - - Pass exec to SparseArrayValueMap::put. - (JSC::JSArray::deletePropertyByIndex): - - Do not allow deletion of non-configurable properties. - (JSC::compareKeysForQSort): - - used in implementation of getOwnPropertyNames. - (JSC::JSArray::getOwnPropertyNames): - - Properties in the sparse map should be iterated in order. - (JSC::JSArray::setLength): - - Updated to take a 'shouldThrow' flag, return a result indicating error. - (JSC::JSArray::pop): - - pop should throw an error if length is not writable, even if the array is empty. - (JSC::JSArray::push): - - putByIndexBeyondVectorLength requires an ExecState* rather than a JSGloablData&. - (JSC::JSArray::sort): - - Changed 'get' to 'getNonSparseMode' (can't be getters to call). - (JSC::JSArray::compactForSorting): - - Changed 'get' to 'getNonSparseMode' (can't be getters to call). - * runtime/JSArray.h: - (JSC::SparseArrayValueMap::lengthIsReadOnly): - - Check if the length is read only. - (JSC::SparseArrayValueMap::setLengthIsReadOnly): - - Mark the length as read only. - (JSC::SparseArrayValueMap::find): - - Moved into header. - (JSC::JSArray::isLengthWritable): - - Wraps SparseArrayValueMap::lengthIsReadOnly. - * runtime/JSObject.cpp: - (JSC::JSObject::defineOwnProperty): - - Should be returning the result of putDescriptor. - * runtime/PropertyDescriptor.cpp: - (JSC::PropertyDescriptor::attributesOverridingCurrent): - - Added attributesOverridingCurrent - this should probably be merged with attributesWithOverride. - * runtime/PropertyDescriptor.h: - - Added attributesOverridingCurrent. - -2012-01-09 Pavel Heimlich - - There is no support for fastcall in Solaris Studio. - Fixes build on Solaris. - https://bugs.webkit.org/show_bug.cgi?id=75736 - - Reviewed by Gavin Barraclough. - - * jit/JITStubs.h: - -2012-01-09 Pavel Heimlich - - Fix build failure on Solaris - https://bugs.webkit.org/show_bug.cgi?id=75733 - - Reviewed by Gavin Barraclough. - - * wtf/ByteArray.h: - -2012-01-01 Raphael Kubo da Costa - - [CMake] Clean up some cruft from WTF's CMakeLists.txt - https://bugs.webkit.org/show_bug.cgi?id=75420 - - Reviewed by Daniel Bates. - - * wtf/CMakeLists.txt: Remove the unused WTF_PORT_FLAGS variable; add - all needed paths to WTF_INCLUDE_DIRECTORIES in a single place. - -2012-01-08 Xianzhu Wang - - Fix compilation error about ListHashSetReverseIterator - https://bugs.webkit.org/show_bug.cgi?id=75372 - - Reviewed by Darin Adler. - - There is a typo in class ListHashSetReverseIterator: - typedef ListHashSetConstIterator const_reverse_iterator; - Should be - typedef ListHashSetConstReverseIterator const_reverse_iterator; - - * wtf/ListHashSet.h: - -2012-01-08 Ryosuke Niwa - - WinCE build fix after r104415. - - * jit/JITExceptions.cpp: - * jit/JITExceptions.h: - -2012-01-08 Filip Pizlo - - The JIT's protocol for exception handling should be available to other parts of the system - https://bugs.webkit.org/show_bug.cgi?id=75808 - - - Reviewed by Oliver Hunt. - - * CMakeLists.txt: - * GNUmakefile.list.am: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: - * JavaScriptCore.xcodeproj/project.pbxproj: - * Target.pri: - * jit/JITExceptions.cpp: Added. - (JSC::genericThrow): - (JSC::jitThrow): - * jit/JITExceptions.h: Added. - * jit/JITStubs.cpp: - * runtime/JSGlobalData.h: - -2012-01-06 Hajime Morrita - - https://bugs.webkit.org/show_bug.cgi?id=75296 - JSString should not have JS_EXPORTCLASS annotation - - Reviewed by Kevin Ollivier. - - * runtime/JSString.h: Removed JS_EXPORTCLASS annotation. - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - Added missing symbols which were hidden by JS_EXPORTCLASS. - -2012-01-06 Michael Saboff - - JSArray::pop() should compare SparseArrayValueMap::find() to SparseArrayValueMap::notFound() - https://bugs.webkit.org/show_bug.cgi?id=75757 - - Reviewed by Gavin Barraclough. - - * runtime/JSArray.cpp: - (JSC::JSArray::pop): Changed map->end() to map->notFound(). - -2012-01-06 Filip Pizlo - - JIT stub slow paths that would be identical to that of an interpreter should be factored out - https://bugs.webkit.org/show_bug.cgi?id=75743 - - - Reviewed by Geoff Garen. - - * GNUmakefile.list.am: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: - * JavaScriptCore.xcodeproj/project.pbxproj: - * jit/JITStubs.cpp: - (JSC::DEFINE_STUB_FUNCTION): - * runtime/CommonSlowPaths.h: Added. - (JSC::CommonSlowPaths::opInstanceOfSlow): - (JSC::CommonSlowPaths::opIn): - (JSC::CommonSlowPaths::opResolve): - (JSC::CommonSlowPaths::opResolveSkip): - (JSC::CommonSlowPaths::opResolveWithBase): - (JSC::CommonSlowPaths::opResolveWithThis): - -2012-01-06 Sam Weinig - - Fix windows build. - - * wtf/TypeTraits.cpp: - -2012-01-05 Michael Saboff - - Default HashTraits for Opcode don't work for Opcode = 0 - https://bugs.webkit.org/show_bug.cgi?id=75595 - - Reviewed by Oliver Hunt. - - Removed the populating of the m_opcodeIDTable table in the - case where the OpcodeID and Opcode are the same (m_enabled is false). - Instead we just cast the one type to the other. - - * interpreter/Interpreter.cpp: - (JSC::Interpreter::initialize): - (JSC::Interpreter::isOpcode): - * interpreter/Interpreter.h: - (JSC::Interpreter::getOpcodeID): - -2012-01-06 Sam Weinig - - Add a DecayArray type trait as a first step towards merging OwnPtr and OwnArrayPtr - https://bugs.webkit.org/show_bug.cgi?id=75737 - - Reviewed by Anders Carlsson. - - * wtf/TypeTraits.cpp: - * wtf/TypeTraits.h: - Added a DecayArray trait, that can convert T[] and T[3] -> T*. DecayArray - is composed of some helpers which are also exposed, Conditional<>, which - can provide one type or another based on a boolean predicate, IsArray<> - which can deduce array types, and RemoveExtent<>, which removes the extent - from an array type. - -2012-01-06 Oliver Hunt - - GetByteArrayLength is incorrect - https://bugs.webkit.org/show_bug.cgi?id=75735 - - Reviewed by Filip Pizlo. - - Load the byte array length from the correct location. - This stops an existing test from hanging. - - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - -2012-01-06 Filip Pizlo - - Fix build. - - * JavaScriptCore.xcodeproj/project.pbxproj: - -2012-01-06 Oliver Hunt - - DFG no longer optimises CanvasPixelArray - https://bugs.webkit.org/show_bug.cgi?id=75729 - - Reviewed by Gavin Barraclough. - - Rename ByteArray (in its ClassInfo) to Uint8ClampedArray to match - the future name when we switch over to the new typed-array based - ImageData specification. - - * runtime/JSByteArray.cpp: - -2012-01-06 Caio Marcelo de Oliveira Filho - - Use HashMap for SourceProviderCache items - https://bugs.webkit.org/show_bug.cgi?id=75346 - - Reviewed by Daniel Bates. - - * parser/Parser.cpp: - * parser/SourceProviderCache.cpp: - (JSC::SourceProviderCache::clear): - (JSC::SourceProviderCache::add): - * parser/SourceProviderCache.h: - -2012-01-06 Sam Weinig - - Remove unused OwnFastMallocPtr class. - https://bugs.webkit.org/show_bug.cgi?id=75722 - - Reviewed by Geoffrey Garen. - - * GNUmakefile.list.am: - * JavaScriptCore.gypi: - * JavaScriptCore.vcproj/WTF/WTF.vcproj: - * JavaScriptCore.xcodeproj/project.pbxproj: - * wtf/CMakeLists.txt: - * wtf/OwnFastMallocPtr.h: Removed. - * wtf/text/StringImpl.h: - * wtf/wtf.pro: - -2012-01-06 Benjamin Poulain - - [Mac] Sort the resources of JavaScriptCore.xcodeproj and remove duplicates - https://bugs.webkit.org/show_bug.cgi?id=75631 - - Reviewed by Andreas Kling. - - * JavaScriptCore.xcodeproj/project.pbxproj: - -2012-01-06 Eric Seidel and Gustavo Noronha Silva - - Make the new WTF module build on Gtk - https://bugs.webkit.org/show_bug.cgi?id=75669 - - * GNUmakefile.am: - -2012-01-06 Tor Arne Vestbø - - [Qt] Remove un-needed VPATHs from project includes - - Reviewed by Simon Hausmann. - - * JavaScriptCore.pri: - * wtf/wtf.pri: - -2012-01-06 Tor Arne Vestbø - - [Qt] Move listing of include paths and libs to pri files in sources - - Includepaths are sometimes modified by non-Qt contributors so keeping - them in files inside Sources makes it more likely that they are updated - along with project files for the other ports. - - Using pri files instead of prf files for this also has the benefit that - the include() from the main target file can be parsed and followed by - Qt Creator -- something that does not work with load(). - - Dependency from a target to a library through the WEBKIT variable are - handled through forwarding-files in Tools/qmake/mkspecs/modules, which - set the source root of the module and include the right pri file. - - Ideally we'd use the variant of include() that takes an optional - namespace to read the variables into, or the fromfile() function, - but both of these add an overhead of about 40% on the total qmake - runtime, due to making a deep copy of all the variables in the - project or re-reading all the prf files from scratch. - - Reviewed by Simon Hausmann. - Reviewed by Ossy. - - * JavaScriptCore.pri: Renamed from Tools/qmake/mkspecs/features/javascriptcore.prf. - * Target.pri: - * wtf/wtf.pri: Renamed from Tools/qmake/mkspecs/features/wtf.prf. - * wtf/wtf.pro: - -2012-01-06 Hajime Morrita - - WTF::String: Inline method shouldn't have WTF_EXPORT_PRIVATE - https://bugs.webkit.org/show_bug.cgi?id=75612 - - Reviewed by Kevin Ollivier. - - * wtf/text/WTFString.h: - (WTF::String::findIgnoringCase): - (WTF::String::append): - (WTF::String::fromUTF8): - (WTF::String::fromUTF8WithLatin1Fallback): - (WTF::String::isHashTableDeletedValue): - -2012-01-05 Dan Bernstein - - Update copyright strings - - Reviewed by Mark Rowe. - - * Info.plist: - -2012-01-05 Gavin Barraclough - - Date constructor handles infinite values incorrectly. - https://bugs.webkit.org/show_bug.cgi?id=70998 - - Reviewed by Filip Pizlo. - - * runtime/DateConstructor.cpp: - (JSC::constructDate): - - should be checking !finite rather then isnan. - -2012-01-05 Gavin Barraclough - - date.toISOString produces incorrect results for dates with ms prior to 1970 - https://bugs.webkit.org/show_bug.cgi?id=75684 - - Reviewed by Sam Weinig. - - * runtime/DatePrototype.cpp: - (JSC::dateProtoFuncToISOString): - -2012-01-05 Gavin Barraclough - - Array.prototype.lastIndexOf ignores undefined fromIndex. - https://bugs.webkit.org/show_bug.cgi?id=75678 - - Reviewed by Sam Weinig. - - array.lastIndexOf(x, undefined) is equivalent to array.lastIndexOf(x, 0), not array.lastIndexOf(x) - - * runtime/ArrayPrototype.cpp: - (JSC::arrayProtoFuncLastIndexOf): - - should check argumnet count, rather than checking agument value for undefined. - -2012-01-05 Gavin Barraclough - - Date parsing is too restrictive. - https://bugs.webkit.org/show_bug.cgi?id=75671 - - Reviewed by Oliver Hunt. - - ES5 date parsing currently requires all fields to be present, which does not match the spec (ES5.1 15.9.1.15). - The spec allow a date to be date only, or date + time. - - The date portion on the should match: (pseudocode!:) - [(+|-)YY]YYYY[-MM[-DD]] - though we are slightly more liberal (permitted by the spec), allowing: - [+|-]Y+[-MM[-DD]] - The time portion should match: - THH:mm[:ss[.sss]][Z|(+|-)HH:mm] - again we're slightly more liberal, allowing: - THH:mm[:ss[.s+]][Z|(+|-)HH:mm] - - * wtf/DateMath.cpp: - (WTF::parseES5DatePortion): - - Month/day fields are optional, default to 01. - (WTF::parseES5TimePortion): - - Hours/Minutes are requires, seconds/timezone are optional. - (WTF::parseES5DateFromNullTerminatedCharacters): - - Dates may be date only, or date + time. - -2012-01-05 Bruno Dilly - - [EFL] Undefined references to ICU_I18N symbols on WTF - https://bugs.webkit.org/show_bug.cgi?id=75642 - - Unreviewed build fix. - - Add ${ICU_I18N_LIBRARIES} to WTF_LIBRARIES on wtf efl platform cmake. - Some undefined references were ucol_setAttribute_44, ucol_close_44, - ucol_getAttribute_44... - - * wtf/PlatformEfl.cmake: - -2012-01-05 Geoffrey Garen - - Refined the fast path for StringImpl::hash() - https://bugs.webkit.org/show_bug.cgi?id=75178 - - Reviewed by Darin Adler. - - Moved the hash calculation code into an out-of-line function to clean up - the hot path. - - No measurable benchmark change, but this knocks some samples off in - Instruments, and I think this is a step toward removing -fomit-frame-pointer. - - * wtf/text/StringImpl.cpp: - (WTF::StringImpl::hashSlowCase): - * wtf/text/StringImpl.h: - (WTF::StringImpl::hash): The patch. - - * wtf/text/StringStatics.cpp: - (WTF::StringImpl::hashSlowCase): Abide by the cockamamie Windows build - scheme, which requires all out-of-line StringImpl functions used by - WebCore be defined in this file instead of StringImpl.cpp. (See http://trac.webkit.org/changeset/59187.) - -2012-01-05 Gavin Barraclough - - Literal tab in JSONString fails - https://bugs.webkit.org/show_bug.cgi?id=71772 - - Reviewed by Oliver Hunt. - - rfc4627 does not allow literal tab characters in JSON source. - - * runtime/LiteralParser.cpp: - (JSC::isSafeStringCharacter): - - do not allow literal tab in StrictJSON mode. - -2012-01-05 Gavin Barraclough - - push/shift fifo may consume excessive memory - https://bugs.webkit.org/show_bug.cgi?id=75610 - - Reviewed by Sam Weinig. - - Array object commonly store data in a vector, consisting of a portion that is - in use, a pre-capacity (m_indexBias) and a post-capacity (the delta between - m_length and m_vectorLength). Calls to shift with grow the pre-capacity, and - the current algorithm for increaseVectorLength (used by push, or [[Put]]) will - never shrink the pre-capacity, so a push/shift fifo may consume an inordinate - amount of memory, whilst having a relatively small active length. - - * runtime/JSArray.cpp: - (JSC::JSArray::increaseVectorLength): - - If m_indexBias is non-zero, decay it over time. - -2012-01-05 Csaba Osztrogonác - - unshift/pop fifo may consume excessive memory - https://bugs.webkit.org/show_bug.cgi?id=75588 - - Reviewed by Zoltan Herczeg. - - Buildfix after r104120. - - * runtime/JSArray.cpp: Remove useless asserts, baecause unsigned expression >= 0 is always true - (JSC::JSArray::unshiftCount): - -2012-01-05 Zoltan Herczeg - - Unreviewed gardening after r104134. - - * wtf/Assertions.cpp: - -2012-01-05 Zoltan Herczeg - - Unreviewed gardening after r75605. - - Rubber stamped by NOBODY Csaba Osztrogonác. - - * wtf/Assertions.cpp: - -2012-01-05 Benjamin Poulain - - Improve charactersAreAllASCII() to compare multiple characters at a time - https://bugs.webkit.org/show_bug.cgi?id=74063 - - Reviewed by Darin Adler. - - A new header ASCIIFastPath.h contains the functions related to - the detection of ASCII by using machine words. Part of it comes from - WebCore's TextCodecASCIIFastPath.h. - - The function charactersAreAllASCII() is moved to TextCodecASCIIFastPath.h - and is implemented with computer word comparison. - The gain over the previous implementation of charactersAreAllASCII() is of - the order of how many comparison are avoided (4x, 8x, 16x depending on the - format and the CPU type). - - * GNUmakefile.list.am: - * JavaScriptCore.gypi: - * JavaScriptCore.vcproj/WTF/WTF.vcproj: - * JavaScriptCore.xcodeproj/project.pbxproj: - * wtf/text/ASCIIFastPath.h: Added. - (WTF::isAlignedToMachineWord): - (WTF::alignToMachineWord): - (WTF::isAllASCII): - (WTF::charactersAreAllASCII): - * wtf/text/WTFString.h: - * wtf/wtf.pro: - -2012-01-05 Mark Rowe - - [Mac] WTF logging functions should output to both stderr and ASL - - We should always log to both ASL and stderr on platforms where this won't result in launchd - duplicating the messages. - - Reviewed by Dan Bernstein. - - * wtf/Assertions.cpp: - (vprintf_stderr_common): - -2012-01-05 Mark Rowe - - WTF logging functions should call vprintf_stderr_common only once per line - - Several of the WTF logging functions make multiple calls to vprintf_stderr_common to output a - single line of text. This results in strangely formatted output if vprintf_stderr_common is - retargeted to an output device that is message-oriented (such as ASL) rather than stream-oriented - like stderr. - - Reviewed by Dan Bernstein. - - * wtf/Assertions.cpp: - (vprintf_stderr_with_prefix): Helper function to prepend a given prefix on to the given format - string before handing it off to vprintf_stderr_common. This requires disabling warnings about - calling a printf-like function with a non-literal format string for this piece of code. It's - safe in this particular case as vprintf_stderr_with_prefix is only ever given a literal prefix. - (vprintf_stderr_with_trailing_newline): Helper function to append a trailling newline on to the - given format string if one does not already exist. It requires the same treatment with regards - to the non-literal format string warning. - (WTFReportAssertionFailureWithMessage): Switch to using vprintf_stderr_with_prefix. - (WTFReportBacktrace): Switch from calling fprintf directly to using fprintf_stderr_common. - (WTFReportFatalError): Switch to using vprintf_stderr_with_prefix. - (WTFReportError): Ditto. - (WTFLog): Switch to using vprintf_stderr_with_trailing_newline. - (WTFLogVerbose): Ditto. - -2012-01-04 Gavin Barraclough - - unshift/pop fifo may consume excessive memory - https://bugs.webkit.org/show_bug.cgi?id=75588 - - Reviewed by Sam Weinig. - - The Array object commonly store data in a vector, consisting of a portion that - is in use, a pre-capacity (m_indexBias) and a post-capacity (the delta between - m_length and m_vectorLength). Calls to pop with grow the post-capacity, and the - current algorithm for increasePrefixVectorLength (used by unshift) will never - stink the post-capacity, so a unshift/pop fifo may consume an inordinate amount - of memory, whilst having a relatively small active length. - - * runtime/JSArray.cpp: - (JSC::storageSize): - - sizeof(JSValue) should be sizeof(WriteBarrier) - (JSC::SparseArrayValueMap::put): - - sizeof(JSValue) should be sizeof(WriteBarrier) - (JSC::JSArray::increaseVectorLength): - - sizeof(JSValue) should be sizeof(WriteBarrier) - (JSC::JSArray::unshiftCountSlowCase): - - renamed from increaseVectorPrefixLength (this was a bad name, since it - also moved the ArrayStorage header), rewritten. - (JSC::JSArray::shiftCount): - - sizeof(JSValue) should be sizeof(WriteBarrier), count should be unsigned - (JSC::JSArray::unshiftCount): - - sizeof(JSValue) should be sizeof(WriteBarrier), count should be unsigned, - increaseVectorPrefixLength renamed to unshiftCountSlowCase - (JSC::JSArray::sortNumeric): - * runtime/JSArray.h: - - Updated function declarations, m_indexBias should be unsigned. - -2012-01-04 Mark Rowe - - All instances of JSC::ArgumentsData appear to be leaked by JSC::Arguments - - Since JSC::Arguments has an OwnPtr for a member it needs to override destroy - to ensure that the correct destructor is invoked. This is necessary because - JSCell subclasses all intentionally have non-virtual destructors. - - Reviewed by Filip Pizlo. - - * runtime/Arguments.cpp: - (JSC::Arguments::destroy): - * runtime/Arguments.h: - -2012-01-04 Filip Pizlo - - Unreviewed, accidentally turned off the JIT in previous commit. Turning - it back on. - - * wtf/Platform.h: - -2012-01-04 Filip Pizlo - - Changed "return" to "break" in some macrology I introduced in - http://trac.webkit.org/changeset/104086. This is a benign change, as - "return" was technically correct for all uses of the macro. - - Reviewed by Oliver Hunt. - - * dfg/DFGGraph.cpp: - * wtf/Platform.h: - -2012-01-04 Michael Saboff - - StructureStubInfo not reset when corresponding MethodCallLinkInfo is reset - https://bugs.webkit.org/show_bug.cgi?id=75583 - - Reviewed by Filip Pizlo. - - * bytecode/CodeBlock.cpp: - (JSC::CodeBlock::finalizeUnconditionally): Find the corresponding - StructureStubInfo and reset the appropriate JIT and - the StructureStubInfo itself when reseting a MethodCallLinkInfo. - -2012-01-04 Michael Saboff - - Invalid ASSERT() in DFGRepatch.cpp near line 385 - https://bugs.webkit.org/show_bug.cgi?id=75584 - - Reviewed by Filip Pizlo. - - * dfg/DFGRepatch.cpp: - (JSC::DFG::tryBuildGetByIDProtoList): Fixed ASSERT to use ==. - -2012-01-04 Filip Pizlo - - Incorrect use of DFG node reference counts when mutating the graph - https://bugs.webkit.org/show_bug.cgi?id=75580 - - - Reviewed by Oliver Hunt. - - Made deref(node) follow the pattern of ref(node), which it should have - to begin with. - - * dfg/DFGGraph.cpp: - (JSC::DFG::Graph::refChildren): - (JSC::DFG::Graph::derefChildren): - * dfg/DFGGraph.h: - (JSC::DFG::Graph::deref): - (JSC::DFG::Graph::clearAndDerefChild1): - (JSC::DFG::Graph::clearAndDerefChild2): - (JSC::DFG::Graph::clearAndDerefChild3): - * dfg/DFGNode.h: - (JSC::DFG::Node::deref): - * dfg/DFGPropagator.cpp: - (JSC::DFG::Propagator::fixupNode): - -2012-01-04 Tor Arne Vestbø - - [Qt] Introduce new qmake variable 'WEBKIT' for signaling dependencies - - The custom qmake variable 'WEBKIT' is used for signaling that a - target depends in some way on other subproject of the WebKit - project. For now this is limited to the set of intermediate - libraries: wtf, javascriptcore, webcore, and webkit2. - - This replaces the previous convension of using load(foo) for - just include paths, and CONFIG += foo to also link against foo. - - Adding a dependency results in additional include paths being - available, and potentially linking to the library. This is - decided by the build system based on conditions such as what - kind of target is being built and the general build config. - - An advantage to his approach is that it simplifies the individual - foo.prf files, for example by allowing us to use INCLUDEPATH += - and LIBS += as normal instead of prepending. - - Reviewed by Simon Hausmann. - - * Target.pri: - * jsc.pro: - * wtf/wtf.pro: - -2012-01-03 Filip Pizlo - - DFG: The assertion that a double-voted variable cannot become double-unvoted is wrong - https://bugs.webkit.org/show_bug.cgi?id=75516 - - - Reviewed by Gavin Barraclough. - - Removed the offending assertion, since it was wrong. Also hardened the code to make - this case less likely by first having the propagator fixpoint converge, and then doing - double voting combined with a second fixpoint. This is neutral on benchmarks and - fixes the assertion in a fairly low-risk way (i.e. we won't vote a variable double - until we've converged to the conclusion that it really is double). - - * dfg/DFGPropagator.cpp: - (JSC::DFG::Propagator::propagatePredictions): - * dfg/DFGVariableAccessData.h: - (JSC::DFG::VariableAccessData::tallyVotesForShouldUseDoubleFormat): - -2012-01-03 Filip Pizlo - - REGRESSION (r98196-98236): Incorrect layout of iGoogle with RSS feeds - https://bugs.webkit.org/show_bug.cgi?id=75303 - - - Reviewed by Gavin Barraclough. - - The this argument was not being kept alive in some cases during inlining and intrinsic - optimizations. - - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::handleCall): - (JSC::DFG::ByteCodeParser::emitFunctionCheck): - (JSC::DFG::ByteCodeParser::handleInlining): - -2012-01-03 Gavin Barraclough - - Windows build fix. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - -2012-01-03 Gavin Barraclough - - Windows build fix. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - -2012-01-03 Gavin Barraclough - - https://bugs.webkit.org/show_bug.cgi?id=75140 - - Reviewed by Sam Weinig. - - Rewrite JSArray::putSlowCase to be much cleaner & simpler. - - This rewrite only significantly changes behaviour for sparse array, specifically - in how sparse arrays are reified back to vector form. This does not affect arrays - with less than 10000 entries (since these always use a vector). The more common - cases of sparse array behavior (though large sparse arrays are rare) - arrays that - always remain sparse, and arrays that are filled in reverse sequential order - - should be just as fast or faster (since reification is simpler & no longer - requires map lookups) after these changes. - - Simplifying this code allows all cases of putByIndex that need to grow the vector - to do so via increaseVectorLength, which means that this method can encapsulate - the policy of determining how the vector should be grown. - - No performance impact. - - * runtime/JSArray.cpp: - (JSC::isDenseEnoughForVector): - - any array of length <= MIN_SPARSE_ARRAY_INDEX is dense enough for a vector. - (JSC::JSArray::putByIndex): - - simplify & comment. - (JSC::JSArray::putByIndexBeyondVectorLength): - - Re-written to be much clearer & simpler. - (JSC::JSArray::increaseVectorLength): - (JSC::JSArray::increaseVectorPrefixLength): - - add explicit checks against MAX_STORAGE_VECTOR_LENGTH, so clients do not need do so. - (JSC::JSArray::push): - - simplify & comment. - * runtime/JSArray.h: - - removed SparseArrayValueMap::take. - -2012-01-03 Gavin Barraclough - - Windows build fix. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - -2012-01-03 Gavin Barraclough - - https://bugs.webkit.org/show_bug.cgi?id=75140 - - Reviewed by Sam Weinig. - - Simplify JSArray creation - remove ArgsList/JSValue* create methods - (this functionality can be implemented in terms of tryCreateUninitialized). - - * JavaScriptCore.exp: - * runtime/ArrayConstructor.cpp: - - use constructArray/constructEmptyArray instead of calling JSArray::create directly - (JSC::constructArrayWithSizeQuirk): - * runtime/JSArray.cpp: - * runtime/JSArray.h: - - removed ArgsList/JSValue* create methods - * runtime/JSGlobalObject.h: - (JSC::constructEmptyArray): - (JSC::constructArray): - - changed to be implemented in terms of JSArray::tryCreateUninitialized - -2012-01-03 Gavin Barraclough - - https://bugs.webkit.org/show_bug.cgi?id=75429 - ThrowTypeError should be a singleton object - - Reviewed by Sam Weinig. - - Per section 13.2.3 of the spec. - We could change setAccessorDescriptor to be able to share the global - GetterSetter object, rather than storing the accessor functions and - creating a new GetterSetter in defineProperty - but this won't be a - small change to PropertyDescriptors (and would probably mean making - GetterSetter objects immutable?) - so I'll leave that for another - patch. - - * JavaScriptCore.exp: - - don't export setAccessorDescriptor - * runtime/Arguments.cpp: - (JSC::Arguments::createStrictModeCallerIfNecessary): - (JSC::Arguments::createStrictModeCalleeIfNecessary): - - call throwTypeErrorGetterSetter instead of createTypeErrorFunction - * runtime/Error.cpp: - * runtime/Error.h: - - remove createTypeErrorFunction - * runtime/JSFunction.cpp: - * runtime/JSFunction.h: - - remove unused createDescriptorForThrowingProperty - * runtime/JSGlobalObject.cpp: - (JSC::JSGlobalObject::reset): - (JSC::JSGlobalObject::visitChildren): - - removed m_strictModeTypeErrorFunctionStructure. - * runtime/JSGlobalObject.h: - (JSC::JSGlobalObject::internalFunctionStructure): - - removed m_strictModeTypeErrorFunctionStructure. - * runtime/PropertyDescriptor.cpp: - (JSC::PropertyDescriptor::setAccessorDescriptor): - - changed to take a GetterSetter - * runtime/PropertyDescriptor.h: - - changed to take a GetterSetter - -2012-01-02 Gavin Barraclough - - Check in fixes for jsc tests following bug #75455. - - * tests/mozilla/ecma/GlobalObject/15.1.2.2-1.js: - * tests/mozilla/ecma/GlobalObject/15.1.2.2-2.js: - -2012-01-02 Gavin Barraclough - - https://bugs.webkit.org/show_bug.cgi?id=75452 - If argument to Error is undefined, message is not set - - Reviewed by Sam Weinig. - - Per section 15.11.1.1 of the spec. - - * runtime/ErrorInstance.h: - (JSC::ErrorInstance::create): - (JSC::ErrorInstance::finishCreation): - -2012-01-02 Gavin Barraclough - - ES5 prohibits parseInt from supporting octal - https://bugs.webkit.org/show_bug.cgi?id=75455 - - Reviewed by Sam Weinig. - - See sections 15.1.2.2 and annex E. - - * runtime/JSGlobalObjectFunctions.cpp: - (JSC::parseInt): - -2012-01-02 Gavin Barraclough - - https://bugs.webkit.org/show_bug.cgi?id=55343 - Global JSON should be configurable but isn't - - Reviewed by Sam Weinig. - - * runtime/JSGlobalObject.cpp: - (JSC::JSGlobalObject::reset): - - make JSON configurable - -2012-01-01 Filip Pizlo - - Call instructions should leave room for linking information - https://bugs.webkit.org/show_bug.cgi?id=75422 - - - Reviewed by Oliver Hunt. - - * bytecode/Opcode.h: - * bytecompiler/BytecodeGenerator.cpp: - (JSC::BytecodeGenerator::emitCall): - (JSC::BytecodeGenerator::emitConstruct): - -2011-12-31 Dan Bernstein - - Continue trying to fix the Windows build after r103823. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - -2011-12-31 Dan Bernstein - - Start trying to fix the Windows build after r103823. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - -2011-12-30 Anders Carlsson - - Add a ParamStorageTraits specialization for RetainPtr - https://bugs.webkit.org/show_bug.cgi?id=75392 - - Reviewed by Daniel Bates. - - * wtf/Functional.h: - Add a partial specialization of ParamStorageTraits for RetainPtr. - - * wtf/RetainPtr.h: - Bring in the retainPtr function template from WTF. - -2011-12-29 Sam Weinig - - It should be easier to iterate a Vector backwards - https://bugs.webkit.org/show_bug.cgi?id=75359 - - Reviewed by Anders Carlsson. - - Adds Vector::rbegin(), Vector::rend(), and Vector::reversed(), - a new proxy driven way to access a vector backwards. One can use - reversed() in a range-based for loop like so: - - for (auto val: myVector.reversed()) - doSomething(val) - - * wtf/Vector.h: - (WTF::Vector::~Vector): - Fix style. - - (WTF::Vector::rbegin): - (WTF::Vector::rend): - Added using standard adaptor std::reverse_iterator. - - (WTF::Vector::reversed): - (WTF::Vector::VectorReverseProxy::begin): - (WTF::Vector::VectorReverseProxy::end): - Add proxy similar to one used in HashMap for keys() and values() - which allows access to a Vector backwards for use in range-based - for loops. - -2011-12-29 Gavin Barraclough - - https://bugs.webkit.org/show_bug.cgi?id=75140 - - Reviewed by Oliver Hunt. - - Start cleaning up JSArray construction. JSArray has a set of create methods, - one of which (currently) takes a 'creation mode' enum parameter. Based on that - parameter, the constructor does one of two completely different things. If the - parameter is 'CreateInitialized' it creates an array, setting the length, but - does not eagerly allocate a storage vector of the specified length. A small - (BASE_VECTOR_LEN sized) initial vector will be allocated, and cleared, property - access to the vector will read the hole value (return undefined). The alternate - usage of this method ('CreateCompact') does something very different. It tries - to create an array of the requested length, and also allocates a storage vector - large enough to hold all properties. It does not clear the storage vector, - leaving the memory uninitialized and requiring the user to call a method - 'uncheckedSetIndex' to initialize values in the vector. - - This patch factors out these two behaviours, moving the 'CreateCompact' mode - into its own method, 'tryCreateUninitialized' (matching the naming for this - functionality in the string classes). 'tryCreateUninitialized' may return 0 if - memory allocation fails during construction of the object. The construction - pattern changes such that values added during initialization will be marked if - a GC is triggered during array allocation. 'CreateInitialized' no longer need - be passed to create a normal, fully constructed array with a length, and this - method is merged with the version of 'create' that does not take an initial - length (length parameter defaults to 0). - - * JavaScriptCore.exp: - * runtime/ArrayConstructor.cpp: - (JSC::constructArrayWithSizeQuirk): - - removed 'CreateInitialized' argument - * runtime/ArrayPrototype.cpp: - (JSC::arrayProtoFuncSplice): - - changed to call 'tryCreateUninitialized' - * runtime/FunctionPrototype.cpp: - (JSC::functionProtoFuncBind): - - changed to call 'tryCreateUninitialized' - * runtime/JSArray.cpp: - (JSC::JSArray::JSArray): - - initialize m_storage to null; if construction fails, make destruction safe - (JSC::JSArray::finishCreation): - - merge versions of this method, takes an initialLength parameter defaulting to zero - (JSC::JSArray::tryFinishCreationUninitialized): - - version of 'finishCreation' that tries to eagerly allocate storage; may fail & return 0 - (JSC::JSArray::~JSArray): - - check for null m_storage, in case array construction failed. - (JSC::JSArray::increaseVectorPrefixLength): - * runtime/JSArray.h: - (JSC::JSArray::create): - - merge versions of this method, takes an initialLength parameter defaulting to zero - (JSC::JSArray::tryCreateUninitialized): - - version of 'create' that tries to eagerly allocate storage; may fail & return 0 - (JSC::JSArray::initializeIndex): - (JSC::JSArray::completeInitialization): - - used in conjunction with 'tryCreateUninitialized' to initialize the array - * runtime/JSGlobalObject.h: - (JSC::constructEmptyArray): - - removed 'CreateInitialized' argument - * runtime/RegExpConstructor.cpp: - (JSC::RegExpMatchesArray::finishCreation): - - removed 'CreateInitialized' argument - -2011-12-29 Anders Carlsson - - Add a retainPtr function template - https://bugs.webkit.org/show_bug.cgi?id=75365 - - Reviewed by Dan Bernstein. - - This makes it easier to make a RetainPtr using template argument deduction, which - is useful when passing RetainPtr objects as function arguments. - - * wtf/RetainPtr.h: - (WTF::retainPtr): - -2011-12-28 Yuqiang Xian - - spill unboxed values in DFG 32_64 - https://bugs.webkit.org/show_bug.cgi?id=75291 - - Reviewed by Filip Pizlo. - - Currently all the values are spilled as boxed in DFG 32_64, which is - not necessary and introduces additional stores/loads. Instead we - can spill them as unboxed if feasible. It can be applied to the - Integers, Cells and Booleans in DFG 32_64. Doubles are left as is - because they don't need to be boxed at all. The modifications to the - spill/fill and the OSR exit are required, as well as a bug fix to the - "isUnknownJS" logic. - - * bytecode/ValueRecovery.h: - (JSC::ValueRecovery::displacedInRegisterFile): - (JSC::ValueRecovery::virtualRegister): - (JSC::ValueRecovery::dump): - * dfg/DFGGenerationInfo.h: - (JSC::DFG::GenerationInfo::isUnknownJS): - (JSC::DFG::GenerationInfo::spill): - * dfg/DFGOSRExitCompiler32_64.cpp: - (JSC::DFG::OSRExitCompiler::compileExit): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::isKnownNotBoolean): - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::silentFillGPR): - (JSC::DFG::SpeculativeJIT::spill): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::fillInteger): - (JSC::DFG::SpeculativeJIT::fillDouble): - (JSC::DFG::SpeculativeJIT::fillJSValue): - (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): - (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): - (JSC::DFG::SpeculativeJIT::fillSpeculateCell): - (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean): - (JSC::DFG::SpeculativeJIT::compileObjectEquality): - (JSC::DFG::SpeculativeJIT::compile): - -2011-12-28 Anders Carlsson - - Add an implicit block conversion operator to WTF::Function - https://bugs.webkit.org/show_bug.cgi?id=75325 - - Reviewed by Dan Bernstein. - - * wtf/Compiler.h: - Add a define for COMPILER_SUPPORTS(BLOCKS). It's only defined for clang, since the gcc blocks implementation - is buggy, especially when it comes to C++. - - * wtf/Functional.h: - Add a block conversion operator that creates and returns an autoreleased block that will call the function when executed. - -2011-12-27 Anders Carlsson - - Add a new WTF::bind overload that takes 6 parameters - https://bugs.webkit.org/show_bug.cgi?id=75287 - - Reviewed by Sam Weinig. - - * wtf/Functional.h: - -2011-12-27 Sam Weinig - - Continue moving compiler feature checks to use the COMPILER_SUPPORTS() macro - https://bugs.webkit.org/show_bug.cgi?id=75268 - - Reviewed by Anders Carlsson. - - * wtf/Compiler.h: - Add support for COMPILER_SUPPORTS(CXX_NULLPTR) and COMPILER_SUPPORTS(CXX_DELETED_FUNCTIONS). - - * wtf/Noncopyable.h: - Use COMPILER_SUPPORTS(CXX_DELETED_FUNCTIONS). - - * wtf/NullPtr.cpp: - * wtf/NullPtr.h: - Use COMPILER_SUPPORTS(CXX_NULLPTR). Remove support for HAVE(NULLPTR). - - * wtf/RefPtr.h: - * wtf/RetainPtr.h: - Switch from HAVE(NULLPTR) to COMPILER_SUPPORTS(CXX_NULLPTR). - -2011-12-27 Anders Carlsson - - Misc fixes and cleanups in Functional.h - https://bugs.webkit.org/show_bug.cgi?id=75281 - - Reviewed by Andreas Kling. - - - Reformat template declarations so that the class begins on a new line. - - Change the parameter template parameters to start at P1 instead of P0. - - Add function wrappers and bind overloads for 4 and 5 parameter functions. - - Change the Function call operator to be const so const functions can be called. - - * wtf/Functional.h: - -2011-12-27 Tony Chang - - [chromium] Minor cleanup of gyp files. - https://bugs.webkit.org/show_bug.cgi?id=75269 - - Reviewed by Adam Barth. - - * JavaScriptCore.gyp/JavaScriptCore.gyp: msvs_guid is no longer needed - and vim/emacs specific hooks should be added by the user. - -2011-12-27 Gavin Barraclough - - https://bugs.webkit.org/show_bug.cgi?id=75260 - Null name for host function can result in dereference of uninitialize memory - - Reviewed by Filip Pizlo. - - This is a recent regression in ToT, if the name passed to finishCreation of a host function is null, - we are currently skipping the putDirect, which leaves memory uninitialized. This patch reverts the - aspect of the change that introduced the issue. It might be better if functions that don't have a - name don't have this property at all, but that's change should be separate from fixing the bug. - - * runtime/JSFunction.cpp: - (JSC::JSFunction::finishCreation): - - Always initialize the name property. - -2011-12-27 Anders Carlsson - - Function should handle wrapping/unwrapping RefPtr and PassRefPtr - https://bugs.webkit.org/show_bug.cgi?id=75266 - - Reviewed by Sam Weinig. - - Add ParamStorageTraits that can be used for deciding how bound parameters should be stored - and peeked at. For RefPtr we want to use the raw pointer when "peeking" to avoid ref-churn. - For PassRefPtr, we want to use RefPtr for storage but still use the raw pointer when peeking. - - * wtf/Functional.h: - (WTF::ParamStorageTraits::wrap): - (WTF::ParamStorageTraits::unwrap): - -2011-12-27 Tony Chang - - [chromium] really enable wpo for WebCore libs and for WTF - https://bugs.webkit.org/show_bug.cgi?id=75264 - - Reviewed by Adam Barth. - - * JavaScriptCore.gyp/JavaScriptCore.gyp: Enable WPO for wtf and yarr. - -2011-12-26 Gavin Barraclough - - Errk! OS X build fix. - - * JavaScriptCore.exp: - -2011-12-26 Gavin Barraclough - - Windows build fix. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - * runtime/JSObject.h: - -2011-12-26 Gavin Barraclough - - https://bugs.webkit.org/show_bug.cgi?id=75231 - Fail to throw in strict mode on assign to read only static properties - - Reviewed by Filip Pizlo. - - There are three bugs here: - * symbolTablePut should throw for strict mode accesses. - * lookupPut should throw for strict mode accesses. - * NumberConstructor should override put to call lookupPut, to trap assignment to readonly properties. - - * runtime/JSActivation.cpp: - (JSC::JSActivation::symbolTablePut): - (JSC::JSActivation::put): - * runtime/JSActivation.h: - * runtime/JSGlobalObject.cpp: - (JSC::JSGlobalObject::put): - * runtime/JSStaticScopeObject.cpp: - (JSC::JSStaticScopeObject::put): - * runtime/JSVariableObject.h: - (JSC::JSVariableObject::symbolTablePut): - * runtime/Lookup.h: - (JSC::lookupPut): - * runtime/NumberConstructor.cpp: - (JSC::NumberConstructor::put): - * runtime/NumberConstructor.h: - -2011-12-26 Gavin Barraclough - - Fix miss-commit of utf8 change. - - Reviewed by Filip Pizlo - - Eeep, patch as landed a while ago had no effect! - acidentally landed - modified version of patch used for performance testing. - - (This isn't covered by layout tests because layour tests don't use jsc, - and the tests/mozilla tests use latin1, which was already supported!) - - Landing changes as intended (and as originally reviewed). - - * jsc.cpp: - (jscSource): - -2011-12-26 Filip Pizlo - - Unreviewed build fix for ARMv7. - - * assembler/MacroAssemblerARMv7.h: - (JSC::MacroAssemblerARMv7::load16Signed): - (JSC::MacroAssemblerARMv7::load8Signed): - -2011-12-26 Hajime Morrita - - Rename WTF_INLINE, JS_INLINE to HIDDEN_INLINE - https://bugs.webkit.org/show_bug.cgi?id=74990 - - Reviewed by Kevin Ollivier. - - * runtime/JSExportMacros.h: Removed JS_INLINE - * wtf/ExportMacros.h: Renamed WTF_INLINE to HIDDEN_INLINE - -2011-12-24 Filip Pizlo - - The ArgumentCount field in the CallFrame should have its tag left blank for other uses - https://bugs.webkit.org/show_bug.cgi?id=75199 - - - - Reviewed by Oliver Hunt. - - * dfg/DFGOSRExitCompiler32_64.cpp: - (JSC::DFG::OSRExitCompiler::compileExit): - * dfg/DFGOSRExitCompiler64.cpp: - (JSC::DFG::OSRExitCompiler::compileExit): - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::argumentPayloadSlot): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::emitCall): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::emitCall): - * interpreter/CallFrame.h: - (JSC::ExecState::argumentCountIncludingThis): - (JSC::ExecState::setArgumentCountIncludingThis): - * interpreter/Register.h: - (JSC::Register::unboxedInt32): - (JSC::Register::unboxedBoolean): - (JSC::Register::unboxedCell): - (JSC::Register::payload): - (JSC::Register::tag): - * jit/JITCall.cpp: - (JSC::JIT::compileOpCall): - * jit/JITCall32_64.cpp: - (JSC::JIT::compileLoadVarargs): - (JSC::JIT::compileOpCall): - -2011-12-25 Andreas Kling - - Yarr: Avoid copying vectors in CharacterClassConstructor. - - - Reviewed by Darin Adler. - - Yarr::CharacterClassConstructor::charClass() was hot when loading twitter - feeds (1.2%), replace the usage of Vector::append() by swap() since we're - always clearing the source vector afterwards anyway. - - * yarr/YarrPattern.cpp: - (JSC::Yarr::CharacterClassConstructor::charClass): - -2011-12-24 Darin Adler - - Specialize HashTraits for RefPtr to use PassRefPtr as "pass type" to reduce reference count churn - https://bugs.webkit.org/show_bug.cgi?id=72476 - - Reviewed by Sam Weinig. - - * wtf/HashTraits.h: Defined PassInType and store function in HashTraits. - -2011-12-23 Geoffrey Garen - - Inlined Yarr::execute - https://bugs.webkit.org/show_bug.cgi?id=75180 - - Reviewed reluctantly by Beth Dakin. - - Tiny speedup on SunSpider string tests. Removes some samples from - Instruments. A step toward removing -fomit-frame-pointer. - - * yarr/YarrJIT.cpp: - * yarr/YarrJIT.h: - (JSC::Yarr::execute): ONE LINE FUNCTION, Y U NOT INLINED?! - -2011-12-23 Filip Pizlo - - DFG loads from signed 8-bit and 16-bit typed arrays are broken - https://bugs.webkit.org/show_bug.cgi?id=75163 - - Reviewed by Geoffrey Garen. - - Added 8-bit and 16-bit signed loads. Because doing so on ARM is less trivial, I'm - currently disabling Int8Array and Int16Array optimizations on ARM. - - * assembler/MacroAssemblerX86Common.h: - (JSC::MacroAssemblerX86Common::load8Signed): - (JSC::MacroAssemblerX86Common::load16Signed): - * assembler/X86Assembler.h: - (JSC::X86Assembler::movswl_mr): - (JSC::X86Assembler::movsbl_mr): - * bytecode/PredictedType.h: - (JSC::isActionableMutableArrayPrediction): - * dfg/DFGNode.h: - (JSC::DFG::Node::shouldSpeculateInt8Array): - (JSC::DFG::Node::shouldSpeculateInt16Array): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): - -2011-12-23 Filip Pizlo - - DFG does double-to-int conversion incorrectly when storing into int typed arrays - https://bugs.webkit.org/show_bug.cgi?id=75164 - - - Reviewed by Geoffrey Garen. - - * assembler/MacroAssemblerARMv7.h: - (JSC::MacroAssemblerARMv7::branchTruncateDoubleToUint32): - * assembler/MacroAssemblerX86Common.h: - (JSC::MacroAssemblerX86Common::branchTruncateDoubleToUint32): - (JSC::MacroAssemblerX86Common::truncateDoubleToUint32): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): - -2011-12-23 Geoffrey Garen - - Refactored String.prototype.replace - https://bugs.webkit.org/show_bug.cgi?id=75114 - - Reviewed by Darin Adler. - - No performance difference. - - I think this is a step toward removing -fomit-frame-pointer. - - * runtime/JSString.cpp: - * runtime/JSString.h: Removed the test and special case for a single-character - search string because the standard path does this test and special case - for us. (As an aside, if we do come up with a unique single-character - replace optimization in future, it probably belongs in the replace function, - and not in JSString.) - - * runtime/StringPrototype.cpp: - (JSC::stringProtoFuncReplace): Split this mega-sized function into: - (JSC::replaceUsingStringSearch): - This reasonably sized function, and - (JSC::replaceUsingRegExpSearch): - This still mega-sized function. - -2011-12-23 Pierre Rossi - - [Qt] REGRESSION(r103467): It broke fast/images/animated-gif-restored-from-bfcache.html - https://bugs.webkit.org/show_bug.cgi?id=75087 - - monotonicallyIncreasingTime needs to hava a higher resolution than milliseconds. - - Reviewed by Darin Adler. - - * wtf/CurrentTime.cpp: - (WTF::monotonicallyIncreasingTime): - -2011-12-22 Filip Pizlo - - DFG should not speculate array even when predictions say that the base is not an array - https://bugs.webkit.org/show_bug.cgi?id=75160 - - - - Reviewed by Oliver Hunt. - - Added the ability to call slow path when the base is known to not be an array. - Also rationalized the logic for deciding when the index is not an int, and - cleaned up the logic for deciding when to speculate typed array. - - Neutral for the most part, with odd speed-ups and slow-downs. The slow-downs can - likely be mitigated by having the notion of a polymorphic array access, where we - try, but don't speculate, to access the array one way before either trying some - other ways or calling slow path. - - * bytecode/PredictedType.h: - (JSC::isActionableMutableArrayPrediction): - (JSC::isActionableArrayPrediction): - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::execute): - * dfg/DFGNode.h: - (JSC::DFG::Node::shouldSpeculateInt8Array): - (JSC::DFG::Node::shouldSpeculateInt16Array): - (JSC::DFG::Node::shouldSpeculateInt32Array): - (JSC::DFG::Node::shouldSpeculateUint8Array): - (JSC::DFG::Node::shouldSpeculateUint16Array): - (JSC::DFG::Node::shouldSpeculateUint32Array): - (JSC::DFG::Node::shouldSpeculateFloat32Array): - (JSC::DFG::Node::shouldSpeculateFloat64Array): - * dfg/DFGPropagator.cpp: - (JSC::DFG::Propagator::byValIsPure): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - -2011-12-22 Gavin Barraclough - - Unreviewed - fix stylebot issues from last patch. - - * runtime/JSArray.cpp: - (JSC::JSArray::putSlowCase): - -2011-12-22 Gavin Barraclough - - https://bugs.webkit.org/show_bug.cgi?id=75151 - Add attributes field to JSArray's SparseMap - - Reviewed by Sam Weinig. - - This will be necessary to be able to support non- writable/configurable/enumerable - properties, and helpful for getters/setters. - - Added a concept of being 'inSparseMode' - this indicates the array has a non-standard - - * runtime/ArrayPrototype.cpp: - (JSC::arrayProtoFuncSort): - - JSArray::sort methods not allowed on arrays that are 'inSparseMode'. - (must fall back to generic sort alogrithm). - * runtime/JSArray.cpp: - (JSC::JSArray::finishCreation): - - moved reportedMapCapacity into the SparseArrayValueMap object. - (JSC::SparseArrayValueMap::find): - (JSC::SparseArrayValueMap::put): - (JSC::SparseArrayValueMap::visitChildren): - - Added. - (JSC::JSArray::getOwnPropertySlotByIndex): - (JSC::JSArray::getOwnPropertyDescriptor): - (JSC::JSArray::putSlowCase): - (JSC::JSArray::deletePropertyByIndex): - (JSC::JSArray::getOwnPropertyNames): - (JSC::JSArray::setLength): - (JSC::JSArray::pop): - (JSC::JSArray::visitChildren): - - Updated for changes in SparseArrayValueMap. - (JSC::JSArray::sortNumeric): - (JSC::JSArray::sort): - (JSC::JSArray::compactForSorting): - - Disallow on 'SparseMode' arrays. - * runtime/JSArray.h: - (JSC::SparseArrayEntry::SparseArrayEntry): - - An entry in the sparse array - value (WriteBarrier) + attributes. - (JSC::SparseArrayValueMap::SparseArrayValueMap): - (JSC::SparseArrayValueMap::sparseMode): - (JSC::SparseArrayValueMap::setSparseMode): - - Flags to track whether an Array is forced into SparseMode. - (JSC::SparseArrayValueMap::remove): - (JSC::SparseArrayValueMap::notFound): - (JSC::SparseArrayValueMap::isEmpty): - (JSC::SparseArrayValueMap::contains): - (JSC::SparseArrayValueMap::size): - (JSC::SparseArrayValueMap::begin): - (JSC::SparseArrayValueMap::end): - - accessors to the map - (JSC::SparseArrayValueMap::take): - - only for use on non-SpareMode arrays. - (JSC::JSArray::inSparseMode): - - Added. - -2011-12-22 Filip Pizlo - - DFG CFA sometimes generates an incorrect proof that a node is known to be a typed array - https://bugs.webkit.org/show_bug.cgi?id=75150 - - - Reviewed by Gavin Barraclough. - - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::execute): - -2011-12-22 Filip Pizlo - - DFG JIT does exactly the wrong thing when doing strict equality on two known cells - https://bugs.webkit.org/show_bug.cgi?id=75138 - - - Reviewed by Oliver Hunt. - - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq): - -2011-12-22 Balazs Kelemen - - Fix debug build with assertions disabled - https://bugs.webkit.org/show_bug.cgi?id=75075 - - Reviewed by Darin Adler. - - Check whether assertions are disabled instead of NDEBUG - where appropriate to avoid "defined but not used" warnings. - - * wtf/DateMath.cpp: - (WTF::initializeDates): - -2011-12-22 Mariusz Grzegorczyk - - [EFL] Missing plugins support for efl port - https://bugs.webkit.org/show_bug.cgi?id=44505 - - Reviewed by Anders Carlsson. - - Add define of ENABLE_PLUGIN_PACKAGE_SIMPLE_HASH for efl port. - - * wtf/Platform.h: - -2011-12-22 Wei Charles - - Remove un-used data member of LiteralParser::Lex::m_string - https://bugs.webkit.org/show_bug.cgi?id=68216 - - Reviewed by George Staikos. - - * runtime/LiteralParser.h: - -2011-12-21 Dan Bernstein - - OS X build fix after r103488. - - * JavaScriptCore.exp: - -2011-12-21 Konrad Piascik - - Implement the JavaScriptCore bindings for eventListenerHandlerLocation - https://bugs.webkit.org/show_bug.cgi?id=74313 - - Reviewed by Eric Seidel. - - Updated project files to get Windows and Mac builds working. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - * JavaScriptCore.xcodeproj/project.pbxproj: - -2011-12-21 Filip Pizlo - - DFG ConvertThis optimizations do not honor the distinction between the global object and the global this object - https://bugs.webkit.org/show_bug.cgi?id=75058 - - - - Reviewed by Oliver Hunt. - - Added a call to toThisObject() in the DFG when planting a direct reference to the global this object. - Instead of adding a separate toThisObject() method on JSCell which does not take ExecState*, I reascribed - a new contract: if you're calling toThisObject() on JSObject or one of its subtypes, then the ExecState* - is optional. - - * dfg/DFGAssemblyHelpers.h: - (JSC::DFG::AssemblyHelpers::globalThisObjectFor): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * runtime/JSObject.h: - -2011-12-21 Pierre Rossi - - Implement montonicallyIncreasingClock() on Qt - https://bugs.webkit.org/show_bug.cgi?id=62159 - - Reviewed by Darin Adler. - - * wtf/CurrentTime.cpp: - (WTF::monotonicallyIncreasingTime): - -2011-12-20 Filip Pizlo - - 32_64 baseline JIT should attempt to convert division results to integers, and record when that fails - https://bugs.webkit.org/show_bug.cgi?id=74997 - - - Reviewed by Gavin Barraclough. - - * jit/JITArithmetic32_64.cpp: - (JSC::JIT::emit_op_div): - -2011-12-20 Filip Pizlo - - JavaScriptCore should be consistent about how it reads and writes ArgumentCount - https://bugs.webkit.org/show_bug.cgi?id=74989 - - - Reviewed by Gavin Barraclough. - - * dfg/DFGJITCompiler.cpp: - (JSC::DFG::JITCompiler::compileFunction): - * jit/JIT.cpp: - (JSC::JIT::privateCompile): - * jit/JITCall32_64.cpp: - (JSC::JIT::compileLoadVarargs): - * jit/JITOpcodes32_64.cpp: - (JSC::JIT::emit_op_get_arguments_length): - (JSC::JIT::emit_op_get_argument_by_val): - * jit/SpecializedThunkJIT.h: - (JSC::SpecializedThunkJIT::SpecializedThunkJIT): - -2011-12-20 Filip Pizlo - - Value Profiles for arguments should be more easily accessible to the interpreter - https://bugs.webkit.org/show_bug.cgi?id=74984 - - - Reviewed by Gavin Barraclough. - - * bytecode/CodeBlock.cpp: - (JSC::CodeBlock::stronglyVisitStrongReferences): - (JSC::CodeBlock::shouldOptimizeNow): - (JSC::CodeBlock::dumpValueProfiles): - * bytecode/CodeBlock.h: - (JSC::CodeBlock::setArgumentValueProfileSize): - (JSC::CodeBlock::numberOfArgumentValueProfiles): - (JSC::CodeBlock::valueProfileForArgument): - (JSC::CodeBlock::addValueProfile): - (JSC::CodeBlock::valueProfile): - (JSC::CodeBlock::valueProfileForBytecodeOffset): - (JSC::CodeBlock::totalNumberOfValueProfiles): - (JSC::CodeBlock::getFromAllValueProfiles): - * bytecode/ValueProfile.h: - (JSC::ValueProfile::ValueProfile): - * jit/JIT.cpp: - (JSC::JIT::privateCompile): - * jit/JIT.h: - * jit/JITInlineMethods.h: - (JSC::JIT::emitValueProfilingSite): - -2011-12-20 Gavin Barraclough - - JSC shell should accept utf8 input. - - Reviewed by Filip Pizlo. - - * jsc.cpp: - (jscSource): - (functionRun): - (functionLoad): - (functionCheckSyntax): - (runWithScripts): - (runInteractive): - -2011-12-20 Gavin Barraclough - - Rubber Stamped by Sam Weinig - - * runtime/JSGlobalData.cpp: - - removed some dead code. - -2011-12-19 Geoffrey Garen - - Tightened up Vector::append - https://bugs.webkit.org/show_bug.cgi?id=74906 - - Reviewed by Sam Weinig. - - Not a measurable speedup, but code inspection shows better code generated, - and I believe this is a step toward turning off -fomit-frame-pointer. - - * wtf/Vector.h: - (WTF::::append): - (WTF::::appendSlowCase): Split out the slow case into a separate function - to keep unnecessary instructions off the hot path. This means the hot - path can now be inlined more often. - - Removed some old MSVC7 cruft. Hopefully, we don't need to hang on to a - compiler work-around from 2007. - -2011-12-19 Yuqiang Xian - - Temporary GPR should not be lazily allocated in DFG JIT on X86 - https://bugs.webkit.org/show_bug.cgi?id=74908 - - Reviewed by Filip Pizlo. - - On X86, we used to allocate a temporary GPR lazily when it's really - used rather than defined. This may cause potential issues of - allocating registers inside control flow and result in problems in - subsequent code generation, for example the DFG JIT may think an - operand already being spilled (to satisfy the allocation request) and - generate code to read the data from memory, but the allocation and - spilling are in a branch which is not taken at runtime, so the - generated code is incorrect. - - Although current DFG JIT code doesn't have this problematic pattern, - it's better to cut-off the root to avoid any potential issues in the - future. - - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::GPRTemporary::GPRTemporary): - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::GPRTemporary::gpr): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - -2011-12-19 Yuqiang Xian - - Remove unused code for non-speculative Arith operations from DFG JIT - https://bugs.webkit.org/show_bug.cgi?id=74905 - - Reviewed by Filip Pizlo. - - * dfg/DFGSpeculativeJIT.h: - * dfg/DFGSpeculativeJIT32_64.cpp: - * dfg/DFGSpeculativeJIT64.cpp: - -2011-12-19 Gavin Barraclough - - https://bugs.webkit.org/show_bug.cgi?id=74903 - Exceptions not thrown correctly from DFG JIT on 32bit - - Reviewed by Oliver Hunt. - - Arguments for lookupExceptionHandler are not setup correctly. - In the case of ARMv7 we rely on lr being preserved over a call, - this in invalid. On x86 we don't should be poking the arguments onto the stack! - - * bytecode/CodeBlock.h: - (JSC::CodeBlock::bytecodeOffsetForCallAtIndex): - * dfg/DFGAssemblyHelpers.h: - (JSC::DFG::AssemblyHelpers::restoreReturnAddressBeforeReturn): - * dfg/DFGGPRInfo.h: - * dfg/DFGJITCompiler.cpp: - (JSC::DFG::JITCompiler::compileBody): - * dfg/DFGJITCompiler.h: - (JSC::DFG::JITCompiler::addExceptionCheck): - (JSC::DFG::JITCompiler::addFastExceptionCheck): - * dfg/DFGOperations.cpp: - * dfg/DFGOperations.h: - -2011-12-19 Filip Pizlo - - If we detect that we can use the JIT, don't use computed opcode lookups - https://bugs.webkit.org/show_bug.cgi?id=74899 - - - Reviewed by Gavin Barraclough. - - * interpreter/Interpreter.cpp: - (JSC::Interpreter::Interpreter): - (JSC::Interpreter::initialize): - (JSC::Interpreter::privateExecute): - * interpreter/Interpreter.h: - (JSC::Interpreter::getOpcode): - (JSC::Interpreter::getOpcodeID): - * runtime/JSGlobalData.cpp: - (JSC::JSGlobalData::JSGlobalData): - -2011-12-19 Geoffrey Garen - - Try to fix the Qt build. - - Unreviewed. - - * wtf/ThreadSpecific.h: #include! - -2011-12-18 Filip Pizlo - - It should be possible to change the value of an Options variable without recompiling the world - https://bugs.webkit.org/show_bug.cgi?id=74807 - - Reviewed by Gavin Barraclough. - - * runtime/Options.cpp: - (JSC::Options::initializeOptions): - * runtime/Options.h: - -2011-12-19 Sheriff Bot - - Unreviewed, rolling out r103250. - http://trac.webkit.org/changeset/103250 - https://bugs.webkit.org/show_bug.cgi?id=74877 - - it still breaks codegen (Requested by olliej on #webkit). - - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::execute): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::parseBlock): - * dfg/DFGNode.h: - * dfg/DFGPropagator.cpp: - (JSC::DFG::Propagator::propagateArithNodeFlags): - (JSC::DFG::Propagator::fixupNode): - (JSC::DFG::Propagator::byValIsPure): - (JSC::DFG::Propagator::clobbersWorld): - (JSC::DFG::Propagator::getByValLoadElimination): - (JSC::DFG::Propagator::checkStructureLoadElimination): - (JSC::DFG::Propagator::getByOffsetLoadElimination): - (JSC::DFG::Propagator::getPropertyStorageLoadElimination): - (JSC::DFG::Propagator::getIndexedPropertyStorageLoadElimination): - (JSC::DFG::Propagator::performNodeCSE): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray): - (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): - (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): - * dfg/DFGSpeculativeJIT.h: - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - -2011-12-16 Oliver Hunt - - Rolling r103120 back in with merge errors corrected. - - PutByVal[Alias] unnecessarily reloads the storage buffer - https://bugs.webkit.org/show_bug.cgi?id=74747 - - Reviewed by Gavin Barraclough. - - Make PutByVal use GetIndexedStorage to load the storage buffer. - This required switching PutByVal to a vararg node (which is - responsible for most of the noise in this patch). This fixes the - remaining portion of the kraken regression caused by the GetByVal - storage load elimination, and a 1-5% win on some of the sub tests of - the typed array benchmark at: - http://stepheneb.github.com/webgl-matrix-benchmarks/matrix_benchmark.html - - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::execute): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::parseBlock): - * dfg/DFGNode.h: - * dfg/DFGPropagator.cpp: - (JSC::DFG::Propagator::propagateArithNodeFlags): - (JSC::DFG::Propagator::fixupNode): - (JSC::DFG::Propagator::byValIndexIsPure): - (JSC::DFG::Propagator::clobbersWorld): - (JSC::DFG::Propagator::getByValLoadElimination): - (JSC::DFG::Propagator::checkStructureLoadElimination): - (JSC::DFG::Propagator::getByOffsetLoadElimination): - (JSC::DFG::Propagator::getPropertyStorageLoadElimination): - (JSC::DFG::Propagator::getIndexedPropertyStorageLoadElimination): - (JSC::DFG::Propagator::performNodeCSE): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray): - (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): - (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): - * dfg/DFGSpeculativeJIT.h: - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - -2011-12-15 Geoffrey Garen - - Placement new does an unnecessary NULL check - https://bugs.webkit.org/show_bug.cgi?id=74676 - - Reviewed by Sam Weinig. - - We can define our own version, which skips the NULL check. - - Not a measurable speedup, but code inspection shows better code generated, - and I believe this is a step toward turning off -fomit-frame-pointer. - - * API/JSCallbackConstructor.h: - (JSC::JSCallbackConstructor::create): - * API/JSCallbackFunction.h: - (JSC::JSCallbackFunction::create): Use the NotNull version of placement - new to skip the NULL check. - - * API/JSCallbackObject.h: Removed a conflicting, unnecessaray placement new. - - (JSC::JSCallbackObject::create): - * debugger/DebuggerActivation.h: - (JSC::DebuggerActivation::create): - * heap/HandleHeap.cpp: - (JSC::HandleHeap::grow): - * heap/HandleHeap.h: - (JSC::HandleHeap::allocate): - * heap/MarkedBlock.cpp: - (JSC::MarkedBlock::create): - (JSC::MarkedBlock::recycle): - * jit/JITCode.h: - (JSC::JITCode::clear): - * jsc.cpp: - (GlobalObject::create): - * profiler/CallIdentifier.h: - * runtime/Arguments.h: - (JSC::Arguments::create): - * runtime/ArrayConstructor.h: - (JSC::ArrayConstructor::create): - * runtime/ArrayPrototype.h: - (JSC::ArrayPrototype::create): - * runtime/BooleanConstructor.h: - (JSC::BooleanConstructor::create): - * runtime/BooleanObject.h: - (JSC::BooleanObject::create): - * runtime/BooleanPrototype.h: - (JSC::BooleanPrototype::create): - * runtime/DateConstructor.h: - (JSC::DateConstructor::create): - * runtime/DateInstance.h: - (JSC::DateInstance::create): - * runtime/DatePrototype.h: - (JSC::DatePrototype::create): - * runtime/Error.h: - (JSC::StrictModeTypeErrorFunction::create): - * runtime/ErrorConstructor.h: - (JSC::ErrorConstructor::create): - * runtime/ErrorInstance.h: - (JSC::ErrorInstance::create): - * runtime/ErrorPrototype.h: - (JSC::ErrorPrototype::create): - * runtime/ExceptionHelpers.h: - (JSC::InterruptedExecutionError::create): - (JSC::TerminatedExecutionError::create): - * runtime/Executable.h: - (JSC::NativeExecutable::create): - (JSC::EvalExecutable::create): - (JSC::ProgramExecutable::create): - (JSC::FunctionExecutable::create): - * runtime/FunctionConstructor.h: - (JSC::FunctionConstructor::create): - * runtime/FunctionPrototype.h: - (JSC::FunctionPrototype::create): - * runtime/GetterSetter.h: - (JSC::GetterSetter::create): - * runtime/JSAPIValueWrapper.h: - (JSC::JSAPIValueWrapper::create): - * runtime/JSActivation.h: - (JSC::JSActivation::create): - * runtime/JSArray.h: - (JSC::JSArray::create): - * runtime/JSBoundFunction.cpp: - (JSC::JSBoundFunction::create): - * runtime/JSByteArray.h: - (JSC::JSByteArray::create): Use the NotNull version of placement - new to skip the NULL check. - - * runtime/JSCell.h: Removed a conflicting, unnecessaray placement new. - - * runtime/JSFunction.cpp: - (JSC::JSFunction::create): - * runtime/JSFunction.h: - (JSC::JSFunction::create): - * runtime/JSGlobalObject.h: - (JSC::JSGlobalObject::create): - * runtime/JSGlobalThis.h: - (JSC::JSGlobalThis::create): - * runtime/JSNotAnObject.h: - (JSC::JSNotAnObject::create): - * runtime/JSONObject.h: - (JSC::JSONObject::create): - * runtime/JSObject.h: - (JSC::JSFinalObject::create): - * runtime/JSPropertyNameIterator.cpp: - (JSC::JSPropertyNameIterator::create): - * runtime/JSPropertyNameIterator.h: - (JSC::JSPropertyNameIterator::create): - * runtime/JSStaticScopeObject.h: - (JSC::JSStaticScopeObject::create): - * runtime/JSString.cpp: - (JSC::StringObject::create): - * runtime/JSString.h: - (JSC::RopeBuilder::createNull): - (JSC::RopeBuilder::create): - (JSC::RopeBuilder::createHasOtherOwner): - * runtime/MathObject.h: - (JSC::MathObject::create): - * runtime/NativeErrorConstructor.h: - (JSC::NativeErrorConstructor::create): - * runtime/NativeErrorPrototype.h: - (JSC::NativeErrorPrototype::create): - * runtime/NumberConstructor.h: - (JSC::NumberConstructor::create): - * runtime/NumberObject.h: - (JSC::NumberObject::create): - * runtime/NumberPrototype.h: - (JSC::NumberPrototype::create): - * runtime/ObjectConstructor.h: - (JSC::ObjectConstructor::create): - * runtime/ObjectPrototype.h: - (JSC::ObjectPrototype::create): - * runtime/RegExp.cpp: - (JSC::RegExp::createWithoutCaching): - * runtime/RegExpConstructor.h: - (JSC::RegExpConstructor::create): - * runtime/RegExpMatchesArray.h: - (JSC::RegExpMatchesArray::create): - * runtime/RegExpObject.h: - (JSC::RegExpObject::create): - * runtime/RegExpPrototype.h: - (JSC::RegExpPrototype::create): - * runtime/ScopeChain.h: - (JSC::ScopeChainNode::create): - * runtime/StrictEvalActivation.h: - (JSC::StrictEvalActivation::create): - * runtime/StringConstructor.h: - (JSC::StringConstructor::create): - * runtime/StringObject.h: - (JSC::StringObject::create): - * runtime/StringPrototype.h: - (JSC::StringPrototype::create): - * runtime/Structure.h: - (JSC::Structure::create): - (JSC::Structure::createStructure): - * runtime/StructureChain.h: - (JSC::StructureChain::create): - * testRegExp.cpp: - (GlobalObject::create): - * wtf/BitVector.cpp: - (WTF::BitVector::OutOfLineBits::create): Use the NotNull version of placement - new to skip the NULL check. - - * wtf/BumpPointerAllocator.h: - (WTF::BumpPointerPool::create): Standardized spacing to make grep easier. - - * wtf/ByteArray.cpp: - (WTF::ByteArray::create): - * wtf/Deque.h: - (WTF::::append): - (WTF::::prepend): Use NotNull, as above. - - * wtf/FastAllocBase.h: Added a placement new, since this class would otherwise - hide the name of the global placement new. - - (WTF::fastNew): Standardized spacing. Most of these functions don't need - NotNull, since they check for NULL, and the optimizer can see that. - - * wtf/HashTable.h: - * wtf/HashTraits.h: - (WTF::SimpleClassHashTraits::constructDeletedValue): - * wtf/MetaAllocator.cpp: - (WTF::MetaAllocator::allocFreeSpaceNode): NotNull, as above. - - * wtf/StdLibExtras.h: - (throw): This is our NotNull placement new. Declaring that we throw is - the C++ way to say that operator new will not return NULL. - - * wtf/ThreadSpecific.h: - (WTF::T): - * wtf/Vector.h: - (WTF::::append): - (WTF::::tryAppend): - (WTF::::uncheckedAppend): - (WTF::::insert): - * wtf/text/AtomicStringHash.h: - * wtf/text/StringImpl.cpp: - (WTF::StringImpl::createUninitialized): - (WTF::StringImpl::reallocate): - * wtf/text/StringImpl.h: - (WTF::StringImpl::tryCreateUninitialized): - * wtf/text/StringStatics.cpp: - (WTF::AtomicString::init): Use NotNull, as above. - - * yarr/YarrInterpreter.cpp: - (JSC::Yarr::Interpreter::allocDisjunctionContext): - (JSC::Yarr::Interpreter::ParenthesesDisjunctionContext::ParenthesesDisjunctionContext): - (JSC::Yarr::Interpreter::allocParenthesesDisjunctionContext): Standardized - spacing for easy grep. - -2011-12-19 Eric Carlson - - Enable for Mac build - https://bugs.webkit.org/show_bug.cgi?id=74838 - - Reviewed by Darin Adler. - - * wtf/Platform.h: - -2011-12-18 Filip Pizlo - - DFG is too sloppy with register allocation - https://bugs.webkit.org/show_bug.cgi?id=74835 - - Reviewed by Gavin Barraclough. - - Added assertions that at the end of a successfully generated basic block, - all use counts should be zero. This revealed a number of bugs: - - - Array length optimizations were turning a must-generate node into one - that is not must-generate, but failing to change the ref count - accordingly. - - - Indexed property storage optimizations were failing to deref their - children, or to deref the indexed property storage node itself. Also, - they used the Phantom node as a replacement. But the Phantom node is - must-generate, which was causing bizarre issues. So this introduces a - Nop node, which should be used in cases where you want a node that is - skipped and has no children. - - This does not have any significant performance effect, but it should - relieve some register pressure. The main thing this patch adds, though, - are the assertions, which should make it easier to do register allocation - related changes in the future. - - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::execute): - * dfg/DFGGenerationInfo.h: - (JSC::DFG::GenerationInfo::initConstant): - (JSC::DFG::GenerationInfo::initInteger): - (JSC::DFG::GenerationInfo::initJSValue): - (JSC::DFG::GenerationInfo::initCell): - (JSC::DFG::GenerationInfo::initBoolean): - (JSC::DFG::GenerationInfo::initDouble): - (JSC::DFG::GenerationInfo::initStorage): - (JSC::DFG::GenerationInfo::use): - * dfg/DFGGraph.h: - (JSC::DFG::Graph::clearAndDerefChild1): - (JSC::DFG::Graph::clearAndDerefChild2): - (JSC::DFG::Graph::clearAndDerefChild3): - * dfg/DFGNode.h: - (JSC::DFG::Node::deref): - * dfg/DFGPropagator.cpp: - (JSC::DFG::Propagator::propagateNodePredictions): - (JSC::DFG::Propagator::fixupNode): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - -2011-12-18 Benjamin Poulain - - Remove the duplicated code from ASCIICType.h - https://bugs.webkit.org/show_bug.cgi?id=74771 - - Reviewed by Andreas Kling. - - Use isASCIIDigit() and isASCIIAlpha() instead of copying the code. - - * wtf/ASCIICType.h: - (WTF::isASCIIDigit): - (WTF::isASCIIAlphanumeric): - (WTF::isASCIIHexDigit): - -2011-12-18 Anders Carlsson - - Set the main frame view scroll position asynchronously - https://bugs.webkit.org/show_bug.cgi?id=74823 - - Reviewed by Sam Weinig. - - * JavaScriptCore.exp: - -2011-12-10 Andreas Kling - - OpaqueJSClass: Remove RVCT2 workarounds. - - - Reviewed by Benjamin Poulain. - - We no longer need workarounds for the RVCT2 compiler since it was - only used for the Symbian port of WebKit which is now defunct. - - * API/JSClassRef.cpp: - (OpaqueJSClass::OpaqueJSClass): - (OpaqueJSClassContextData::OpaqueJSClassContextData): - -2011-12-16 Benjamin Poulain - - Remove the duplicated code from ASCIICType.h - https://bugs.webkit.org/show_bug.cgi?id=74771 - - Reviewed by Andreas Kling. - - The functions were sharing similar code and were defined for the various input types. - Use templates instead to avoid code duplication. - - * wtf/ASCIICType.h: - (WTF::isASCII): - (WTF::isASCIIAlpha): - (WTF::isASCIIAlphanumeric): - (WTF::isASCIIDigit): - (WTF::isASCIIHexDigit): - (WTF::isASCIILower): - (WTF::isASCIIOctalDigit): - (WTF::isASCIIPrintable): - (WTF::isASCIISpace): - (WTF::isASCIIUpper): - (WTF::toASCIILower): - (WTF::toASCIIUpper): - (WTF::toASCIIHexValue): - (WTF::lowerNibbleToASCIIHexDigit): - (WTF::upperNibbleToASCIIHexDigit): - -2011-12-16 Filip Pizlo - - DFG OSR exit may get confused about where in the scratch buffer it stored a value - https://bugs.webkit.org/show_bug.cgi?id=74695 - - Reviewed by Oliver Hunt. - - The code that reads from the scratch buffer now explicitly knows which locations to - read from. No new tests, since this patch covers a case so uncommon that I don't know - how to make a test for it. - - * dfg/DFGOSRExitCompiler.h: - (JSC::DFG::OSRExitCompiler::badIndex): - (JSC::DFG::OSRExitCompiler::initializePoisoned): - (JSC::DFG::OSRExitCompiler::poisonIndex): - * dfg/DFGOSRExitCompiler32_64.cpp: - (JSC::DFG::OSRExitCompiler::compileExit): - * dfg/DFGOSRExitCompiler64.cpp: - (JSC::DFG::OSRExitCompiler::compileExit): - -2011-12-16 Oliver Hunt - - PutByVal[Alias] unnecessarily reloads the storage buffer - https://bugs.webkit.org/show_bug.cgi?id=74747 - - Reviewed by Gavin Barraclough. - - Make PutByVal use GetIndexedStorage to load the storage buffer. - This required switching PutByVal to a vararg node (which is - responsible for most of the noise in this patch). This fixes the - remaining portion of the kraken regression caused by the GetByVal - storage load elimination, and a 1-5% win on some of the sub tests of - the typed array benchmark at: - http://stepheneb.github.com/webgl-matrix-benchmarks/matrix_benchmark.html - - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::execute): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::parseBlock): - * dfg/DFGNode.h: - * dfg/DFGPropagator.cpp: - (JSC::DFG::Propagator::propagateArithNodeFlags): - (JSC::DFG::Propagator::fixupNode): - (JSC::DFG::Propagator::byValIndexIsPure): - (JSC::DFG::Propagator::clobbersWorld): - (JSC::DFG::Propagator::getByValLoadElimination): - (JSC::DFG::Propagator::checkStructureLoadElimination): - (JSC::DFG::Propagator::getByOffsetLoadElimination): - (JSC::DFG::Propagator::getPropertyStorageLoadElimination): - (JSC::DFG::Propagator::getIndexedPropertyStorageLoadElimination): - (JSC::DFG::Propagator::performNodeCSE): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray): - (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): - (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): - * dfg/DFGSpeculativeJIT.h: - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - -2011-12-16 Daniel Bates - - Include BlackBerryPlatformLog.h instead of BlackBerryPlatformMisc.h - - Rubber-stamped by Antonio Gomes. - - BlackBerry::Platform::logV() is declared in BlackBerryPlatformLog.h. That is, it isn't - declared in BlackBerryPlatformMisc.h. Hence, we should include BlackBerryPlatformLog.h - instead of BlackBerryPlatformMisc.h. - - * wtf/Assertions.cpp: - -2011-12-16 Mark Hahnenberg - - De-virtualize destructors - https://bugs.webkit.org/show_bug.cgi?id=74331 - - Reviewed by Geoffrey Garen. - - This is a megapatch which frees us from the chains of virtual destructors. - - In order to remove the virtual destructors, which are the last of the virtual - functions, from the JSCell hierarchy, we need to add the ClassInfo pointer to - the cell rather than to the structure because in order to be able to lazily call - the static destroy() functions that will replace the virtual destructors, we - need to be able to access the ClassInfo without the danger of the object's - Structure being collected before the object itself. - - After adding the ClassInfo to the cell, we can then begin to remove our use - of vptrs for optimizations within the JIT and the GC. When we have removed - all of the stored vptrs from JSGlobalData, we can then also remove all of - the related VPtrStealingHack code. - - The replacement for virtual destructors will be to add a static destroy function - pointer to the MethodTable stored in ClassInfo. Any subclass of JSCell that has - a non-trivial destructor will require its own static destroy function to static - call its corresponding destructor, which will now be non-virtual. In future - patches we will slowly move away from destructors altogether as we make more and - more objects backed by GC memory rather than malloc-ed memory. The GC will now - call the static destroy method rather than the virtual destructor. - - As we go through the hierarchy and add static destroy functions to classes, - we will also add a new assert, ASSERT_HAS_TRIVIAL_DESTRUCTOR, to those classes - to which it applies. The future goal is to eventually have every class have that assert. - - * API/JSCallbackConstructor.cpp: - (JSC::JSCallbackConstructor::destroy): Add a destroy function to statically call - ~JSCallbackConstructor because it has some extra destruction logic. - * API/JSCallbackConstructor.h: - * API/JSCallbackFunction.cpp: Add trivial destructor assert for JSCallbackFunction. - * API/JSCallbackObject.cpp: Add a destroy function to statically call ~JSCallbackObject - because it has a member OwnPtr that needs destruction. - (JSC::::destroy): - * API/JSCallbackObject.h: - * JavaScriptCore.exp: Add/remove necessary symbols for JSC. - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Same for Windows symbols. - * debugger/DebuggerActivation.cpp: DebuggerActivation, for some strange reason, didn't - have its own ClassInfo despite the fact that it overrides a number of MethodTable - methods. Added the ClassInfo, along with an assertion that its destructor is trivial. - * debugger/DebuggerActivation.h: - * dfg/DFGOperations.cpp: Remove global data first argument to isJSArray, isJSByteArray, - isJSString, as it is no longer necessary. - (JSC::DFG::putByVal): - * dfg/DFGRepatch.cpp: Ditto. Also remove uses of jsArrayVPtr in favor of using the - JSArray ClassInfo pointer. - (JSC::DFG::tryCacheGetByID): - * dfg/DFGSpeculativeJIT.cpp: Replace uses of the old vptrs with new ClassInfo - comparisons since we don't have vptrs anymore. - (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality): - (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch): - (JSC::DFG::SpeculativeJIT::checkArgumentTypes): - (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray): - (JSC::DFG::SpeculativeJIT::compileGetTypedArrayLength): - (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): - (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): - (JSC::DFG::SpeculativeJIT::compare): - (JSC::DFG::SpeculativeJIT::compileStrictEq): - (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): - * dfg/DFGSpeculativeJIT.h: Ditto. - (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject): - * dfg/DFGSpeculativeJIT32_64.cpp: Ditto. - (JSC::DFG::SpeculativeJIT::compileObjectEquality): - (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot): - (JSC::DFG::SpeculativeJIT::compileLogicalNot): - (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): - (JSC::DFG::SpeculativeJIT::emitBranch): - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: Ditto. - (JSC::DFG::SpeculativeJIT::compileObjectEquality): - (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot): - (JSC::DFG::SpeculativeJIT::compileLogicalNot): - (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): - (JSC::DFG::SpeculativeJIT::emitBranch): - (JSC::DFG::SpeculativeJIT::compile): - * heap/Heap.cpp: Remove all uses of vptrs in GC optimizations and replace them with - ClassInfo comparisons. - (JSC::Heap::Heap): - * heap/MarkStack.cpp: Ditto. - (JSC::MarkStackThreadSharedData::markingThreadMain): - (JSC::visitChildren): - (JSC::SlotVisitor::drain): - * heap/MarkStack.h: Ditto. - (JSC::MarkStack::MarkStack): - * heap/MarkedBlock.cpp: Ditto. - (JSC::MarkedBlock::callDestructor): - (JSC::MarkedBlock::specializedSweep): - * heap/MarkedBlock.h: Ditto. - * heap/SlotVisitor.h: Ditto. - (JSC::SlotVisitor::SlotVisitor): - * heap/VTableSpectrum.cpp: Now that we don't have vptrs, we can't count them. - We'll have to rename this class and make it use ClassInfo ptrs in a future patch. - (JSC::VTableSpectrum::count): - * interpreter/Interpreter.cpp: Remove all global data arguments from isJSArray, - etc. functions. - (JSC::loadVarargs): - (JSC::Interpreter::tryCacheGetByID): - (JSC::Interpreter::privateExecute): - * jit/JIT.h: Remove vptr argument from emitAllocateBasicJSObject - * jit/JITInlineMethods.h: Remove vptr planting, and add ClassInfo planting, - remove all vtable related code. - (JSC::JIT::emitLoadCharacterString): - (JSC::JIT::emitAllocateBasicJSObject): - (JSC::JIT::emitAllocateJSFinalObject): - (JSC::JIT::emitAllocateJSFunction): - * jit/JITOpcodes.cpp: Replace vptr related branch code with corresponding ClassInfo. - (JSC::JIT::privateCompileCTIMachineTrampolines): - (JSC::JIT::emit_op_to_primitive): - (JSC::JIT::emit_op_convert_this): - * jit/JITOpcodes32_64.cpp: Ditto. - (JSC::JIT::privateCompileCTIMachineTrampolines): - (JSC::JIT::emit_op_to_primitive): - (JSC::JIT::emitSlow_op_eq): - (JSC::JIT::emitSlow_op_neq): - (JSC::JIT::compileOpStrictEq): - (JSC::JIT::emit_op_convert_this): - * jit/JITPropertyAccess.cpp: Ditto. - (JSC::JIT::stringGetByValStubGenerator): - (JSC::JIT::emit_op_get_by_val): - (JSC::JIT::emitSlow_op_get_by_val): - (JSC::JIT::emit_op_put_by_val): - (JSC::JIT::privateCompilePutByIdTransition): - (JSC::JIT::privateCompilePatchGetArrayLength): - * jit/JITPropertyAccess32_64.cpp: Ditto. - (JSC::JIT::stringGetByValStubGenerator): - (JSC::JIT::emit_op_get_by_val): - (JSC::JIT::emitSlow_op_get_by_val): - (JSC::JIT::emit_op_put_by_val): - (JSC::JIT::privateCompilePatchGetArrayLength): - * jit/JITStubs.cpp: Remove global data argument from isJSString, etc. - (JSC::JITThunks::tryCacheGetByID): - (JSC::DEFINE_STUB_FUNCTION): - * jit/SpecializedThunkJIT.h: Replace vptr related stuff with ClassInfo stuff. - (JSC::SpecializedThunkJIT::loadJSStringArgument): - * runtime/ArrayConstructor.cpp: Add trivial destructor assert. - * runtime/ArrayPrototype.cpp: Remove global data argument from isJSArray. - (JSC::arrayProtoFuncToString): - (JSC::arrayProtoFuncJoin): - (JSC::arrayProtoFuncPop): - (JSC::arrayProtoFuncPush): - (JSC::arrayProtoFuncShift): - (JSC::arrayProtoFuncSplice): - (JSC::arrayProtoFuncUnShift): - (JSC::arrayProtoFuncFilter): - (JSC::arrayProtoFuncMap): - (JSC::arrayProtoFuncEvery): - (JSC::arrayProtoFuncForEach): - (JSC::arrayProtoFuncSome): - (JSC::arrayProtoFuncReduce): - (JSC::arrayProtoFuncReduceRight): - * runtime/BooleanConstructor.cpp: Add trivial destructor assert. - * runtime/BooleanObject.cpp: Ditto. - * runtime/BooleanPrototype.cpp: Ditto. - * runtime/ClassInfo.h: Add destroy function pointer to MethodTable. - * runtime/DateConstructor.cpp: Add trivial destructor assert. - * runtime/DateInstance.cpp: Add destroy function for DateInstance because it has a RefPtr - that needs destruction. - (JSC::DateInstance::destroy): - * runtime/DateInstance.h: - * runtime/Error.cpp: Ditto (because of UString member). - (JSC::StrictModeTypeErrorFunction::destroy): - * runtime/Error.h: - * runtime/ErrorConstructor.cpp: Add trivial destructor assert. - * runtime/ErrorInstance.cpp: Ditto. - * runtime/ExceptionHelpers.cpp: Ditto. - * runtime/Executable.cpp: Add destroy functions for ExecutableBase and subclasses. - (JSC::ExecutableBase::destroy): - (JSC::NativeExecutable::destroy): - (JSC::ScriptExecutable::destroy): - (JSC::EvalExecutable::destroy): - (JSC::ProgramExecutable::destroy): - (JSC::FunctionExecutable::destroy): - * runtime/Executable.h: - * runtime/FunctionConstructor.cpp: Add trivial destructor assert. - * runtime/FunctionPrototype.cpp: Ditto. Also remove global data first arg from isJSArray. - (JSC::functionProtoFuncApply): - * runtime/GetterSetter.cpp: Ditto. - * runtime/InitializeThreading.cpp: Remove call to JSGlobalData::storeVPtrs since it no - longer exists. - (JSC::initializeThreadingOnce): - * runtime/InternalFunction.cpp: Remove vtableAnchor function, add trivial destructor assert, - remove first arg from isJSString. - (JSC::InternalFunction::displayName): - * runtime/InternalFunction.h: Remove VPtrStealingHack. - * runtime/JSAPIValueWrapper.cpp: Add trivial destructor assert. - * runtime/JSArray.cpp: Add static destroy to call ~JSArray. Replace vptr checks in - destructor with ClassInfo checks. - (JSC::JSArray::~JSArray): - (JSC::JSArray::destroy): - * runtime/JSArray.h: Remove VPtrStealingHack. Remove globalData argument from isJSArray - and change them to check the ClassInfo rather than the vptrs. - (JSC::isJSArray): - * runtime/JSBoundFunction.cpp: Add trival destructor assert. Remove first arg from isJSArray. - (JSC::boundFunctionCall): - (JSC::boundFunctionConstruct): - * runtime/JSByteArray.cpp: Add static destroy function, replace vptr checks with ClassInfo checks. - (JSC::JSByteArray::~JSByteArray): - (JSC::JSByteArray::destroy): - * runtime/JSByteArray.h: Remove VPtrStealingHack code. - (JSC::isJSByteArray): - * runtime/JSCell.cpp: Add trivial destructor assert. Add static destroy function. - (JSC::JSCell::destroy): - * runtime/JSCell.h: Remove VPtrStealingHack code. Add function for returning the offset - of the ClassInfo pointer in the object for use by the JIT. Add the ClassInfo pointer to - the JSCell itself, and grab it from the Structure. Remove the vptr and setVPtr functions, - as they are no longer used. Add a validatedClassInfo function to JSCell for any clients - that want to verify, while in Debug mode, that the ClassInfo contained in the cell is the - same one as that contained in the Structure. This isn't used too often, because most of - the places where we compare the ClassInfo to things can be called during destruction. - Since the Structure is unreliable during the phase when destructors are being called, - we can't call validatedClassInfo. - (JSC::JSCell::classInfoOffset): - (JSC::JSCell::structure): - (JSC::JSCell::classInfo): - * runtime/JSFunction.cpp: Remove VPtrStealingHack code. Add static destroy, remove vtableAnchor, - remove first arg from call to isJSString. - (JSC::JSFunction::destroy): - (JSC::JSFunction::displayName): - * runtime/JSFunction.h: - * runtime/JSGlobalData.cpp: Remove all VPtr stealing code and storage, including storeVPtrs, - as these vptrs are no longer needed in the codebase. - * runtime/JSGlobalData.h: - (JSC::TypedArrayDescriptor::TypedArrayDescriptor): Changed the TypedArrayDescriptor to use - ClassInfo rather than the vptr. - * runtime/JSGlobalObject.cpp: Add static destroy function. - (JSC::JSGlobalObject::destroy): - * runtime/JSGlobalObject.h: - * runtime/JSGlobalThis.cpp: Add trivial destructor assert. - * runtime/JSNotAnObject.cpp: Ditto. - * runtime/JSONObject.cpp: Ditto. Remove first arg from isJSArray calls. - (JSC::Stringifier::Holder::appendNextProperty): - (JSC::Walker::walk): - * runtime/JSObject.cpp: - (JSC::JSFinalObject::destroy): - (JSC::JSNonFinalObject::destroy): - (JSC::JSObject::destroy): - * runtime/JSObject.h: Add trivial destructor assert for JSObject, remove vtableAnchor - from JSNonFinalObject and JSFinalObject, add static destroy for JSFinalObject and - JSNonFinalObject, add isJSFinalObject utility function similar to isJSArray, remove all VPtrStealingHack code. - (JSC::JSObject::finishCreation): - (JSC::JSNonFinalObject::finishCreation): - (JSC::JSFinalObject::finishCreation): - (JSC::isJSFinalObject): - * runtime/JSPropertyNameIterator.cpp: Add static destroy. - (JSC::JSPropertyNameIterator::destroy): - * runtime/JSPropertyNameIterator.h: - * runtime/JSStaticScopeObject.cpp: Ditto. - (JSC::JSStaticScopeObject::destroy): - * runtime/JSStaticScopeObject.h: Ditto. - * runtime/JSString.cpp: - (JSC::JSString::destroy): - * runtime/JSString.h: Ditto. Remove VPtrStealingHack code. Also remove fixupVPtr code, - since we no longer need to fixup vptrs. - (JSC::jsSingleCharacterString): - (JSC::jsSingleCharacterSubstring): - (JSC::jsNontrivialString): - (JSC::jsString): - (JSC::jsSubstring8): - (JSC::jsSubstring): - (JSC::jsOwnedString): - (JSC::jsStringBuilder): - (JSC::isJSString): - * runtime/JSVariableObject.cpp: - (JSC::JSVariableObject::destroy): - * runtime/JSVariableObject.h: Ditto. - * runtime/JSWrapperObject.cpp: - * runtime/JSWrapperObject.h: Add trivial destructor assert. - * runtime/MathObject.cpp: Ditto. - * runtime/NativeErrorConstructor.cpp: Ditto. - * runtime/NumberConstructor.cpp: Ditto. - * runtime/NumberObject.cpp: Ditto. - * runtime/NumberPrototype.cpp: Ditto. - * runtime/ObjectConstructor.cpp: Ditto. - * runtime/ObjectPrototype.cpp: Ditto. - * runtime/Operations.h: Remove calls to fixupVPtr, remove first arg to isJSString. - (JSC::jsString): - (JSC::jsLess): - (JSC::jsLessEq): - * runtime/RegExp.cpp: Add static destroy. - (JSC::RegExp::destroy): - * runtime/RegExp.h: - * runtime/RegExpConstructor.cpp: Add static destroy for RegExpConstructor and RegExpMatchesArray. - (JSC::RegExpConstructor::destroy): - (JSC::RegExpMatchesArray::destroy): - * runtime/RegExpConstructor.h: - * runtime/RegExpMatchesArray.h: - * runtime/RegExpObject.cpp: Add static destroy. - (JSC::RegExpObject::destroy): - * runtime/RegExpObject.h: - * runtime/ScopeChain.cpp: Add trivial destructor assert. - * runtime/ScopeChain.h: - * runtime/StrictEvalActivation.cpp: Ditto. - * runtime/StringConstructor.cpp: - * runtime/StringObject.cpp: Ditto. Remove vtableAnchor. - * runtime/StringObject.h: - * runtime/StringPrototype.cpp: Ditto. - * runtime/Structure.cpp: Add static destroy. - (JSC::Structure::destroy): - * runtime/Structure.h: Move JSCell::finishCreation and JSCell constructor into Structure.h - because they need to have the full Structure type to access the ClassInfo to store in the JSCell. - (JSC::JSCell::setStructure): - (JSC::JSCell::validatedClassInfo): - (JSC::JSCell::JSCell): - (JSC::JSCell::finishCreation): - * runtime/StructureChain.cpp: Add static destroy. - (JSC::StructureChain::destroy): - * runtime/StructureChain.h: - * wtf/Assertions.h: Add new assertion ASSERT_HAS_TRIVIAL_DESTRUCTOR, which uses clangs - ability to tell us when a class has a trivial destructor. We will use this assert - more in future patches as we move toward having all JSC objects backed by GC memory, - which means moving away from using destructors/finalizers. - -2011-12-15 Martin Robinson - - Fix 'make dist' in preparation for the GTK+ release. - - * GNUmakefile.list.am: Add missing header. - -2011-12-15 Sam Weinig - - JavaScriptCore uses obsolete 'cpy' mnemonic in ARM assembly - - Reviewed by Gavin Barraclough. - - Original patch by Jim Grosbach. - - * jit/JITStubs.cpp: - (JSC::ctiTrampoline): - (JSC::ctiVMThrowTrampoline): - Replace uses of the 'cpy' mnemonic with 'mov'. - -2011-12-15 Filip Pizlo - - Value profiling should distinguished between NaN and non-NaN doubles - https://bugs.webkit.org/show_bug.cgi?id=74682 - - Reviewed by Gavin Barraclough. - - Added PredictDoubleReal and PredictDoubleNaN. PredictDouble is now the union - of the two. - - * bytecode/PredictedType.cpp: - (JSC::predictionToString): - (JSC::predictionFromValue): - * bytecode/PredictedType.h: - (JSC::isDoubleRealPrediction): - (JSC::isDoublePrediction): - -2011-12-15 Anders Carlsson - - Regression (r102866): Navigating away from or closing a page with a plugin crashes - https://bugs.webkit.org/show_bug.cgi?id=74655 - - - Reviewed by Sam Weinig. - - Rewrite HasRefAndDeref to work if ref and deref are implemented in base classes, - using a modified version of the technique described here: - http://groups.google.com/group/comp.lang.c++.moderated/msg/e5fbc9305539f699 - - * wtf/Functional.h: - -2011-12-15 Andy Wingo - - Warnings fixes in Interpreter.cpp and PrivateExecute.cpp - https://bugs.webkit.org/show_bug.cgi?id=74624 - - Reviewed by Darin Adler. - - * interpreter/Interpreter.cpp: - (JSC::Interpreter::privateExecute): Fix variables unused in - release mode. - * wtf/ParallelJobsGeneric.cpp: - (WTF::ParallelEnvironment::ParallelEnvironment): Fix - signed/unsigned comparison warning, with a cast. - -2011-12-15 Andy Wingo - - Use more macrology in JSC::Options - https://bugs.webkit.org/show_bug.cgi?id=72938 - - Reviewed by Filip Pizlo. - - * runtime/Options.cpp: - (JSC::Options::initializeOptions): - * runtime/Options.h: Use macros to ensure that all heuristics are - declared and have initializers. - -2011-12-15 Anders Carlsson - - Add ScrollingCoordinator class and ENABLE_THREADED_SCROLLING define - https://bugs.webkit.org/show_bug.cgi?id=74639 - - Reviewed by Andreas Kling. - - Add ENABLE_THREADED_SCROLLING #define. - - * wtf/Platform.h: - -2011-12-15 Anders Carlsson - - EventDispatcher should handle wheel events on the connection queue - https://bugs.webkit.org/show_bug.cgi?id=74627 - - Reviewed by Andreas Kling. - - Add a BoundFunctionImpl specialization that takes three parameters. - - * wtf/Functional.h: - (WTF::C::): - (WTF::R): - (WTF::bind): - -2011-12-14 Anders Carlsson - - Add WTF::Function to wtf/Forward.h - https://bugs.webkit.org/show_bug.cgi?id=74576 - - Reviewed by Adam Roben. - - * jsc.cpp: - Work around a name conflict in the readline library. - - * wtf/Forward.h: - Add Function. - -2011-12-15 Igor Oliveira - - [Qt] Support requestAnimationFrame API - https://bugs.webkit.org/show_bug.cgi?id=74528 - - Let Qt port use REQUEST_ANIMATION_FRAME_TIMER. - - Reviewed by Kenneth Rohde Christiansen. - - * wtf/Platform.h: - -2011-12-15 Andy Wingo - - Minor refactor to Parser::parseTryStatement - https://bugs.webkit.org/show_bug.cgi?id=74507 - - Reviewed by Geoffrey Garen. - - * parser/Parser.cpp (JSC::Parser::parseTryStatement): Use the - Parser's declareVariable instead of going directly to the scope. - This will facilitate future checks related to harmony block - scoping. - -2011-12-15 Andy Wingo - - Rename JSC::Heuristics to JSC::Options - https://bugs.webkit.org/show_bug.cgi?id=72889 - - Reviewed by Filip Pizlo. - - * runtime/Options.cpp: Renamed from Source/JavaScriptCore/runtime/Heuristics.cpp. - * runtime/Options.h: Renamed from Source/JavaScriptCore/runtime/Heuristics.h. - - * CMakeLists.txt: - * GNUmakefile.list.am: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: - * JavaScriptCore.xcodeproj/project.pbxproj: - * Target.pri: - * bytecode/CodeBlock.cpp: - (JSC::CodeBlock::shouldOptimizeNow): - * bytecode/CodeBlock.h: - (JSC::CodeBlock::likelyToTakeSlowCase): - (JSC::CodeBlock::couldTakeSlowCase): - (JSC::CodeBlock::likelyToTakeSpecialFastCase): - (JSC::CodeBlock::likelyToTakeDeepestSlowCase): - (JSC::CodeBlock::likelyToTakeAnySlowCase): - (JSC::CodeBlock::reoptimizationRetryCounter): - (JSC::CodeBlock::countReoptimization): - (JSC::CodeBlock::counterValueForOptimizeAfterWarmUp): - (JSC::CodeBlock::counterValueForOptimizeAfterLongWarmUp): - (JSC::CodeBlock::optimizeNextInvocation): - (JSC::CodeBlock::dontOptimizeAnytimeSoon): - (JSC::CodeBlock::optimizeSoon): - (JSC::CodeBlock::largeFailCountThreshold): - (JSC::CodeBlock::largeFailCountThresholdForLoop): - (JSC::CodeBlock::shouldReoptimizeNow): - (JSC::CodeBlock::shouldReoptimizeFromLoopNow): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::handleInlining): - * dfg/DFGCapabilities.h: - (JSC::DFG::mightCompileEval): - (JSC::DFG::mightCompileProgram): - (JSC::DFG::mightCompileFunctionForCall): - (JSC::DFG::mightCompileFunctionForConstruct): - (JSC::DFG::mightInlineFunctionForCall): - (JSC::DFG::mightInlineFunctionForConstruct): - * dfg/DFGOSRExit.cpp: - (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow): - * dfg/DFGOSRExitCompiler32_64.cpp: - (JSC::DFG::OSRExitCompiler::compileExit): - * dfg/DFGOSRExitCompiler64.cpp: - (JSC::DFG::OSRExitCompiler::compileExit): - * dfg/DFGVariableAccessData.h: - (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote): - * heap/MarkStack.cpp: - (JSC::MarkStackSegmentAllocator::allocate): - (JSC::MarkStackSegmentAllocator::shrinkReserve): - (JSC::MarkStackArray::MarkStackArray): - (JSC::MarkStackArray::donateSomeCellsTo): - (JSC::MarkStackArray::stealSomeCellsFrom): - (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData): - (JSC::SlotVisitor::donateSlow): - (JSC::SlotVisitor::drain): - (JSC::SlotVisitor::drainFromShared): - * heap/MarkStack.h: - (JSC::MarkStack::mergeOpaqueRootsIfProfitable): - (JSC::MarkStack::addOpaqueRoot): - (JSC::MarkStackArray::canDonateSomeCells): - * heap/SlotVisitor.h: - (JSC::SlotVisitor::donate): - * jit/JIT.cpp: - (JSC::JIT::emitOptimizationCheck): - * runtime/InitializeThreading.cpp: - (JSC::initializeThreadingOnce): Adapt callers and build systems. - - * testRegExp.cpp: - (CommandLine::CommandLine): - * jsc.cpp: - (CommandLine::CommandLine): - Rename from Options, to avoid name conflict. - -2011-12-14 Sam Weinig - - Revert unintentional change to JavaScriptCore.def - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - -2011-12-14 Sam Weinig - - Remove whitespace from InheritedPropertySheets attributes in - vsprops files to appease the Visual Studio project migrator. - - Reviewed by Adam Roben. - - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebug.vsprops: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebugAll.vsprops: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebugCairoCFLite.vsprops: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebug.vsprops: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugAll.vsprops: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugCairoCFLite.vsprops: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedProduction.vsprops: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedRelease.vsprops: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleaseCairoCFLite.vsprops: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleasePGO.vsprops: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreProduction.vsprops: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreRelease.vsprops: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleaseCairoCFLite.vsprops: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGOOptimize.vsprops: - * JavaScriptCore.vcproj/WTF/WTFDebug.vsprops: - * JavaScriptCore.vcproj/WTF/WTFDebugAll.vsprops: - * JavaScriptCore.vcproj/WTF/WTFDebugCairoCFLite.vsprops: - * JavaScriptCore.vcproj/WTF/WTFProduction.vsprops: - * JavaScriptCore.vcproj/WTF/WTFRelease.vsprops: - * JavaScriptCore.vcproj/WTF/WTFReleaseCairoCFLite.vsprops: - * JavaScriptCore.vcproj/WTF/WTFReleasePGO.vsprops: - * JavaScriptCore.vcproj/jsc/jscDebug.vsprops: - * JavaScriptCore.vcproj/jsc/jscDebugAll.vsprops: - * JavaScriptCore.vcproj/jsc/jscDebugCairoCFLite.vsprops: - * JavaScriptCore.vcproj/jsc/jscProduction.vsprops: - * JavaScriptCore.vcproj/jsc/jscRelease.vsprops: - * JavaScriptCore.vcproj/jsc/jscReleaseCairoCFLite.vsprops: - * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops: - * JavaScriptCore.vcproj/testRegExp/testRegExpDebug.vsprops: - * JavaScriptCore.vcproj/testRegExp/testRegExpDebugAll.vsprops: - * JavaScriptCore.vcproj/testRegExp/testRegExpDebugCairoCFLite.vsprops: - * JavaScriptCore.vcproj/testRegExp/testRegExpProduction.vsprops: - * JavaScriptCore.vcproj/testRegExp/testRegExpRelease.vsprops: - * JavaScriptCore.vcproj/testRegExp/testRegExpReleaseCairoCFLite.vsprops: - * JavaScriptCore.vcproj/testRegExp/testRegExpReleasePGO.vsprops: - * JavaScriptCore.vcproj/testapi/testapiDebug.vsprops: - * JavaScriptCore.vcproj/testapi/testapiDebugAll.vsprops: - * JavaScriptCore.vcproj/testapi/testapiDebugCairoCFLite.vsprops: - * JavaScriptCore.vcproj/testapi/testapiProduction.vsprops: - * JavaScriptCore.vcproj/testapi/testapiRelease.vsprops: - * JavaScriptCore.vcproj/testapi/testapiReleaseCairoCFLite.vsprops: - -2011-12-14 Anders Carlsson - - binding a member function should ref/deref the object pointer if needed - https://bugs.webkit.org/show_bug.cgi?id=74552 - - Reviewed by Sam Weinig. - - Add a HasRefAndDeref helper class template which checks if a given class type has ref and deref - member functions which the right type. Use this to determine if we should ref/deref the first parameter. - - * wtf/Functional.h: - (WTF::R): - (WTF::C::): - (WTF::RefAndDeref::ref): - (WTF::RefAndDeref::deref): - -2011-12-14 Hajime Morrita - - JS_INLINE and WTF_INLINE should be visible from WebCore - https://bugs.webkit.org/show_bug.cgi?id=73191 - - - Moved Export related macro definitions from config.h to ExportMacros.h and JSExportMacros.h. - - Moved WTF_USE_JSC and WTF_USE_V8 from various config.h family to Platform.h. - - Replaced JS_EXPORTDATA in wtf moudule with newly introduced WTF_EXPORTDATA. - - Reviewed by Kevin Ollivier. - - * JavaScriptCore.xcodeproj/project.pbxproj: - * config.h: - * runtime/JSExportMacros.h: Added. - * wtf/ExportMacros.h: - * wtf/Platform.h: - * wtf/WTFThreadData.h: - * wtf/text/AtomicString.h: - * wtf/text/StringStatics.cpp: - -2011-12-14 Anders Carlsson - - Work around a bug in the MSVC2005 compiler - https://bugs.webkit.org/show_bug.cgi?id=74550 - - Reviewed by Sam Weinig. - - Add template parameters for the return types of the partial specializations of BoundFunctionImpl. - - * wtf/Functional.h: - (WTF::R): - -2011-12-13 Jon Lee - - Enable notifications on Mac. - - Reviewed by Sam Weinig. - - * Configurations/FeatureDefines.xcconfig: - -2011-12-14 David Kilzer - - Remove definition of old ENABLE(YARR) macro - - - Reviewed by Darin Adler. - - * wtf/Platform.h: Removed ENABLE_YARR macros. - -2011-12-14 Anders Carlsson - - bind should handle member functions - https://bugs.webkit.org/show_bug.cgi?id=74529 - - Reviewed by Sam Weinig. - - Add FunctionWrapper partial specializations for member function pointers. - - * wtf/Functional.h: - (WTF::C::): - -2011-12-14 Gavin Barraclough - - DFG relies on returning a struct in registers - https://bugs.webkit.org/show_bug.cgi?id=74527 - - Reviewed by Geoff Garen. - - This will not work on all platforms. Returning a uint64_t will more reliably achieve - what we want, on 32-bit platforms (on 64-bit, stick with the struct return). - - * dfg/DFGOperations.cpp: - * dfg/DFGOperations.h: - (JSC::DFG::DFGHandler::dfgHandlerEncoded): - -2011-12-14 Anders Carlsson - - Add unary and binary bind overloads - https://bugs.webkit.org/show_bug.cgi?id=74524 - - Reviewed by Sam Weinig. - - * wtf/Functional.h: - (WTF::R): - (WTF::FunctionWrapper::ResultType): - (WTF::bind): - -2011-12-14 Anders Carlsson - - Add back the callOnMainThread overload that takes a WTF::Function - https://bugs.webkit.org/show_bug.cgi?id=74512 - - Reviewed by Darin Adler. - - Add back the overload; the changes to WebCore should hopefully keep Windows building. - - * wtf/MainThread.cpp: - (WTF::callFunctionObject): - (WTF::callOnMainThread): - * wtf/MainThread.h: - -2011-12-13 Filip Pizlo - - DFG should infer when local variables are doubles - https://bugs.webkit.org/show_bug.cgi?id=74480 - - Reviewed by Oliver Hunt. - - Introduced the notion that a local variable (though not an argument, yet!) can - be stored as a double, and will be guaranteed to always contain a double. This - requires more magic in the OSR (conversion in both entry and exit). The inference - is quite unorthodox: all uses of a variable vote on whether they think it should - be a double or a JSValue, based on how they use it. If they use it in an integer - or boxed value context, they vote JSValue. If they use it in a double context, - they vote double. This voting is interleaved in the propagator's fixpoint, so - that variables voted double then have a double prediction propagated from them. - This interleaving is needed because a variable that actually always contains an - integer that always gets used in arithmetic that involves doubles may end up - being voted double, which then means that all uses of the variable will see a - double rather than an integer. - - This is worth 18% to SunSpider/3d-cube, 7% to Kraken/audio-beat-detection, 7% - to Kraken/audio-fft, 6% to Kraken/imaging-darkroom, 20% to - Kraken/imaging-gaussian-blur, and just over 1% to Kraken/json-parse-financial. - It results in a 1% speed-up on SunSpider and a 4% speed-up in Kraken. Similar - results on JSVALUE32_64, though with a bigger win on Kraken (5%) and no overall - win on SunSpider. - - * bytecode/ValueRecovery.h: - (JSC::ValueRecovery::alreadyInRegisterFileAsUnboxedDouble): - (JSC::ValueRecovery::dump): - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::execute): - * dfg/DFGAssemblyHelpers.h: - (JSC::DFG::AssemblyHelpers::boxDouble): - * dfg/DFGGraph.cpp: - (JSC::DFG::Graph::dump): - * dfg/DFGJITCompiler.h: - (JSC::DFG::JITCompiler::noticeOSREntry): - * dfg/DFGOSREntry.cpp: - (JSC::DFG::prepareOSREntry): - * dfg/DFGOSREntry.h: - * dfg/DFGOSRExitCompiler64.cpp: - (JSC::DFG::OSRExitCompiler::compileExit): - * dfg/DFGPropagator.cpp: - (JSC::DFG::Propagator::vote): - (JSC::DFG::Propagator::doRoundOfDoubleVoting): - (JSC::DFG::Propagator::propagatePredictions): - (JSC::DFG::Propagator::fixupNode): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::ValueSource::dump): - (JSC::DFG::SpeculativeJIT::compile): - (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): - * dfg/DFGSpeculativeJIT.h: - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGVariableAccessData.h: - (JSC::DFG::VariableAccessData::VariableAccessData): - (JSC::DFG::VariableAccessData::clearVotes): - (JSC::DFG::VariableAccessData::vote): - (JSC::DFG::VariableAccessData::doubleVoteRatio): - (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote): - (JSC::DFG::VariableAccessData::shouldUseDoubleFormat): - (JSC::DFG::VariableAccessData::tallyVotesForShouldUseDoubleFormat): - * runtime/Arguments.cpp: - (JSC::Arguments::tearOff): - * runtime/Heuristics.cpp: - (JSC::Heuristics::initializeHeuristics): - * runtime/Heuristics.h: - -2011-12-13 Anders Carlsson - - Try to fix the Windows build. - - Remove the callOnMainThread overload that takes a WTF::Function since it's not being used. - - * wtf/MainThread.cpp: - * wtf/MainThread.h: - -2011-12-13 Anders Carlsson - - Add a very bare-bones implementation of bind and Function to WTF - https://bugs.webkit.org/show_bug.cgi?id=74462 - - Reviewed by Sam Weinig. - - In order to make it easier to package up function calls and send them across - threads, add a (currently very simple) implementation of WTF::bind and WTF::Function to a new - wtf/Functional.h header. - - Currently, all bind can do is bind a nullary function and return a Function object that can be called and copied, - but I'll add more as the need arises. - - * GNUmakefile.list.am: - * JavaScriptCore.gypi: - * JavaScriptCore.vcproj/WTF/WTF.vcproj: - * JavaScriptCore.xcodeproj/project.pbxproj: - * wtf/Functional.h: Added. - (WTF::R): - (WTF::FunctionImplBase::~FunctionImplBase): - (WTF::FunctionWrapper::ResultType): - (WTF::FunctionBase::isNull): - (WTF::FunctionBase::FunctionBase): - (WTF::FunctionBase::impl): - (WTF::bind): - * wtf/MainThread.cpp: - (WTF::callFunctionObject): - (WTF::callOnMainThread): - * wtf/MainThread.h: - * wtf/wtf.pro: - -2011-12-13 Geoffrey Garen - - GC Crash introduced in r102545 - - Reviewed by Gavin Barraclough. - - MarkedArgumentBuffer was still marking items in forwards order, even though - the argument order has been reversed. - - I fixed this bug, and replaced address calculation code with some helper - functions -- mallocBase() and slotFor() -- so it stays fixed everywhere. - - * runtime/ArgList.cpp: - (JSC::MarkedArgumentBuffer::markLists): - (JSC::MarkedArgumentBuffer::slowAppend): - * runtime/ArgList.h: - (JSC::MarkedArgumentBuffer::~MarkedArgumentBuffer): - (JSC::MarkedArgumentBuffer::at): - (JSC::MarkedArgumentBuffer::append): - (JSC::MarkedArgumentBuffer::last): - (JSC::MarkedArgumentBuffer::slotFor): - (JSC::MarkedArgumentBuffer::mallocBase): - -2011-12-13 Filip Pizlo - - DFG OSR exit for UInt32ToNumber should roll forward, not roll backward - https://bugs.webkit.org/show_bug.cgi?id=74463 - - Reviewed by Gavin Barraclough. - - Implements roll-forward OSR exit for UInt32ToNumber, which requires ValueRecoveries knowing - how to execute the slow path of UInt32ToNumber. - - * bytecode/CodeBlock.h: - (JSC::CodeBlock::lastOSRExit): - * bytecode/CodeOrigin.h: - (JSC::CodeOrigin::operator!=): - * bytecode/ValueRecovery.h: - (JSC::ValueRecovery::uint32InGPR): - (JSC::ValueRecovery::gpr): - (JSC::ValueRecovery::dump): - * dfg/DFGAssemblyHelpers.cpp: - * dfg/DFGAssemblyHelpers.h: - * dfg/DFGOSRExit.h: - (JSC::DFG::OSRExit::valueRecoveryForOperand): - * dfg/DFGOSRExitCompiler32_64.cpp: - (JSC::DFG::OSRExitCompiler::compileExit): - * dfg/DFGOSRExitCompiler64.cpp: - (JSC::DFG::OSRExitCompiler::compileExit): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber): - (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): - * dfg/DFGSpeculativeJIT.h: - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::nonSpeculativeUInt32ToNumber): - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::nonSpeculativeUInt32ToNumber): - (JSC::DFG::SpeculativeJIT::compile): - -2011-12-13 Oliver Hunt - - Arguments object doesn't handle mutation of length property correctly - https://bugs.webkit.org/show_bug.cgi?id=74454 - - Reviewed by Gavin Barraclough. - - Correct handling of arguments objects with overridden length property - - * interpreter/Interpreter.cpp: - (JSC::loadVarargs): - * runtime/Arguments.cpp: - (JSC::Arguments::copyToArguments): - (JSC::Arguments::fillArgList): - -2011-12-13 Filip Pizlo - - DFG GetByVal CSE rule should match PutByValAlias - https://bugs.webkit.org/show_bug.cgi?id=74390 - - Reviewed by Geoff Garen. - - Tiny win on some benchmarks. Maybe a 0.2% win on SunSpider. - - * dfg/DFGPropagator.cpp: - (JSC::DFG::Propagator::getByValLoadElimination): - -2011-12-13 Andy Wingo - - Fix interpreter debug build. - https://bugs.webkit.org/show_bug.cgi?id=74439 - - Reviewed by Geoffrey Garen. - - * bytecode/ValueRecovery.h: Include stdio.h on debug builds. - -2011-12-13 Filip Pizlo - - DFG should know exactly why recompilation was triggered - https://bugs.webkit.org/show_bug.cgi?id=74362 - - Reviewed by Oliver Hunt. - - Each OSR exit is now individually counted, as well as counting the total number - of OSR exits that occurred in a code block. If recompilation is triggered, we - check to see if there are OSR exit sites that make up a sufficiently large - portion of the total OSR exits that occurred. For any such OSR exit sites, we - add a description of the site (bytecode index, kind) to a data structure in the - corresponding baseline CodeBlock. Then, when we recompile the code, we immediately - know which speculations would be unwise based on the fact that previous such - speculations proved to be fruitless. - - This means 2% win on two of the SunSpider string tests, a 4% win on V8's deltablue, - and 5% on Kraken's imaging-darkroom. It is only a minor win in the averages, less - than 0.5%. - - * CMakeLists.txt: - * GNUmakefile.list.am: - * JavaScriptCore.xcodeproj/project.pbxproj: - * Target.pri: - * bytecode/CodeBlock.cpp: - (JSC::CodeBlock::tallyFrequentExitSites): - * bytecode/CodeBlock.h: - (JSC::CodeBlock::addFrequentExitSite): - (JSC::CodeBlock::exitProfile): - (JSC::CodeBlock::reoptimize): - (JSC::CodeBlock::tallyFrequentExitSites): - * bytecode/DFGExitProfile.cpp: Added. - (JSC::DFG::ExitProfile::ExitProfile): - (JSC::DFG::ExitProfile::~ExitProfile): - (JSC::DFG::ExitProfile::add): - (JSC::DFG::QueryableExitProfile::QueryableExitProfile): - (JSC::DFG::QueryableExitProfile::~QueryableExitProfile): - * bytecode/DFGExitProfile.h: Added. - (JSC::DFG::exitKindToString): - (JSC::DFG::exitKindIsCountable): - (JSC::DFG::FrequentExitSite::FrequentExitSite): - (JSC::DFG::FrequentExitSite::operator!): - (JSC::DFG::FrequentExitSite::operator==): - (JSC::DFG::FrequentExitSite::hash): - (JSC::DFG::FrequentExitSite::bytecodeOffset): - (JSC::DFG::FrequentExitSite::kind): - (JSC::DFG::FrequentExitSite::isHashTableDeletedValue): - (JSC::DFG::FrequentExitSiteHash::hash): - (JSC::DFG::FrequentExitSiteHash::equal): - (JSC::DFG::QueryableExitProfile::hasExitSite): - * dfg/DFGAssemblyHelpers.h: - (JSC::DFG::AssemblyHelpers::baselineCodeBlockForOriginAndBaselineCodeBlock): - (JSC::DFG::AssemblyHelpers::baselineCodeBlockFor): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::makeSafe): - (JSC::DFG::ByteCodeParser::makeDivSafe): - (JSC::DFG::ByteCodeParser::handleCall): - (JSC::DFG::ByteCodeParser::handleIntrinsic): - (JSC::DFG::ByteCodeParser::parseBlock): - (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): - * dfg/DFGOSRExit.cpp: - (JSC::DFG::OSRExit::OSRExit): - (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow): - * dfg/DFGOSRExit.h: - (JSC::DFG::OSRExit::considerAddingAsFrequentExitSite): - * dfg/DFGOSRExitCompiler.cpp: - * dfg/DFGOSRExitCompiler32_64.cpp: - (JSC::DFG::OSRExitCompiler::compileExit): - * dfg/DFGOSRExitCompiler64.cpp: - (JSC::DFG::OSRExitCompiler::compileExit): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality): - (JSC::DFG::SpeculativeJIT::checkArgumentTypes): - (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt): - (JSC::DFG::SpeculativeJIT::compileGetByValOnString): - (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray): - (JSC::DFG::SpeculativeJIT::compileGetByValOnByteArray): - (JSC::DFG::SpeculativeJIT::compileGetTypedArrayLength): - (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): - (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): - (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray): - (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): - (JSC::DFG::SpeculativeJIT::compileInstanceOfForObject): - (JSC::DFG::SpeculativeJIT::compileSoftModulo): - (JSC::DFG::SpeculativeJIT::compileArithMul): - (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::speculationCheck): - (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution): - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): - (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): - (JSC::DFG::SpeculativeJIT::fillSpeculateCell): - (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean): - (JSC::DFG::SpeculativeJIT::compileObjectEquality): - (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot): - (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): - (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): - (JSC::DFG::SpeculativeJIT::fillSpeculateCell): - (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean): - (JSC::DFG::SpeculativeJIT::compileObjectEquality): - (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot): - (JSC::DFG::SpeculativeJIT::compileLogicalNot): - (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): - (JSC::DFG::SpeculativeJIT::emitBranch): - (JSC::DFG::SpeculativeJIT::compile): - * runtime/Heuristics.cpp: - (JSC::Heuristics::initializeHeuristics): - * runtime/Heuristics.h: - -2011-12-13 Michael Saboff - - Cleanup of StringImpl::equal in r102631 post commit - https://bugs.webkit.org/show_bug.cgi?id=74421 - - Reviewed by Darin Adler. - - * wtf/text/AtomicString.h: - (WTF::operator==): Removed cast no longer needed. - * wtf/text/StringImpl.h: - (WTF::equal): Changed template to several overloaded methods. - -2011-12-12 Michael Saboff - - Eliminate Duplicate word at a time equal code in StringImpl.cpp and StringHash.h - https://bugs.webkit.org/show_bug.cgi?id=73622 - - Reviewed by Oliver Hunt. - - Moved equal(charType1 *, charType2, unsigned) template methods - from static StringImpl.cpp to StringImpl.h and then replaced the - processor specific character comparison code in StringHash::equal - with calls to these methods. - - This change is worth 3% on SunSpider string-unpack-code as reported - by the SunSpider command line harness. No other tests appear to - have measurable performance changes. - - * wtf/text/AtomicString.h: - (WTF::operator==): - * wtf/text/StringHash.h: - (WTF::StringHash::equal): - * wtf/text/StringImpl.cpp: - * wtf/text/StringImpl.h: - (WTF::LChar): - (WTF::UChar): - (WTF::equal): - -2011-12-12 Filip Pizlo - - ARMv7 version of DFG soft modulo does register allocation inside of control flow - https://bugs.webkit.org/show_bug.cgi?id=74354 - - Reviewed by Gavin Barraclough. - - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compileSoftModulo): - -2011-12-12 Andy Wingo - - Simplify autotools configure.ac - https://bugs.webkit.org/show_bug.cgi?id=74312 - - Reviewed by Martin Robinson. - - * GNUmakefile.am: Add JSC_CPPFLAGS to javascriptcore_cppflags. - -2011-12-12 Filip Pizlo - - DFG GetByVal CSE incorrectly assumes that a non-matching PutByVal cannot clobber - https://bugs.webkit.org/show_bug.cgi?id=74329 - - Reviewed by Gavin Barraclough. - - * dfg/DFGPropagator.cpp: - (JSC::DFG::Propagator::getByValLoadElimination): - -2011-12-09 Alexander Pavlov - - WebKit does not enumerate over CSS properties in HTMLElement.style - https://bugs.webkit.org/show_bug.cgi?id=23946 - - Reviewed by Darin Adler. - - Add a few exports to follow the JSCSSStyleDeclaration.cpp changes, - introduce an std::sort() comparator function. - - * JavaScriptCore.exp: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - * wtf/text/WTFString.h: - (WTF::codePointCompareLessThan): Used by std::sort() to sort properties. - -2011-12-12 Alexander Pavlov - - Unreviewed, build fix. - - Revert r102570 which broke SnowLeopard builders. - - * JavaScriptCore.exp: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - * wtf/text/WTFString.h: - -2011-12-09 Alexander Pavlov - - WebKit does not enumerate over CSS properties in HTMLElement.style - https://bugs.webkit.org/show_bug.cgi?id=23946 - - Reviewed by Darin Adler. - - Add a few exports to follow the JSCSSStyleDeclaration.cpp changes, - introduce an std::sort() comparator function. - - * JavaScriptCore.exp: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - * wtf/text/WTFString.h: - (WTF::codePointCompareLessThan): Used by std::sort() to sort properties. - -2011-12-12 Carlos Garcia Campos - - Unreviewed. Fix make distcheck issues. - - * GNUmakefile.list.am: - -2011-12-11 Sam Weinig - - Fix another signed vs. unsigned warning - - * runtime/ArgList.h: - (JSC::MarkedArgumentBuffer::~MarkedArgumentBuffer): - -2011-12-11 Sam Weinig - - Fix a signed vs. unsigned warning. - - * runtime/ArgList.cpp: - (JSC::MarkedArgumentBuffer::slowAppend): - Cast inlineCapacity to an int to appease the warning. This is known OK - since inlineCapacity is defined to be 8. - -2011-12-11 Geoffrey Garen - - Rolled out *another* debugging change I committed accidentally. - - Unreviewed. - - * Configurations/Base.xcconfig: - -2011-12-11 Geoffrey Garen - - Rolled out a debug counter I committed accidentally. - - Unreviewed. - - * jit/JITStubs.cpp: - (JSC::arityCheckFor): - -2011-12-10 Geoffrey Garen - - v8 benchmark takes 12-13 million function call slow paths due to extra arguments - https://bugs.webkit.org/show_bug.cgi?id=74244 - - Reviewed by Filip Pizlo. - - .arguments function of order the Reversed - - 10% speedup on v8-raytrace, 1.7% speedup on v8 overall, neutral on Kraken - and SunSpider. - - * bytecode/CodeBlock.h: - (JSC::CodeBlock::valueProfileForArgument): Clarified that the interface - to this function is an argument number. - - * bytecompiler/BytecodeGenerator.cpp: - (JSC::BytecodeGenerator::BytecodeGenerator): - (JSC::BytecodeGenerator::emitCall): - (JSC::BytecodeGenerator::emitConstruct): - (JSC::BytecodeGenerator::isArgumentNumber): Switched to using CallFrame - helper functions for computing offsets for arguments, rather than doing - the math by hand. - - Switched to iterating argument offsets backwards (--) instead of forwards (++). - - * bytecompiler/BytecodeGenerator.h: - (JSC::CallArguments::thisRegister): - (JSC::CallArguments::argumentRegister): - (JSC::CallArguments::registerOffset): Updated for arguments being reversed. - - * bytecompiler/NodesCodegen.cpp: Allocate arguments in reverse order. - - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::getArgument): - (JSC::DFG::ByteCodeParser::setArgument): - (JSC::DFG::ByteCodeParser::flush): - (JSC::DFG::ByteCodeParser::addCall): - (JSC::DFG::ByteCodeParser::handleCall): - (JSC::DFG::ByteCodeParser::handleInlining): - (JSC::DFG::ByteCodeParser::handleMinMax): - (JSC::DFG::ByteCodeParser::handleIntrinsic): - (JSC::DFG::ByteCodeParser::parseBlock): - (JSC::DFG::ByteCodeParser::processPhiStack): Use abstract argument indices - that just-in-time convert to bytecode operands (i.e., indexes in the register - file) through helper functions. This means only one piece of code needs - to know how arguments are laid out in the register file. - - * dfg/DFGGraph.cpp: - (JSC::DFG::Graph::dump): Ditto. - - * dfg/DFGGraph.h: - (JSC::DFG::Graph::valueProfileFor): Ditto. - - * dfg/DFGJITCompiler.cpp: - (JSC::DFG::JITCompiler::compileFunction): The whole point of this patch: - Treat too many arguments as an arity match. - - * dfg/DFGOSRExit.h: - (JSC::DFG::OSRExit::variableForIndex): - (JSC::DFG::OSRExit::operandForIndex): Use helper functions, as above. - - * dfg/DFGOperands.h: - (JSC::DFG::operandToArgument): - (JSC::DFG::argumentToOperand): These are now the only two lines of code in - the DFG compiler that know how arguments are laid out in memory. - - (JSC::DFG::Operands::operand): - (JSC::DFG::Operands::setOperand): Use helper functions, as above. - - * dfg/DFGOperations.cpp: The whole point of this patch: - Treat too many arguments as an arity match. - - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::emitCall): Use helper functions, as above. - - Also, don't tag the caller frame slot as a cell, because it's not a cell. - - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::emitCall): Use helper functions, as above. - - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compile): Use helper functions, as above. - - (JSC::DFG::SpeculativeJIT::checkArgumentTypes): Use already-computed - argument virtual register instead of recomputing by hand. - - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::callFrameSlot): - (JSC::DFG::SpeculativeJIT::argumentSlot): - (JSC::DFG::SpeculativeJIT::callFrameTagSlot): - (JSC::DFG::SpeculativeJIT::callFramePayloadSlot): - (JSC::DFG::SpeculativeJIT::argumentTagSlot): - (JSC::DFG::SpeculativeJIT::argumentPayloadSlot): Added a few helper - functions for dealing with callee arguments specifically. These still - build on top of our other helper functions, and have no direct knowledge - of how arguments are laid out in the register file. - - (JSC::DFG::SpeculativeJIT::resetCallArguments): - (JSC::DFG::SpeculativeJIT::addCallArgument): Renamed argumentIndex to - argumentOffset to match CallFrame naming. - - (JSC::DFG::SpeculativeJIT::valueSourceReferenceForOperand): Use helper - functions, as above. - - * interpreter/CallFrame.h: - (JSC::ExecState::argumentOffset): - (JSC::ExecState::argumentOffsetIncludingThis): - (JSC::ExecState::argument): - (JSC::ExecState::setArgument): - (JSC::ExecState::thisArgumentOffset): - (JSC::ExecState::thisValue): - (JSC::ExecState::setThisValue): - (JSC::ExecState::offsetFor): - (JSC::ExecState::hostThisRegister): - (JSC::ExecState::hostThisValue): Added a bunch of helper functions for - computing where an argument is in the register file. Anything in the - runtime that needs to access arguments should use these helpers. - - * interpreter/CallFrameClosure.h: - (JSC::CallFrameClosure::setThis): - (JSC::CallFrameClosure::setArgument): - (JSC::CallFrameClosure::resetCallFrame): This stuff is a lot simpler, now - that too many arguments counts as an arity match and doesn't require - preserving two copies of our arguments. - - * interpreter/Interpreter.cpp: - (JSC::Interpreter::slideRegisterWindowForCall): Only need to do something - special if the caller provided too few arguments. - - Key simplification: We never need to maintain two copies of our arguments - anymore. - - (JSC::eval): - (JSC::loadVarargs): Use helper functions. - - (JSC::Interpreter::unwindCallFrame): Updated for new interface. - - (JSC::Interpreter::execute): - (JSC::Interpreter::executeCall): - (JSC::Interpreter::executeConstruct): - (JSC::Interpreter::prepareForRepeatCall): Seriously, though: use helper - functions. - - (JSC::Interpreter::privateExecute): No need to check for stack overflow - when calling host functions because they have zero callee registers. - - (JSC::Interpreter::retrieveArguments): Explicitly tear off the arguments - object, since there's no special constructor for this anymore. - - * interpreter/Interpreter.h: Reduced the C++ re-entry depth because some - workers tests were hitting stack overflow in some of my testing. We should - make this test more exact in future. - - * interpreter/RegisterFile.h: Death to all runtime knowledge of argument - location that does not belong to the CallFrame class! - - * jit/JIT.cpp: - (JSC::JIT::privateCompile): I am a broken record and I use helper functions. - - Also, the whole point of this patch: Treat too many arguments as an arity match. - - * jit/JITCall32_64.cpp: - (JSC::JIT::compileLoadVarargs): - * jit/JITCall.cpp: - (JSC::JIT::compileLoadVarargs): Updated the argument copying math to use - helper functions, for backwards-correctness. Removed the condition - pertaining to declared argument count because, now that arguments are - always in just one place, this optimization is valid for all functions. - Standardized the if predicate for each line of the optimization. This might - fix a bug, but I couldn't get the bug to crash in practice. - - * jit/JITOpcodes32_64.cpp: - (JSC::JIT::emit_op_create_arguments): - (JSC::JIT::emit_op_get_argument_by_val): - (JSC::JIT::emitSlow_op_get_argument_by_val): - * jit/JITOpcodes.cpp: - (JSC::JIT::emit_op_create_arguments): - (JSC::JIT::emit_op_get_argument_by_val): - (JSC::JIT::emitSlow_op_get_argument_by_val): Removed cti_op_create_arguments_no_params - optimization because it's no longer an optimization, now that arguments - are always contiguous in a known location. - - Updated argument access opcode math for backwards-correctness. - - * jit/JITStubs.cpp: - (JSC::arityCheckFor): Updated just like slideRegisterWindowForCall. This - function is slightly different because it copies the call frame in - addition to the arguments. (In the Interpreter, the call frame is not - set up by this point.) - - (JSC::lazyLinkFor): The whole point of this patch: Treat too many - arguments as an arity match. - - (JSC::DEFINE_STUB_FUNCTION): Updated for new iterface to tearOff(). - - * jit/JITStubs.h: - * jit/SpecializedThunkJIT.h: - (JSC::SpecializedThunkJIT::loadDoubleArgument): - (JSC::SpecializedThunkJIT::loadCellArgument): - (JSC::SpecializedThunkJIT::loadInt32Argument): Use helper functions! They - build strong bones and teeth! - - * runtime/ArgList.cpp: - (JSC::ArgList::getSlice): - (JSC::MarkedArgumentBuffer::slowAppend): - * runtime/ArgList.h: - (JSC::MarkedArgumentBuffer::MarkedArgumentBuffer): - (JSC::MarkedArgumentBuffer::~MarkedArgumentBuffer): - (JSC::MarkedArgumentBuffer::at): - (JSC::MarkedArgumentBuffer::clear): - (JSC::MarkedArgumentBuffer::append): - (JSC::MarkedArgumentBuffer::removeLast): - (JSC::MarkedArgumentBuffer::last): - (JSC::ArgList::ArgList): - (JSC::ArgList::at): Updated for backwards-correctness. WTF::Vector doesn't - play nice with backwards-ness, so I changed to using manual allocation. - - Fixed a FIXME about not all values being marked in the case of out-of-line - arguments. I had to rewrite the loop anyway, and I didn't feel like - maintaining fidelity to its old bugs. - - * runtime/Arguments.cpp: - (JSC::Arguments::visitChildren): - (JSC::Arguments::copyToArguments): - (JSC::Arguments::fillArgList): - (JSC::Arguments::getOwnPropertySlotByIndex): - (JSC::Arguments::getOwnPropertySlot): - (JSC::Arguments::getOwnPropertyDescriptor): - (JSC::Arguments::putByIndex): - (JSC::Arguments::put): - (JSC::Arguments::tearOff): - * runtime/Arguments.h: - (JSC::Arguments::create): - (JSC::Arguments::Arguments): - (JSC::Arguments::argument): - (JSC::Arguments::finishCreation): Secondary benefit of this patch: deleted - lots of tricky code designed to maintain two different copies of function - arguments. Now that arguments are always contiguous in one place in memory, - this complexity can go away. - - Reduced down to one create function for the Arguments class, from three. - - Moved tearOff() into an out-of-line function because it's huge. - - Moved logic about whether to tear off eagerly into the Arguments class, - so we didn't have to duplicate it elsewhere. - - * runtime/JSActivation.cpp: - (JSC::JSActivation::JSActivation): - (JSC::JSActivation::visitChildren): Renamed m_numParametersMinusThis to - m_numCapturedArgs because if the value really were m_numParametersMinusThis - we would be marking too much. (We shouldn't mark 'this' because it can't - be captured.) Also, use helper functions. - - * runtime/JSActivation.h: - (JSC::JSActivation::tearOff): Use helper functions. - - * runtime/JSArray.cpp: - (JSC::JSArray::copyToArguments): - * runtime/JSArray.h: Use helper functions, as above. - -2011-12-10 Mark Hahnenberg - - JSC testapi is crashing on Windows - https://bugs.webkit.org/show_bug.cgi?id=74233 - - Reviewed by Sam Weinig. - - Same error we've encountered before where we are calling the wrong version of - visitChildren and objects that are still reachable aren't getting marked. - This problem will go away soon with the removal of vptrs for these sorts of - optimizations in favor of using the ClassInfo, but for now we can simply give - JSFinalObject a bogus virtual method that Visual Studio can't optimize away to - ensure that JSFinalObject will always have a unique vptr. We don't have to worry - about JSString or JSArray right now, which are the other two special cases for - visitChildren, since they already have their own virtual functions. - - * JavaScriptCore.exp: - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - * runtime/JSObject.cpp: - (JSC::JSFinalObject::vtableAnchor): - * runtime/JSObject.h: - -2011-12-10 Alexis Menard - - Unused variable in YarrJIT.cpp. - https://bugs.webkit.org/show_bug.cgi?id=74237 - - Reviewed by Andreas Kling. - - Variable is set but not used so we can remove it. - - * yarr/YarrJIT.cpp: - (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce): - -2011-12-09 Filip Pizlo - - DFG ArithMul power-of-two case does not check for overflow - https://bugs.webkit.org/show_bug.cgi?id=74230 - - Reviewed by Gavin Barraclough. - - Disabled power-of-2 peephole optimization for multiplication, because it was wrong, - and any attempt to fix it would likely introduce code bloat and register pressure. - - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compileArithMul): - -2011-12-09 David Levin - - REGRESSION(r101863-r102042): Assertion hit: m_verifier.isSafeToUse() in RefCountedBase::ref in FunctionCodeBlock - https://bugs.webkit.org/show_bug.cgi?id=73886 - - Reviewed by Darin Adler. - - * runtime/SymbolTable.h: - (JSC::SharedSymbolTable::SharedSymbolTable): Added deprecatedTurnOffVerifier for - another JavaScriptObject, since JavaScriptCore objects allow use on multiple threads. - Bug 58091 is about changing these deprecated calls to something else but that something - else will still need to be in all of these places. - -2011-12-09 Konrad Piascik - - Remove unnecessary file DissasemblerARM.cpp from build system - https://bugs.webkit.org/show_bug.cgi?id=74184 - - Reviewed by Daniel Bates. - - * PlatformBlackBerry.cmake: - -2011-12-09 Filip Pizlo - - DFG's interpretation of rare case profiles should be frequency-based not count-based - https://bugs.webkit.org/show_bug.cgi?id=74170 - - Reviewed by Geoff Garen. - - DFG optimizes for rare cases only when the rare case counter is above some threshold - and it also constitutes a large enough fraction of total function executions. Also - added some minor debug logic. - - * bytecode/CodeBlock.cpp: - (JSC::CodeBlock::CodeBlock): - * bytecode/CodeBlock.h: - (JSC::CodeBlock::likelyToTakeSlowCase): - (JSC::CodeBlock::couldTakeSlowCase): - (JSC::CodeBlock::likelyToTakeSpecialFastCase): - (JSC::CodeBlock::likelyToTakeDeepestSlowCase): - (JSC::CodeBlock::likelyToTakeAnySlowCase): - (JSC::CodeBlock::executionEntryCount): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::makeSafe): - (JSC::DFG::ByteCodeParser::makeDivSafe): - (JSC::DFG::ByteCodeParser::handleCall): - (JSC::DFG::ByteCodeParser::parseBlock): - * dfg/DFGDriver.cpp: - (JSC::DFG::compile): - * jit/JIT.cpp: - (JSC::JIT::privateCompile): - * runtime/Heuristics.cpp: - (JSC::Heuristics::initializeHeuristics): - * runtime/Heuristics.h: - -2011-12-09 Oliver Hunt - - PutByValAlias unnecessarily clobbers GetIndexedPropertyStorage - https://bugs.webkit.org/show_bug.cgi?id=74223 - - Reviewed by Geoffrey Garen. - - Don't clobber GetIndexedPropertyStorage when we see PutByValAlias - - * dfg/DFGPropagator.cpp: - (JSC::DFG::Propagator::getIndexedPropertyStorageLoadElimination): - -2011-12-09 David Levin - - Hash* iterators should allow comparison between const and const versions. - https://bugs.webkit.org/show_bug.cgi?id=73370 - - Reviewed by Darin Adler. - - * wtf/HashTable.h: Add the operators needed to do this. - (WTF::HashTableConstIterator::operator==): - (WTF::HashTableConstIterator::operator!=): - (WTF::HashTableIterator::operator==): - (WTF::HashTableIterator::operator!=): - (WTF::operator==): - (WTF::operator!=): - -2011-12-09 Michael Saboff - - YARR: Multi-character read optimization for 8bit strings - https://bugs.webkit.org/show_bug.cgi?id=74191 - - Reviewed by Oliver Hunt. - - Changed generatePatternCharacterOnce to generate - code for 1 to 4 characters in the 8 bit case. - This is worth 29% improvement on SunSpider regexp-dna test. - It provides no benefit to v8-regexp. - - * yarr/YarrJIT.cpp: - (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce): - (JSC::Yarr::YarrGenerator::generate): Spelling fix in comment. - -2011-12-09 David Levin - - Regression(r53595): Sync xhr requests in workers aren't terminated on worker close. - https://bugs.webkit.org/show_bug.cgi?id=71695 - - Reviewed by Zoltan Herczeg. - - * wtf/MessageQueue.h: - (WTF::MessageQueue::tryGetMessageIgnoringKilled): Added a way to get messages - even after the queue has been killed. This is useful when one wants to - kill a queue but then go through it to run clean up tasks from it. - -2011-12-09 Adrienne Walker - - Fix HashMap<..., OwnPtr<...> >::add compilation errors - https://bugs.webkit.org/show_bug.cgi?id=74159 - - Reviewed by Darin Adler. - - Add a constructor to OwnPtr that takes the empty value (nullptr_t) - from HashTraits so that this function can compile. - - * wtf/OwnPtr.h: - (WTF::OwnPtr::OwnPtr): - -2011-12-09 Oliver Hunt - - Avoid reloading storage pointer for indexed properties unnecessarily - https://bugs.webkit.org/show_bug.cgi?id=74136 - - Reviewed by Filip Pizlo. - - Add a node to represent loading property storage for indexed properties. - This allows us to reduce code generated for sequential access of arrays, - strings, etc. This results in up to 5% improvement in code that is - very heavy on indexed reads, such as matrix operations in typed arrays - and 20% faster on microbenchmarks. - - Currently this is only supported by GetByVal and other similar indexed reads. - - * bytecode/PredictedType.h: - (JSC::isFixedIndexedStorageObjectPrediction): - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::execute): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::handleIntrinsic): - (JSC::DFG::ByteCodeParser::parseBlock): - * dfg/DFGNode.h: - * dfg/DFGPropagator.cpp: - (JSC::DFG::Propagator::propagateNodePredictions): - (JSC::DFG::Propagator::fixupNode): - (JSC::DFG::Propagator::getIndexedPropertyStorageLoadElimination): - (JSC::DFG::Propagator::performNodeCSE): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt): - (JSC::DFG::SpeculativeJIT::compileGetByValOnString): - (JSC::DFG::SpeculativeJIT::compileGetByValOnByteArray): - (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): - (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray): - (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): - * dfg/DFGSpeculativeJIT.h: - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - -2011-12-08 Fady Samuel - - [Chromium] Enable viewport metatag - https://bugs.webkit.org/show_bug.cgi?id=73495 - - Reviewed by Darin Fisher. - - * wtf/Platform.h: Added ENABLE(VIEWPORT) tag. - -2011-12-08 Adam Klein - - Use HashMap> in ChildListMutationScope - https://bugs.webkit.org/show_bug.cgi?id=73964 - - Reviewed by Darin Adler. - - * wtf/HashTraits.h: Add passOut(std::nullptr_t) to allow callers to use HashMap::take on a HashMap of OwnPtrs. - -2011-12-08 Thouraya ANDOLSI - - https://bugs.webkit.org/show_bug.cgi?id=74005 - fix unaligned access memory in generatePatternCharacterOnce function - for SH4 platforms. - - Reviewed by Gavin Barraclough. - - * assembler/MacroAssemblerARM.h: - (JSC::MacroAssemblerARM::load16Unaligned): - * assembler/MacroAssemblerARMv7.h: - (JSC::MacroAssemblerARMv7::load16Unaligned): - * assembler/MacroAssemblerMIPS.h: - (JSC::MacroAssemblerMIPS::load16Unaligned): - * assembler/MacroAssemblerSH4.h: - (JSC::MacroAssemblerSH4::lshift32): - (JSC::MacroAssemblerSH4::load8): - (JSC::MacroAssemblerSH4::load16): - (JSC::MacroAssemblerSH4::load16Unaligned): - (JSC::MacroAssemblerSH4::branch8): - * assembler/MacroAssemblerX86Common.h: - (JSC::MacroAssemblerX86Common::load16Unaligned): - * jit/JIT.h: - * yarr/YarrJIT.cpp: - (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce): - -2011-12-08 Michael Saboff - - Add 8 bit paths for StringTypeAdapter classes - https://bugs.webkit.org/show_bug.cgi?id=73882 - - Reviewed by Darin Adler. - - Added is8Bit() method and writeTo(LChar*) methods - to StringTypeAdapter<> classes. The writeTo(LChar*) - method can be used if is8Bit() returns true. The - non-native 8 bit classes contain ASSERT(is8Bit()) - in their writeTo(LChar*). - - Updated all of the various versions of tryMakeString() to - use 8 bit processing in the updated StringTypeAdapter<> - classes. - - This has slight if any performance improvement on kraken. - - * runtime/UStringConcatenate.h: - * wtf/text/StringConcatenate.h: - (WTF::tryMakeString): - * wtf/text/StringOperators.h: - (WTF::StringAppend::is8Bit): - (WTF::StringAppend::writeTo): - -2011-12-07 Filip Pizlo - - DFG CSE should know that CheckFunction is pure - https://bugs.webkit.org/show_bug.cgi?id=74044 - - Reviewed by Oliver Hunt. - - Possible slight win on V8, no regressions. - - * dfg/DFGPropagator.cpp: - (JSC::DFG::Propagator::checkFunctionElimination): - -2011-12-07 Michael Saboff - - StringBuilderTest.Append and StringBuilderTest.ToStringPreserveCapacity are failing. - https://bugs.webkit.org/show_bug.cgi?id=73995 - - Reviewed by Geoffrey Garen. - - Problem was that a call to characters on an StringImpl associated - with a StringBuilder that is being appended to gets stale. - Added a new m_valid16BitShadowlen that keeps the length of - the 16 bit shadow that has been upconverted or will be up converted - with the first getCharacters(). When StringBuilder::characters or - ::reifyString is called, further characters are upconverted if - we have a shadow16bit copy and the m_valid16BitShadowlen is updated. - - * JavaScriptCore.exp: - * wtf/text/StringBuilder.cpp: - (WTF::StringBuilder::reifyString): - * wtf/text/StringBuilder.h: - (WTF::StringBuilder::StringBuilder): - (WTF::StringBuilder::characters): - (WTF::StringBuilder::clear): Cleaned up as part of the change. - * wtf/text/StringImpl.cpp: - (WTF::StringImpl::getData16SlowCase): - (WTF::StringImpl::upconvertCharacters): - * wtf/text/StringImpl.h: - -2011-12-07 Filip Pizlo - - Compare and Swap should be enabled on ARMv7 - https://bugs.webkit.org/show_bug.cgi?id=74023 - - Reviewed by Geoff Garen. - - Implemented weakCompareAndSwap in terms of LDREX/STREX and enabled PARALLEL_GC. - It gives the expected speed-up on multi-core ARMv7 devices. - - * wtf/Atomics.h: - (WTF::weakCompareAndSwap): - * wtf/Platform.h: - -2011-12-07 Filip Pizlo - - DFG CSE is overzealous with GetByVal - https://bugs.webkit.org/show_bug.cgi?id=74042 - - Reviewed by Oliver Hunt. - - Made sure that the purity of GetByVal and the limited-clobber-itude of PutByVal - is tested in all places that matter. - - * dfg/DFGPropagator.cpp: - (JSC::DFG::Propagator::byValIsPure): - (JSC::DFG::Propagator::clobbersWorld): - (JSC::DFG::Propagator::getByValLoadElimination): - (JSC::DFG::Propagator::checkStructureLoadElimination): - (JSC::DFG::Propagator::getByOffsetLoadElimination): - (JSC::DFG::Propagator::getPropertyStorageLoadElimination): - (JSC::DFG::Propagator::performNodeCSE): - -2011-12-07 Sheriff Bot - - Unreviewed, rolling out r102267. - http://trac.webkit.org/changeset/102267 - https://bugs.webkit.org/show_bug.cgi?id=74032 - - Breaks build on Chromium Mac Debug (Requested by aklein on - #webkit). - - * wtf/HashTraits.h: - -2011-12-07 Adam Klein - - Use HashMap> in ChildListMutationScope - https://bugs.webkit.org/show_bug.cgi?id=73964 - - Reviewed by Ryosuke Niwa. - - * wtf/HashTraits.h: Add passOut(std::nullptr_t) to allow callers to use HashMap::take on an entry whose value is null. - -2011-12-07 Filip Pizlo - - Non-Mac devices should benefit from a larger heap - https://bugs.webkit.org/show_bug.cgi?id=74015 - - Reviewed by Geoff Garen. - - Removed the ENABLE(LARGE_HEAP) option from Platform.h, since it was only used in - Heap.cpp, and got in the way of having more granular, per-platform control over - what the heap size should be. Bumped the heap size to 8MB on iOS (was 512KB). - - * heap/Heap.cpp: - (JSC::GCTimer::heapSizeForHint): - * wtf/Platform.h: - -2011-11-30 Simon Hausmann - - [Qt] V8 build fixes. - - Reviewed by Tor Arne Vestbø. - - * yarr/yarr.pri: Don't rely on Source/JavaScriptCore being in - VPATH. Prefix SOURCES correctly and make sure that runtime/ is - in the include search path when building with v8. - -2011-12-06 Filip Pizlo - - Zapping a block that is Marked leads to dead objects being mistaken for live ones - https://bugs.webkit.org/show_bug.cgi?id=73982 - - Reviewed by Geoff Garen. - - Changed the zapping code to ignore blocks that are Marked or Zapped. Additionally, - the code asserts that: - - - If we zap a Marked or Zapped block then the free list is empty, because this - can only happen if the block was never free-listed. - - - Zapping can only happen for Marked, Zapped, or FreeListed blocks, since Allocated - blocks are those that cannot be referred to by SizeClass::currentBlock (since - SizeClass::currentBlock only refers to blocks that are candidates for allocation, - and Allocated blocks are those who have been exhausted by allocation and will not - be allocated from again), and New blocks cannot be referred to by anything except - during a brief window inside the allocation slow-path. - - * heap/MarkedBlock.cpp: - (JSC::MarkedBlock::zapFreeList): - -2011-12-06 Filip Pizlo - - DFG 32_64 call linking does not handle non-cell callees correctly - https://bugs.webkit.org/show_bug.cgi?id=73965 - - Reviewed by Sam Weinig. - - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::emitCall): - -2011-12-06 Sam Weinig - - Remove unintentional type name shadowing in the Interpreter - https://bugs.webkit.org/show_bug.cgi?id=73963 - - Reviewed by Oliver Hunt. - - * interpreter/Interpreter.cpp: - (JSC::Interpreter::prepareForRepeatCall): Replace the parameter name FunctionExecutable, - which shadows the FunctionExecutable type name, with functionExecutable. - -2011-12-06 Michael Saboff - - r102146 from 73875 broke fast/js/encode-URI-test.html - https://bugs.webkit.org/show_bug.cgi?id=73950 - - Reviewed by Gavin Barraclough. - - * runtime/JSGlobalObjectFunctions.cpp: - (JSC::globalFuncUnescape): Restructured to handle - the %uHHHH case to output the resulting character - and continue so that a failure in finding 4 hex - digits will fall through and output the '%'. - Due to style check, changed the temporary - character variable to a more descriptive name. - -2011-12-06 Filip Pizlo - - GC zapping logic could benefit from some more assertions - https://bugs.webkit.org/show_bug.cgi?id=73947 - - Reviewed by Gavin Barraclough. - - - If you're in a zapped block and you're zapped, then your mark bit should - never be set. - - - If you're being marked, then you should never be zapped. - - * heap/MarkedBlock.h: - (JSC::MarkedBlock::isLive): - * runtime/Structure.h: - (JSC::MarkStack::internalAppend): - -2011-12-06 Oliver Hunt - - Don't allocate register in typedarray control flow - https://bugs.webkit.org/show_bug.cgi?id=73944 - - Reviewed by Gavin Barraclough. - - Move a temporary allocation outside of control flow. - - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray): - -2011-12-06 Gavin Barraclough - - https://bugs.webkit.org/show_bug.cgi?id=68328 - The generator and intrinsic fields in HashTableValue/HashEntry and associated structures and methods are redundant - - Reviewed by Geoff Garen. - - Move the instrinsic enum out of the DFG, into runtime. Add entires for all host functions - that have an intrinsic in the form of a generated thunk. Remove the thunk pointer from the - hashtable, and make Intrinsic field no longer ifdef on JIT/DFG. In getHostFunction select - a thunk genertaor to use based on the Intrinsic. - - * JavaScriptCore.xcodeproj/project.pbxproj: - * create_hash_table: - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::handleCall): - (JSC::DFG::ByteCodeParser::handleIntrinsic): - * dfg/DFGCapabilities.h: - * dfg/DFGIntrinsic.h: Removed. - * jit/JITStubs.cpp: - (JSC::JITThunks::hostFunctionStub): - * jit/JITStubs.h: - * runtime/Executable.cpp: - (JSC::ExecutableBase::intrinsic): - (JSC::NativeExecutable::intrinsic): - * runtime/Executable.h: - (JSC::ExecutableBase::intrinsicFor): - (JSC::NativeExecutable::create): - (JSC::NativeExecutable::finishCreation): - * runtime/Intrinsic.h: Copied from Source/JavaScriptCore/dfg/DFGIntrinsic.h. - * runtime/JSGlobalData.cpp: - (JSC::thunkGeneratorForIntrinsic): - (JSC::JSGlobalData::getHostFunction): - * runtime/JSGlobalData.h: - * runtime/Lookup.cpp: - (JSC::HashTable::createTable): - (JSC::setUpStaticFunctionSlot): - * runtime/Lookup.h: - (JSC::HashEntry::initialize): - (JSC::HashEntry::intrinsic): - -2011-12-06 Michael Saboff - - Add 8 bit paths to global object functions - https://bugs.webkit.org/show_bug.cgi?id=73875 - - Added 8 bit paths for converions methods. - - This is worth 1.5% on kraken audio-oscillator, - 1.6% on stanford-crypto-ccm and 2.5% on - stanford-crypto-sha256-iterative. See bug for - a full report. - - Reviewed by Oliver Hunt. - - * runtime/JSGlobalObjectFunctions.cpp: - (JSC::decode): Split into a templated helper. - (JSC::parseInt): Split into a templated helper. - (JSC::parseFloat): Added an 8 bit path - (JSC::globalFuncEscape): Added 8 bit path - (JSC::globalFuncUnescape): Added 8 bit path - * runtime/JSStringBuilder.h: - (JSC::JSStringBuilder::append): New append for LChar - * wtf/text/StringBuilder.h: - (WTF::StringBuilder::append): New append for LChar - -2011-11-21 Balazs Kelemen - - Enable ParallelJobs by default - https://bugs.webkit.org/show_bug.cgi?id=70032 - - Reviewed by Zoltan Herczeg. - - According to measurements on Mac and Linux it is a - considerable speedup for SVG on multicore. - - Remove the ENABLE(PARALLEL_JOBS) guard. - Fix build on Windows and Chromium. - - * JavaScriptCore.gypi: Add the files to the build. It was - missing for the gyp build system. - * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: - Export symbols. - * wtf/ParallelJobs.h: - * wtf/ParallelJobsGeneric.cpp: - (WTF::ParallelEnvironment::ParallelEnvironment): - (WTF::ParallelEnvironment::execute): - Deinline these to avoid exporting a lot of symbols. - These are non-trivial and called only once on a given object - so it doesn't seems to be worthwile to inline them. - Additionally fix a signed-unsigned comparison in the constructor. - * wtf/ParallelJobsGeneric.h: - * wtf/Platform.h: - -2011-12-06 Simon Hausmann - - [Qt] build-jsc script doesn't work - https://bugs.webkit.org/show_bug.cgi?id=73910 - - Reviewed by Tor Arne Vestbø. - - * JavaScriptCore.pro: Build WTF before JavaScriptCore and JSC - (moved from top-level WebKit.pro). Also add v8 scopes to only build - WTF during v8 builds. - -2011-12-05 Anders Carlsson - - Add HashMap::keys() and HashMap::values() for easy iteration of hash map keys and values in C++11. - - Reviewed by Darin Adler. - - * wtf/HashMap.h: - -2011-12-05 Michael Saboff - - Create StringImpl::empty() as an 8 bit string - https://bugs.webkit.org/show_bug.cgi?id=73871 - - Reviewed by Oliver Hunt. - - * wtf/text/StringStatics.cpp: - (WTF::StringImpl::empty): Changed to be an 8 bit string. - -2011-12-05 Darin Adler - - Convert JSClassRef to use HashMap - https://bugs.webkit.org/show_bug.cgi?id=73780 - - Reviewed by Andreas Kling. - - * API/JSCallbackObjectFunctions.h: - (JSC::JSCallbackObject::getOwnPropertyNames): Use get() on the hash map - entries because the hash map now has an OwnPtr instead of a raw pointer. - - * API/JSClassRef.cpp: - (OpaqueJSClass::OpaqueJSClass): No need to initialize m_staticValues and - m_staticFunctions since they are now OwnPtr. Use adoptPtr when allocating. - Removed the code that gets and deletes existing entries, and just use set, - which now handles deletion automatically due to it being OwnPtr. - (OpaqueJSClass::~OpaqueJSClass): Replaced code to do all the deletion - with assertion-only NDEBUG-only code. - (OpaqueJSClassContextData::OpaqueJSClassContextData): Use adoptPtr when - allocating. Use OwnPtr when adding. Removed unneeded code to set - staticValues and staticFunctions to 0. Removed unneeded destructor. - (OpaqueJSClass::staticValues): Added get call. Also removed unneeded local. - (OpaqueJSClass::staticFunctions): Ditto. - (OpaqueJSClass::prototype): Added use of adoptPtr. - - * API/JSClassRef.h: Made the static values and static functions tables - use OwnPtr for the entries. Also used OwnPtr for the pointers to the - tables themselves. Also removed ~OpaqueJSClassContextData(), letting - the compiler generate it. - -2011-12-05 Oliver Hunt - - Land uncommitted bit of float array support - https://bugs.webkit.org/show_bug.cgi?id=73873 - - Reviewed by Filip Pizlo. - - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray): - -2011-12-05 Benjamin Poulain - - Update String::containsOnlyASCII() to handle 8 bits strings - https://bugs.webkit.org/show_bug.cgi?id=73799 - - Reviewed by Darin Adler. - - Implement String::containsOnlyASCII() so that it does not - call String::characters(). - - * wtf/text/WTFString.h: - (WTF::String::containsOnlyASCII): - -2011-12-05 Filip Pizlo - - Unreviewed build fix for non-DFG platforms. - - * dfg/DFGRepatch.h: - -2011-12-05 Filip Pizlo - - Old JIT emits 32-bit offsets for put_by_id but sometimes patches them as if they - were compact offsets - https://bugs.webkit.org/show_bug.cgi?id=73861 - - Reviewed by Gavin Barraclough. - - * jit/JITPropertyAccess32_64.cpp: - (JSC::JIT::resetPatchPutById): - -2011-12-05 Filip Pizlo - - Unreviewed, build fixes for ARM. - - * assembler/AbstractMacroAssembler.h: - (JSC::AbstractMacroAssembler::unreachableForPlatform): - * assembler/MacroAssemblerARMv7.h: - (JSC::MacroAssemblerARMv7::loadDouble): - (JSC::MacroAssemblerARMv7::loadFloat): - (JSC::MacroAssemblerARMv7::storeFloat): - (JSC::MacroAssemblerARMv7::convertFloatToDouble): - (JSC::MacroAssemblerARMv7::convertDoubleToFloat): - -2011-12-05 Benjamin Poulain - - Update String::containsOnlyLatin1() to avoid converting to 16 bits - https://bugs.webkit.org/show_bug.cgi?id=73797 - - Reviewed by Andreas Kling. - - When the String use 8bits StringImpl, there is no need to iterate - over the string. - - The function charactersAreAllLatin1() is removed because it is not - used anywhere. - - * wtf/text/WTFString.h: - (WTF::String::containsOnlyLatin1): - -2011-12-05 Michael Saboff - - 8 bit string work slows down Kraken json-stringify-tinderbox - https://bugs.webkit.org/show_bug.cgi?id=73457 - - Added 8 bit path to StringBuilder. StringBuilder starts - assuming 8 bit contents and gets converted to 16 bit upon - seeing the first 16 bit character or string. Split - appendUninitialiezed into an inlined fast and function call - slow case. - - Factored out the processing of the UString argument from - Stringifier::appendQuotedString() to a static templated function - based on character size. - - This change eliminates 5% of the 7% slowdown to json-stringify-tinderbox. - This change introduces a 4.8% slowdown to json-parse-financial. - This slowdown will be addressed in a subsequent patch to StringImpl::equal. - - Reviewed by Oliver Hunt. - - * runtime/JSONObject.cpp: - (JSC::appendStringToUStringBuilder): - (JSC::Stringifier::appendQuotedString): - * wtf/text/StringBuilder.cpp: - (WTF::StringBuilder::resize): - (WTF::StringBuilder::allocateBuffer): - (WTF::StringBuilder::allocateBufferUpConvert): - (WTF::LChar): - (WTF::UChar): - (WTF::StringBuilder::reserveCapacity): - (WTF::StringBuilder::appendUninitialized): - (WTF::StringBuilder::appendUninitializedSlow): - (WTF::StringBuilder::append): - (WTF::StringBuilder::shrinkToFit): - * wtf/text/StringBuilder.h: - (WTF::StringBuilder::StringBuilder): - (WTF::StringBuilder::append): - (WTF::StringBuilder::operator[]): - (WTF::StringBuilder::characters8): - (WTF::StringBuilder::characters16): - (WTF::StringBuilder::charactersBlah): - (WTF::LChar): - (WTF::UChar): - -2011-12-01 Gavin Barraclough - - https://bugs.webkit.org/show_bug.cgi?id=73624 - JIT + INTERPRETER builds are broken - - Reviewed by Geoff Garen, Sam Weinig. - - These don't fallback to the interpreter correctly. - Thunk creation assumes that is the JIT is compiled in, then it is enabled. - - * jit/JITStubs.cpp: - (JSC::JITThunks::JITThunks): - * runtime/Executable.h: - (JSC::NativeExecutable::create): - (JSC::NativeExecutable::finishCreation): - * runtime/JSGlobalData.cpp: - (JSC::JSGlobalData::getHostFunction): - -2011-12-05 Zoltan Herczeg - - MacroAssemblerSH4 does not implement readCallTarget - https://bugs.webkit.org/show_bug.cgi?id=73434 - - Reviewed by Csaba Osztrogonác. - - * assembler/MacroAssemblerSH4.h: Support for SH4. - (JSC::MacroAssemblerSH4::readCallTarget): - * assembler/SH4Assembler.h: - (JSC::SH4Assembler::readCallTarget): - -2011-12-04 Filip Pizlo - - DFG should optimize strict equality - https://bugs.webkit.org/show_bug.cgi?id=73764 - - Reviewed by Oliver Hunt. - - 1% speed-up on V8. - - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compare): - (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant): - (JSC::DFG::SpeculativeJIT::compileStrictEq): - * dfg/DFGSpeculativeJIT.h: - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compileIntegerCompare): - (JSC::DFG::SpeculativeJIT::compileDoubleCompare): - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compileIntegerCompare): - (JSC::DFG::SpeculativeJIT::compileDoubleCompare): - (JSC::DFG::SpeculativeJIT::compile): - -2011-12-03 Darin Adler - - Use HashMap for ScriptSampleRecordMap - https://bugs.webkit.org/show_bug.cgi?id=73758 - - Reviewed by Andreas Kling. - - * bytecode/SamplingTool.cpp: - (JSC::SamplingTool::notifyOfScope): Added adoptPtr. - (JSC::SamplingTool::dump): Added get. - * bytecode/SamplingTool.h: Changed the value type of ScriptSampleRecordMap to be OwnPtr. - -2011-12-03 Darin Adler - - Use HashMap for the opaqueJSClassData map - https://bugs.webkit.org/show_bug.cgi?id=73759 - - Reviewed by Andreas Kling. - - * API/JSClassRef.cpp: - (OpaqueJSClass::contextData): Update types. - * runtime/JSGlobalData.cpp: - (JSC::JSGlobalData::~JSGlobalData): Add an explicit clear of opaqueJSClassData to keep the - timing the same. If we didn't care about the order of operations, we could remove this, too. - * runtime/JSGlobalData.h: Use OwnPtr instead of raw pointer for the mapped type in the - opaqueJSClassData map. - -2011-12-03 Darin Adler - - Change HashMap implementation to use the pass type and peek type from traits for the mapped value - https://bugs.webkit.org/show_bug.cgi?id=72474 - - Reviewed by Anders Carlsson. - - * wtf/HashMap.h: Added ReferenceTypeMaker struct template. Get PassInType, PassOutType, - and PeekType from the traits of the mapped value instead of hard-coding them here. - Changed inlineAdd to take a reference to the PassInType instead of the PassInType itself, - to accomodate a PassInType that can't be copied. Use the store, peek, and passOut - functions from the traits as well. - - * wtf/HashTraits.h: Updated GenericHashTraits and HashTraits for OwnPtr to include - PassInType, PassOutType, PeekType, store, passOut, and peek. Before this, the file had - an earlier version that was just PassType, PeekType, pass, and peek. Also commented - the HashTraits for RefPtr to foreshadow some work we can do there. - - * wtf/RefPtrHashMap.h: Same changes as HashMap.h. - -2011-12-02 David Levin - - Rename WTF class from TemporarilyChange to TemporaryChange. - https://bugs.webkit.org/show_bug.cgi?id=73479 - - Reviewed by Eric Seidel. - - * JavaScriptCore.gypi: - * JavaScriptCore.vcproj/WTF/WTF.vcproj: - * JavaScriptCore.xcodeproj/project.pbxproj: - * wtf/TemporaryChange.h: Renamed from Source/JavaScriptCore/wtf/TemporarilyChange.h. - (WTF::TemporaryChange::TemporaryChange): - (WTF::TemporaryChange::~TemporaryChange): - -2011-12-02 Mark Hahnenberg - - REGRESSION (r99754): All layout tests crash on Windows - https://bugs.webkit.org/show_bug.cgi?id=72305 - - Reviewed by Geoffrey Garen. - - Fixes a crash in release builds on Windows. Windows was optimizing the out-of-line virtual destructor in - JSFunction away, which left it with no virtual functions. Its vtable ptr was then identical to that of - a different class, therefore the optimization in the visitChildren helper function in MarkedStack.cpp was calling an - incorrect version of visitChildren on the object, which left its children unmarked, causing them to be - collected when they were still reachable. - - * runtime/JSFunction.cpp: - (JSC::JSFunction::vtableAnchor): Add a virtual function to JSFunction that Visual Studio can't optimize away. - * runtime/JSFunction.h: - * runtime/JSGlobalData.cpp: - (JSC::JSGlobalData::storeVPtrs): Add checks to make sure that all virtual pointers that we rely on for optimization - purposes are distinct from one another. - -2011-12-02 Oliver Hunt - - Improve float array support in the DFG JIT - https://bugs.webkit.org/show_bug.cgi?id=73722 - - Reviewed by Gavin Barraclough. - - Add basic support for float typed arrays in JSC. This is currently - less optimal than it could be in the following ways: - * float32Array1[0] = float32Array2[0] (eg. an element by element copy) - promotes float to double and then back to float. - * float64Array[0] will always perform NaN tests in order to prevent - signalling NaNs from entering the engine. - - We also don't support Float32Array on ARMv7 - - * assembler/MacroAssemblerARMv7.h: - (JSC::MacroAssemblerARMv7::loadDouble): - (JSC::MacroAssemblerARMv7::loadFloat): - (JSC::MacroAssemblerARMv7::storeDouble): - (JSC::MacroAssemblerARMv7::storeFloat): - (JSC::MacroAssemblerARMv7::convertFloatToDouble): - (JSC::MacroAssemblerARMv7::convertDoubleToFloat): - * assembler/MacroAssemblerX86Common.h: - (JSC::MacroAssemblerX86Common::loadDouble): - (JSC::MacroAssemblerX86Common::loadFloat): - (JSC::MacroAssemblerX86Common::storeDouble): - (JSC::MacroAssemblerX86Common::storeFloat): - (JSC::MacroAssemblerX86Common::convertDoubleToFloat): - (JSC::MacroAssemblerX86Common::convertFloatToDouble): - * assembler/X86Assembler.h: - (JSC::X86Assembler::cvtsd2ss_rr): - (JSC::X86Assembler::cvtss2sd_rr): - (JSC::X86Assembler::movsd_rm): - (JSC::X86Assembler::movss_rm): - (JSC::X86Assembler::movsd_mr): - (JSC::X86Assembler::movss_mr): - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::execute): - * dfg/DFGNode.h: - (JSC::DFG::Node::shouldSpeculateFloat32Array): - * dfg/DFGPropagator.cpp: - (JSC::DFG::Propagator::propagateNodePredictions): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): - (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray): - (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): - * dfg/DFGSpeculativeJIT.h: - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): - (JSC::DFG::SpeculativeJIT::compile): - -2011-12-02 Sheriff Bot - - Unreviewed, rolling out r101801. - http://trac.webkit.org/changeset/101801 - https://bugs.webkit.org/show_bug.cgi?id=73667 - - Build is still broken (Requested by Ossy on #webkit). - - * assembler/SH4Assembler.h: - -2011-12-01 Darin Adler - - Prepare to deploy pass and peek types in the HashMap class - https://bugs.webkit.org/show_bug.cgi?id=73477 - - Reviewed by Adam Roben. - - This patch adds private typedefs inside the HashMap class, - and uses them as appropriate. A future patch will actually - tie those typedefs to hash traits, which will allow us to - make HashMap work with OwnPtr mapped values and to optimize - how HashMap works with RefPtr mapped values. - - Also changed the hash translator and adapter struct templates - to use template functions to simplify them and make them more - flexible. - - Also removed some unused template arguments. - - This goes out of its way to not change behavior. Future patches - will change the peek type to be a reference type, which will - reduce reference count churn a bit for hash tables with RefPtr - mapped values, and then do further optimizations for RefPtr - and OwnPtr by getting types from the hash traits. - - * wtf/HashMap.h: Added MappedPassInType, MappedPassOutType, - and MappedPeekType typedefs, and used them for the arguments - and return types of the get, set, add, take, and inlineAdd - functions. - (WTF::HashMapTranslator): Changed this struct template to take - fewer arguments, and changed its member functions to be - function templates instead. This allows the compiler to - determine types more flexibly and also simplifies use of it. - (WTF::HashMapTranslatorAdapter): Ditto. - (WTF::HashMap::find): Updated to use new HashMapTranslatorAdapter. - Also reduced the arguments passed to the HashTable function template. - (WTF::HashMap::contains): Ditto. - (WTF::HashMap::inlineAdd): Ditto. Also take MappedPassInType. - (WTF::HashMap::set): Ditto. - (WTF::HashMap::add): Ditto. - (WTF::HashMap::inlineGet): Ditto, but return MappedPeekType. - (WTF::HashMap::get): Ditto. - (WTF::HashMap::take): Ditto, but return MappedPassOutType and use - that type in the implementation. - (WTF::deleteAllValues): Removed unneeded template arguments from - call to deleteAllPairSeconds. - (WTF::deleteAllKeys): Removed unneeded template arguments from - call to deleteAllPairFirsts. - - * wtf/HashSet.h: - (WTF::IdentityExtractor): Changed this to be a struct rather than - a struct template, and replaced the extract function with a function - template. This allows the compiler to deduce the type. - (WTF::HashSetTranslatorAdapter): Changed this struct template to take - fewer arguments, and changed its member functions to be - function templates instead. This allows the compiler to - determine types more flexibly and also simplifies use of it. - (WTF::HashSet::find): Updated to use new HashSetTranslatorAdapter. - Also reduced the arguments passed to the HashTable function template. - (WTF::HashSet::contains): Ditto. - (WTF::HashSet::add): Ditto. - - * wtf/HashTable.h: - (WTF::IdentityHashTranslator): Changed this struct template to take - fewer arguments, and changed its member functions to be - function templates instead. This allows the compiler to - determine types more flexibly and also simplifies use of it. - (WTF::HashTable::add): Reduced arguments passed to the function template. - (WTF::HashTable::find): Ditto, also reversed the template arguments so the - translator comes first so the compiler can deduce the other type. - (WTF::HashTable::contains): Ditto. - (WTF::HashTable::lookup): Ditto. - (WTF::HashTable::lookupForWriting): Ditto. - (WTF::HashTable::checkKey): Ditto. - (WTF::HashTable::fullLookupForWriting): Ditto. - (WTF::HashTable::add): Ditto. - (WTF::HashTable::addPassingHashCode): Ditto. - (WTF::HashTable::find): Ditto. - (WTF::HashTable::contains): Ditto. - - * wtf/ListHashSet.h: - (WTF::ListHashSetNodeHashFunctions): Changed this struct template to take - fewer arguments, and changed its member functions to be function templates - instead. This allows the compiler to determine types more flexibly and - also simplifies use of it. - (WTF::ListHashSet::find): Reduced the arguments passed to the HashTable - functon template. - (WTF::ListHashSetTranslatorAdapter): Changed this struct template in the - same way we changed ListHashSetNodeHashFunctions above. - (WTF::ListHashSetTranslatorAdapter::equal): - (WTF::::contains): - (WTF::::add): - (WTF::::insertBefore): - - * wtf/RefPtrHashMap.h: Updated comments. Removed the - RefPtrHashMapRawKeyTranslator struct template; we can use the - HashMapTranslator struct template from HashMap.h instead now that - it is more flexible. Added MappedPassInType, MappedPassOutType, - and MappedPeekType typedefs, and used them for the arguments - and return types of the get, inlineGet, set, add, take, and inlineAdd - functions. Changed the name of the RawKeyTranslator type to - Translator since it's now a class that can handle both raw keys - and conventional keys. - (WTF::HashMap::find): Changed to use Translator instead of RawKeyTranslator. - Reduced the arguments passed to the HashTable function template. - (WTF::HashMap::contains): Ditto. - (WTF::HashMap::inlineAdd): Ditto. Also take MappedPassInType. - (WTF::HashMap::set): Ditto. - (WTF::HashMap::add): Ditto. - (WTF::HashMap::inlineGet): Ditto, but return MappedPeekType. - (WTF::HashMap::get): Ditto. - (WTF::HashMap::take): Ditto, but return MappedPassOutType and use - that type in the implementation. - (WTF::deleteAllValues): Removed unneeded template arguments from - call to deleteAllPairSeconds. - (WTF::deleteAllKeys): Removed unneeded template arguments from - call to deleteAllPairFirsts. - -2011-12-02 Zoltan Herczeg - - MacroAssemblerSH4 does not implement readCallTarget - https://bugs.webkit.org/show_bug.cgi?id=73434 - - Reviewed by Csaba Osztrogonác. - - * assembler/SH4Assembler.h: - (JSC::SH4Assembler::readCallTarget): Support for SH4. - -2011-12-02 Hajime Morrita - - Unreviewed, rolling out r101751 and r101775. - http://trac.webkit.org/changeset/101751 - http://trac.webkit.org/changeset/101775 - https://bugs.webkit.org/show_bug.cgi?id=73191 - - breaks Windows build - - * JavaScriptCore.xcodeproj/project.pbxproj: - * config.h: - * runtime/JSExportMacros.h: Removed. - * wtf/ExportMacros.h: - * wtf/Platform.h: - * wtf/WTFThreadData.h: - * wtf/text/AtomicString.h: - * wtf/text/StringStatics.cpp: - -2011-12-01 Hajime Morrita - - JS_INLINE and WTF_INLINE should be visible from WebCore - https://bugs.webkit.org/show_bug.cgi?id=73191 - - - Moved Export related macro definitions from config.h to ExportMacros.h and JSExportMacros.h. - - Moved WTF_USE_JSC and WTF_USE_V8 from various config.h family to Platform.h. - - Replaced JS_EXPORTDATA in wtf moudule with newly introduced WTF_EXPORTDATA. - - Reviewed by Kevin Ollivier. - - * JavaScriptCore.xcodeproj/project.pbxproj: - * config.h: - * runtime/JSExportMacros.h: Added. - * wtf/ExportMacros.h: - * wtf/Platform.h: - * wtf/WTFThreadData.h: - * wtf/text/AtomicString.h: - * wtf/text/StringStatics.cpp: - -2011-12-01 Michael Saboff - - Changes proposed for 73457 slow down Kraken json-parse-financial - https://bugs.webkit.org/show_bug.cgi?id=73584 - - Restructured StringImpl::equal to take advantage of 8 or 4 bytes - at a time when possible. - - This is worth ~3% on Kraken json-parse-financial. It provides - ~2% on SunSpider string-unpack-code. - - Reviewed by Sam Weinig. - - * wtf/text/StringImpl.cpp: - (WTF::equal): - -2011-12-01 Oliver Hunt - - Support integer typed arrays in the DFG JIT - https://bugs.webkit.org/show_bug.cgi?id=73608 - - Reviewed by Filip Pizlo. - - Add support for all the integral typed arrays in the DFG JIT. - Currently this loads the contents of Uint32 arrays as doubles, - which is clearly not as efficient as it could be, but this is - still in the order of 10-20x faster than the existing behaviour. - - This needed us to add support for writing 16bit values to the - macroassembler, and also to support double<->unsigned conversion. - - * assembler/ARMv7Assembler.h: - (JSC::ARMv7Assembler::strh): - (JSC::ARMv7Assembler::vcvt_floatingPointToUnsigned): - * assembler/MacroAssemblerARMv7.h: - (JSC::MacroAssemblerARMv7::store16): - (JSC::MacroAssemblerARMv7::truncateDoubleToUint32): - * assembler/MacroAssemblerX86Common.h: - (JSC::MacroAssemblerX86Common::store16): - (JSC::MacroAssemblerX86Common::truncateDoubleToUint32): - * assembler/X86Assembler.h: - (JSC::X86Assembler::movw_rm): - (JSC::X86Assembler::cvttsd2siq_rr): - * bytecode/PredictedType.cpp: - (JSC::predictionToString): - (JSC::predictionFromClassInfo): - * bytecode/PredictedType.h: - (JSC::isInt8ArrayPrediction): - (JSC::isInt16ArrayPrediction): - (JSC::isInt32ArrayPrediction): - (JSC::isUint8ArrayPrediction): - (JSC::isUint16ArrayPrediction): - (JSC::isUint32ArrayPrediction): - (JSC::isFloat32ArrayPrediction): - (JSC::isFloat64ArrayPrediction): - * dfg/DFGAbstractState.cpp: - (JSC::DFG::AbstractState::initialize): - (JSC::DFG::AbstractState::execute): - * dfg/DFGNode.h: - (JSC::DFG::Node::shouldSpeculateInt8Array): - (JSC::DFG::Node::shouldSpeculateInt16Array): - (JSC::DFG::Node::shouldSpeculateInt32Array): - (JSC::DFG::Node::shouldSpeculateUint8Array): - (JSC::DFG::Node::shouldSpeculateUint16Array): - (JSC::DFG::Node::shouldSpeculateUint32Array): - (JSC::DFG::Node::shouldSpeculateFloat32Array): - (JSC::DFG::Node::shouldSpeculateFloat64Array): - * dfg/DFGPropagator.cpp: - (JSC::DFG::Propagator::propagateNodePredictions): - (JSC::DFG::Propagator::fixupNode): - (JSC::DFG::Propagator::performNodeCSE): - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::checkArgumentTypes): - (JSC::DFG::SpeculativeJIT::compileGetTypedArrayLength): - (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): - (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): - * dfg/DFGSpeculativeJIT.h: - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * dfg/DFGSpeculativeJIT64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - * runtime/JSGlobalData.h: - -2011-12-01 Benjamin Poulain - - URLs are encoded in UTF-8, then decoded as if they are Latin1 - https://bugs.webkit.org/show_bug.cgi?id=71758 - - Reviewed by Darin Adler. - - Add the operator == between a String and a Vector of char. The implementation - is the same as the comparison of String and char* but adds the length as a - parameter for comparing the strings. - - * JavaScriptCore.exp: - * wtf/text/StringImpl.h: - (WTF::equal): - * wtf/text/WTFString.h: - (WTF::operator==): - (WTF::operator!=): - -2011-12-01 Martin Robinson - - [GTK] Read fonts from the jhbuild root - https://bugs.webkit.org/show_bug.cgi?id=73487 - - Reviewed by Gustavo Noronha Silva. - - Read fonts from the jhbuild root instead of from the system. This will ensure - that all testers use the same fonts instead of leaving this up to luck. - - * wtf/gobject/GlibUtilities.h: Add Assertions.h which was required for the WebKit2TestRunner. - -2011-12-01 Martin Robinson - - [GTK] Add a helper function to find the current executable's path - https://bugs.webkit.org/show_bug.cgi?id=73473 - - Reviewed by Gustavo Noronha Silva. - - Add a WTF helper which gets the binary path. This is currently only used - in WebKit2. - - * GNUmakefile.list.am: Add the new file to the source list. - * wtf/gobject/GlibUtilities.cpp: Added. - (getCurrentExecutablePath): - * wtf/gobject/GlibUtilities.h: Added. - -2011-12-01 Sheriff Bot - - Unreviewed, rolling out r101691. - http://trac.webkit.org/changeset/101691 - https://bugs.webkit.org/show_bug.cgi?id=73588 - - Tests fail on Chromium bots, early warning system warned - committer, please adjust test_expectations in patch (Requested - by scheib on #webkit). - - * JavaScriptCore.exp: - * wtf/text/StringImpl.h: - * wtf/text/WTFString.h: - -2011-12-01 Filip Pizlo - - ARMv7 only allows for one-shot patching of compact offsets, while the - JIT expects to be able to repatch - https://bugs.webkit.org/show_bug.cgi?id=73548 - - Reviewed by Oliver Hunt. - - * assembler/ARMv7Assembler.h: - (JSC::ARMv7Assembler::setUInt7ForLoad): - -2011-11-30 Benjamin Poulain - - URLs are encoded in UTF-8, then decoded as if they are Latin1 - https://bugs.webkit.org/show_bug.cgi?id=71758 - - Reviewed by Darin Adler. - - Add the operator == between a String and a Vector of char. The implementation - is the same as the comparison of String and char* but adds the length as a - parameter for comparing the strings. - - * JavaScriptCore.exp: - * wtf/text/StringImpl.h: - (WTF::equal): - * wtf/text/WTFString.h: - (WTF::operator==): - (WTF::operator!=): - -2011-11-30 Dmitry Lomov - - https://bugs.webkit.org/show_bug.cgi?id=73503 - [Chromium][V8] Implement ArrayBuffer transfer in chromium. - Portions of this patch come from Luke Zarko. - - Reviewed by David Levin. - - * wtf/ArrayBuffer.cpp: - (WTF::ArrayBuffer::transfer): Changed prototype from pointers to RefPtr. - * wtf/ArrayBuffer.h: - (WTF::ArrayBufferContents::transfer): Changed prototype from pointers to RefPtr. - (WTF::ArrayBuffer::isNeutered): - * wtf/TypedArrayBase.h: - (WTF::TypedArrayBase::neuter): - -2011-12-01 Chao-ying Fu - - MacroAssemblerMIPS does not implement readCallTarget - https://bugs.webkit.org/show_bug.cgi?id=73432 - - Reviewed by Zoltan Herczeg. - - * assembler/MIPSAssembler.h: - (JSC::MIPSAssembler::readCallTarget): - * assembler/MacroAssemblerMIPS.h: - (JSC::MacroAssemblerMIPS::readCallTarget): - -2011-12-01 Noel Gordon - - [chromium] Remove wtf/qt/ThreadingQt.cpp from the gyp projects - https://bugs.webkit.org/show_bug.cgi?id=73527 - - Reviewed by Simon Hausmann. - - wtf/qt/ThreadingQt.cpp was removed in r101477 - - * JavaScriptCore.gypi: remove wtf/qt/ThreadingQt.cpp - -2011-12-01 Filip Pizlo - - BitVector isInline check could fail - https://bugs.webkit.org/show_bug.cgi?id=70691 - - Reviewed by Gavin Barraclough. - - Switch back to using the high bit as the inline marker, to make - all of the bit indexing operations simpler. Computing the size in - words and in bytes of a bitvector, using the number of bits as - input is error-prone enough; and with the current approach to - solving the X86 bug we end up getting it wrong. Making it right - seems hard. - - So instead, to solve the original problem (the high bit may be - meaningful on 32-bit systems), the out-of-line storage pointer is - right-shifted by 1. Compared to the original BitVector code, this - is a much smaller change (just three lines). - - This solves a bug where the DFG was corrupting its call frame - because BitVector lost track of some bits. - - * wtf/BitVector.cpp: - (WTF::BitVector::setSlow): - (WTF::BitVector::resizeOutOfLine): - * wtf/BitVector.h: - (WTF::BitVector::quickGet): - (WTF::BitVector::quickSet): - (WTF::BitVector::quickClear): - (WTF::BitVector::makeInlineBits): - (WTF::BitVector::isInline): - (WTF::BitVector::outOfLineBits): - -2011-11-30 Filip Pizlo - - DFG should make it easier to notice node boundaries in disassembly - https://bugs.webkit.org/show_bug.cgi?id=73509 - - Rubber-stamped by Gavin Barraclough - - If you set XOR_DEBUG_AID to 1 in DFGCommon.h, a pair of xor's will - be emitted at node boundaries, where the immediate being xor'd is the - node index. - - * dfg/DFGCommon.h: - * dfg/DFGSpeculativeJIT.cpp: - (JSC::DFG::SpeculativeJIT::compile): - -2011-11-30 Geoffrey Garen - - Removed ArgList iterators. - - Reviewed by Gavin Barraclough. - - Another step toward reversing the argument order. - - * interpreter/Interpreter.cpp: - (JSC::Interpreter::executeCall): - (JSC::Interpreter::executeConstruct): Switched from iterator to int. - - * runtime/ArgList.h: - (JSC::ArgList::ArgList): - (JSC::ArgList::isEmpty): Removed iterators. - - * runtime/JSArray.cpp: - (JSC::JSArray::finishCreation): Switched from iterator to int. - -2011-11-30 Yuqiang Xian - - 32 bit DFG should handle logicalNot slow case instead of simply bailing out - https://bugs.webkit.org/show_bug.cgi?id=73515 - - Reviewed by Filip Pizlo. - - This improves Kraken performance by 14%, mainly due to ~3X improvement - on imaging-desaturate. - - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compileLogicalNot): - -2011-11-30 Max Vujovic - - Some date values not handled consistently with IE/Firefox - https://bugs.webkit.org/show_bug.cgi?id=14176 - - Reviewed by Gavin Barraclough. - - Changed time zone offset parsing behavior to match IE/Firefox/Opera's in - implementation dependent cases like "GMT-4". - - * wtf/DateMath.cpp: - (WTF::parseDateFromNullTerminatedCharacters): - -2011-11-30 Mark Hahnenberg - - toStringCallback and valueOfCallback do not check the entire prototype chain for convertToType callback - https://bugs.webkit.org/show_bug.cgi?id=73368 - - Reviewed by Darin Adler. - - We need to search the entire prototype chain for the convertToType callback, rather than just calling whatever - happens to be in the first class of the chain, which potentially could be null. - - - - * API/JSCallbackFunction.cpp: - (JSC::JSCallbackFunction::toStringCallback): - (JSC::JSCallbackFunction::valueOfCallback): - -2011-11-29 Sam Weinig - - Add adoptCF and adoptNS convenience functions to RetainPtr.h - https://bugs.webkit.org/show_bug.cgi?id=73399 - - Reviewed by Anders Carlsson. - - * wtf/RetainPtr.h: - (WTF::adoptCF): - (WTF::adoptNS): - These adoption functions match the pattern we use in other - smart pointer classes. - -2011-11-30 Adam Roben - - Fix RetainPtr's move assignment operators - - Fixes RetainPtr's move assignment operators don't modify the - pointer being assigned to - - I didn't write a test for this because we don't have a way of unit testing C++11 code (see - ). - - Reviewed by Anders Carlsson. - - * wtf/RetainPtr.h: - (WTF::RetainPtr::operator=): Adopt the passed-in RetainPtr's underlying pointer, not our own - pointer. - -2011-11-30 Csaba Osztrogonác - - Unreviewed rolling out incorrect r101481. - - * assembler/MIPSAssembler.h: - * assembler/MacroAssemblerMIPS.h: - -2011-11-30 Simon Hausmann - - Fix compilation with MingW. - - Reviewed by Csaba Osztrogonác. - - * wtf/ThreadingWin.cpp: - (WTF::initializeCurrentThreadInternal): MingW doesn't support MSVC exception handling, so for - the time being make the thread name setting unimplemented for MingW. - -2011-11-30 Simon Hausmann - - Unreviewed propective build fix for Qt/Windows part 2 after r101477. - - * wtf/ThreadSpecific.h: Fix the OS(WINDOWS) defines for the friend declaration for ThreadSpecific::Data - -2011-11-30 Simon Hausmann - - Unreviewed propective build fix for Qt/Windows after r101477. - - * wtf/ThreadSpecific.h: Use OS(WINDOWS) for declaring "destructor", as it's - only referenced from within another OS(WINDOWS) section. - -2011-11-30 Csaba Osztrogonác - - Unreviewed speculative buildfix after r101457. - - * assembler/MIPSAssembler.h: - (JSC::MIPSAssembler::readCallTarget): - * assembler/MacroAssemblerMIPS.h: - (JSC::MacroAssemblerMIPS::readCallTarget): - -2011-11-30 Andrew Wason - - Replace Qt QThread threading back-end with pthread/Win32 threading back-ends - https://bugs.webkit.org/show_bug.cgi?id=72155 - - Reviewed by Simon Hausmann. - - Use ThreadingPthreads and ThreadingWin instead of ThreadingQt. - - * heap/MachineStackMarker.cpp: - * wtf/MainThread.cpp: - (WTF::initializeMainThread): - * wtf/Platform.h: - * wtf/ThreadSpecific.h: Drop QThreadStorage related code. - (WTF::::destroy): - * wtf/ThreadingPrimitives.h: - * wtf/qt/MainThreadQt.cpp: Drop Qt specific isMainThread(). - (WTF::initializeMainThreadPlatform): Initialize MainThreadInvoker on main thread to avoid infecting secondary thread with QAdoptedThread. - (WTF::scheduleDispatchFunctionsOnMainThread): - * wtf/qt/ThreadingQt.cpp: Removed. - * wtf/wtf.pro: - -2011-11-30 Csaba Osztrogonác - - MacroAssemblerARM does not implement readCallTarget - https://bugs.webkit.org/show_bug.cgi?id=73413 - - Based on Filip Pizlo's patch. - - Buildfix. Rubber-stamped by Gabor Loki. - - * assembler/ARMAssembler.h: - (JSC::ARMAssembler::readCallTarget): - * assembler/MacroAssemblerARM.h: - (JSC::MacroAssemblerARM::readCallTarget): - -2011-11-29 Filip Pizlo - - Resetting a put_by_id inline cache should preserve the "isDirect" bit - https://bugs.webkit.org/show_bug.cgi?id=73375 - - Reviewed by Gavin Barraclough. - - For the replace case, we can find out if it was direct by looking at the - slow call. For the transition case, we explicitly remember if it was - direct. - - * bytecode/CodeBlock.cpp: - (JSC::printStructureStubInfo): - * bytecode/StructureStubInfo.cpp: - (JSC::StructureStubInfo::deref): - (JSC::StructureStubInfo::visitWeakReferences): - * bytecode/StructureStubInfo.h: - (JSC::isPutByIdAccess): - (JSC::StructureStubInfo::initPutByIdTransition): - * dfg/DFGByteCodeParser.cpp: - (JSC::DFG::ByteCodeParser::parseBlock): - * dfg/DFGRepatch.cpp: - (JSC::DFG::tryCachePutByID): - * jit/JIT.h: - * jit/JITPropertyAccess.cpp: - (JSC::JIT::resetPatchPutById): - (JSC::JIT::isDirectPutById): - * jit/JITPropertyAccess32_64.cpp: - (JSC::JIT::resetPatchPutById): - * jit/JITStubs.cpp: - (JSC::JITThunks::tryCachePutByID): - -2011-11-29 Sam Weinig - - Remove RetainPtr::releaseRef - https://bugs.webkit.org/show_bug.cgi?id=73396 - - Reviewed by Dan Bernstein. - - * wtf/RetainPtr.h: - Be gone releaseRef! Long live leakRef! - -2011-11-29 Sam Weinig - - Add move semantics to RetainPtr - https://bugs.webkit.org/show_bug.cgi?id=73393 - - Reviewed by Anders Carlsson. - - * wtf/RetainPtr.h: - (WTF::RetainPtr::RetainPtr): - Add a move constructor and move enabled assignment operators - to RetainPtr if the compiler being used supports rvalue - references. If the compiler does not support it, we fallback - to the copy semantics we have always had. - -2011-11-29 Yuqiang Xian - - DFG local CSE may cause incorrect reference counting for a node - https://bugs.webkit.org/show_bug.cgi?id=73390 - - Reviewed by Filip Pizlo. - - When performing a node substitution, the ref count of the replaced - child will be increased, no matter whether the user node is skipped in - code generation or not. This will cause the reference count of the - replaced child never get the chance to become zero and so the - registers occupied by it cannot be reused simply without spilling, if - it's used by a "skipped" node. - This is a 1% gain on V8 benchmark, tested on IA32 Linux. - - * dfg/DFGPropagator.cpp: - (JSC::DFG::Propagator::performSubstitution): - (JSC::DFG::Propagator::performNodeCSE): - -2011-11-29 David Levin - - Add a way to revert a variable to its previous value after leaving a scope. - https://bugs.webkit.org/show_bug.cgi?id=73371 - - Reviewed by Adam Barth. - - In case anyone from Chromium sees this, it is nearly identical to AutoReset - but if the same name were used, it causes unnecessary ambiguity. - - * JavaScriptCore.xcodeproj/project.pbxproj: - * wtf/TemporarilyChange.h: Added. - (WTF::TemporarilyChange::TemporarilyChange): - (WTF::TemporarilyChange::~TemporarilyChange): - -2011-11-29 Sam Weinig - - Add COMPILER_SUPPORTS macro to allow for compiler feature testing - https://bugs.webkit.org/show_bug.cgi?id=73386 - - Reviewed by Anders Carlsson. - - * wtf/Compiler.h: - Add COMPILER_SUPPORTS and #defines for C++11 variadic templates and - rvalue references for Clang. - -2011-11-29 Oliver Hunt - - Allow WebCore to describe typed arrays to JSC - https://bugs.webkit.org/show_bug.cgi?id=73355 - - Reviewed by Gavin Barraclough. - - Allow globaldata to track the structure of typed arrays. - - * runtime/JSGlobalData.h: - (JSC::TypedArrayDescriptor::TypedArrayDescriptor): - -2011-11-28 Filip Pizlo - - DFG debugCall() mechanism only works on X86 and X86-64 - https://bugs.webkit.org/show_bug.cgi?id=73282 - - Reviewed by Oliver Hunt. - - * dfg/DFGAssemblyHelpers.h: - (JSC::DFG::AssemblyHelpers::debugCall): - -2011-11-28 Filip Pizlo - - DFG non-X86 ArithDiv does speculation failure after mutating state, - without a value recovery - https://bugs.webkit.org/show_bug.cgi?id=73286 - - Reviewed by Gavin Barraclough. - - * dfg/DFGSpeculativeJIT32_64.cpp: - (JSC::DFG::SpeculativeJIT::compile): - -2011-11-28 Filip Pizlo - - Unreviewed build fixes for ARM. - - * assembler/MacroAssemblerARMv7.h: - (JSC::MacroAssemblerARMv7::readCallTarget): - * dfg/DFGSpeculativeJIT.h: - (JSC::DFG::SpeculativeJIT::setupArgumentsWithExecState): - -2011-11-20 Roland Steiner - -