Google Git
Sign in
chromium/external/github.com/WebKit/webkit/91fd3b928616734def6b4a754deaf8b48af497b0/./Source/JavaScriptCore/ChangeLog
blob: ea202b39c01a5de9e806475ba7dbf6b325cd86b2 [file] [log] [blame]
2014-01-27 Brent Fulgham <bfulgham@apple.com>
Merge r162723.
2014-01-24 Brent Fulgham <bfulgham@apple.com>
[Win] Convert some NMake files to MSBuild project files
https://bugs.webkit.org/show_bug.cgi?id=127579
Reviewed by Tim Horton.
* JavaScriptCore.vcxproj/JavaScriptCore.make: Removed.
* JavaScriptCore.vcxproj/JavaScriptCore.proj: Added.
2014-01-27 Brent Fulgham <bfulgham@apple.com>
Merge r154513, r154354.
2013-08-23 Alex Christensen <alex.christensen@flexsim.com>
Re-separating Win32 and Win64 builds.
https://bugs.webkit.org/show_bug.cgi?id=120178
Reviewed by Brent Fulgham.
* JavaScriptCore.vcxproj/JavaScriptCoreGenerated.make:
* JavaScriptCore.vcxproj/LLInt/LLIntAssembly/LLIntAssembly.make:
* JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/LLIntDesiredOffsets.make:
Pass PlatformArchitecture as a command line parameter to bash scripts.
* JavaScriptCore.vcxproj/copy-files.cmd: Use correct architecture
for build conditions.
* JavaScriptCore.vcxproj/jsc/jscCommon.props: Ditto
* JavaScriptCore.vcxproj/testRegExp/testRegExpCommon.props: Ditto
2014-01-23 Brent Fulgham <bfulgham@apple.com>
Merge r162621
2014-01-22 Brent Fulgham <bfulgham@apple.com>
[Win] Update project and solution files for 64-bit builds.
https://bugs.webkit.org/show_bug.cgi?id=127457
Reviewed by Eric Carlson.
* JavaScriptCore.vcxproj/JavaScriptCore.submit.sln: Add 64-bit target.
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Specify v100 target
for all builds on this branch.
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Add missing
file from project view.
* JavaScriptCore.vcxproj/jsc/jsc.vcxproj: Specify v100 target for
all builds on this branch.
* JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj: Ditto
* JavaScriptCore.vcxproj/testapi/testapi.vcxproj: Ditto
2014-01-22 Brent Fulgham <bfulgham@apple.com>
Merge r157607
2013-10-17 Alex Christensen <achristensen@webkit.org>
Run JavaScriptCore tests again on Windows.
https://bugs.webkit.org/show_bug.cgi?id=122787
Reviewed by Tim Horton.
* JavaScriptCore.vcxproj/JavaScriptCore.sln: Added.
* jit/JITStubsMSVC64.asm: Removed reference to cti_vm_throw unused since r157581.
2013-12-23 Matthew Hanson <matthew_hanson@apple.com>
Merge 161003: <rdar://problem/15719584>
2013-12-23 Lucas Forschler <lforschler@apple.com>
<rdar://problem/15682948> Update copyright strings
Reviewed by Dan Bernstein.
* Info.plist:
* JavaScriptCore.vcxproj/JavaScriptCore.resources/Info.plist:
2013-12-17 Matthew Hanson <matthew_hanson@apple.com>
Merge the patch attached to <rdar://problem/15684269>
2013-10-07 Oliver Hunt <oliver@apple.com>
PutGlobalProperty doesn't kill specialised values
Reviewed by Geoff Garen.
When we're generating instructions to change a global property
we just pre-emptively despecialise it.
* runtime/JSScope.cpp:
(JSC::JSScope::resolveContainingScopeInternal):
2013-12-11 Matthew Hanson <matthew_hanson@apple.com>
Merge r154513
2013-08-23 Alex Christensen <achristensen@apple.com>
Re-separating Win32 and Win64 builds.
https://bugs.webkit.org/show_bug.cgi?id=120178
Reviewed by Brent Fulgham.
* JavaScriptCore.vcxproj/JavaScriptCoreGenerated.make:
* JavaScriptCore.vcxproj/LLInt/LLIntAssembly/LLIntAssembly.make:
* JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/LLIntDesiredOffsets.make:
Pass PlatformArchitecture as a command line parameter to bash scripts.
* JavaScriptCore.vcxproj/LLInt/LLIntAssembly/build-LLIntAssembly.sh:
* JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/build-LLIntDesiredOffsets.sh:
* JavaScriptCore.vcxproj/build-generated-files.sh:
Use PlatformArchitecture from command line to determine which object directory to use (obj32 or obj64).
2013-12-11 Matthew Hanson <matthew_hanson@apple.com>
Merge 156934.
2013-10-04 Brent Fulgham <bfulgham@apple.com>
Silence compiler warning when building 64-bit (on Windows)
Reviewed by Geoffrey Garen.
* jit/JSInterfaceJIT.h: Add a static cast for assignment.
2013-12-10 Matthew Hanson <matthew_hanson@apple.com>
Merge 154333
2013-08-20 Alex Christensen <achristensen@apple.com>
Use PlatformArchitecture to distinguish between 32-bit and 64-bit builds on Windows.
https://bugs.webkit.org/show_bug.cgi?id=119512
Reviewed by Brent Fulgham.
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
* JavaScriptCore.vcxproj/JavaScriptCoreCommon.props:
* JavaScriptCore.vcxproj/LLInt/LLIntAssembly/LLIntAssembly.vcxproj:
* JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/LLIntDesiredOffsets.vcxproj:
* JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcxproj:
* JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorCommon.props:
Replaced obj32, bin32, and lib32 with macros for 64-bit build.
2013-12-10 Matthew Hanson <matthew_hanson@apple.com>
Merge 152982
2013-07-22 Alex Christensen <achristensen@apple.com>
Added assembly files to Windows 64-bit builds.
https://bugs.webkit.org/show_bug.cgi?id=118931
Reviewed by Brent Fulgham.
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Added JITStubsMSVC64.asm for x64 and enabled MASM.
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Added JITStubsMSVC64.asm.
2013-12-10 Matthew Hanson <matthew_hanson@apple.com>
Merge 152921
2013-07-19 Alex Christensen <achristensen@apple.com>
Added x64 configuration to Visual Studio build.
https://bugs.webkit.org/show_bug.cgi?id=118888
Reviewed by Brent Fulgham.
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.vcxproj/JavaScriptCoreGenerated.vcxproj:
* JavaScriptCore.vcxproj/LLInt/LLIntAssembly/LLIntAssembly.vcxproj:
* JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/LLIntDesiredOffsets.vcxproj:
* JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcxproj:
* JavaScriptCore.vcxproj/jsc/jsc.vcxproj:
* JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj:
* JavaScriptCore.vcxproj/testapi/testapi.vcxproj:
2013-11-08 Lucas Forschler <lforschler@apple.com>
Merge r158882
2013-11-07 Roger Fong <roger_fong@apple.com>
Rollout part of r146669 which caused a performance regression.
<rdar://problem/15265457>.
Rubberstamped by Filip Pizlo.
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
2013-10-28 Lucas Forschler <lforschler@apple.com>
Merge r157830
2013-10-22 Geoffrey Garen <ggaren@apple.com>
REGRESSION: `if (false === (true && undefined)) console.log("wrong!");` logs "wrong!", shouldn't!
https://bugs.webkit.org/show_bug.cgi?id=123179
Reviewed by Mark Hahnenberg.
* parser/NodeConstructors.h:
(JSC::LogicalOpNode::LogicalOpNode):
* parser/ResultType.h:
(JSC::ResultType::forLogicalOp): Don't assume that && produces a boolean.
This is JavaScript (aka Sparta).
2013-10-28 Brent Fulgham <bfulgham@apple.com>
Debug build correction after r158124.
* runtime/JSObject.h:
(JSC::JSObject::setStructure): Use external hasIndexingHeader function since
the member function did not exist at the time of this branch.
2013-10-28 Lucas Forschler <lforschler@apple.com>
Merge r157830
2013-10-22 Geoffrey Garen <ggaren@apple.com>
REGRESSION: `if (false === (true && undefined)) console.log("wrong!");` logs "wrong!", shouldn't!
https://bugs.webkit.org/show_bug.cgi?id=123179
Reviewed by Mark Hahnenberg.
* parser/NodeConstructors.h:
(JSC::LogicalOpNode::LogicalOpNode):
* parser/ResultType.h:
(JSC::ResultType::forLogicalOp): Don't assume that && produces a boolean.
This is JavaScript (aka Sparta).
2013-10-28 Lucas Forschler <lforschler@apple.com>
Merge r156302
2013-09-23 Patrick Gansterer <paroga@webkit.org>
use NOMINMAX instead of #define min min
https://bugs.webkit.org/show_bug.cgi?id=73563
Reviewed by Brent Fulgham.
Use NOMINMAX instead of #define min/max as a cleaner
way of ensuring that Windows system header files don't
define min/max as macro in the first place.
* config.h:
2013-10-28 Lucas Forschler <lforschler@apple.com>
Merge r154366
2013-08-20 Mark Hahnenberg <mhahnenberg@apple.com>
<https://webkit.org/b/120079> Flattening a dictionary can cause CopiedSpace corruption
Reviewed by Oliver Hunt.
When we flatten an object in dictionary mode, we compact its properties. If the object
had out-of-line storage in the form of a Butterfly prior to this compaction, and after
compaction its properties fit inline, the object's Structure "forgets" that the object
has a non-zero Butterfly pointer. During GC, we check the Butterfly and reportLiveBytes
with bytes = 0, which causes all sorts of badness in CopiedSpace.
Instead, after we flatten a dictionary, if properties fit inline we should clear the
Butterfly pointer so that the GC doesn't get confused later.
This patch does this clearing, and it also adds JSObject::checkStructure, which overrides
JSCell::checkStructure to add an ASSERT that makes sure that the Structure being assigned
agrees with the whether or not the object has a Butterfly. Also added an ASSERT to check
that the number of bytes reported to SlotVisitor::copyLater is non-zero.
* heap/SlotVisitorInlines.h:
(JSC::SlotVisitor::copyLater):
* runtime/JSObject.cpp:
(JSC::JSObject::notifyPresenceOfIndexedAccessors):
(JSC::JSObject::convertUndecidedToInt32):
(JSC::JSObject::convertUndecidedToDouble):
(JSC::JSObject::convertUndecidedToContiguous):
(JSC::JSObject::convertInt32ToDouble):
(JSC::JSObject::convertInt32ToContiguous):
(JSC::JSObject::genericConvertDoubleToContiguous):
(JSC::JSObject::switchToSlowPutArrayStorage):
(JSC::JSObject::setPrototype):
(JSC::JSObject::putDirectAccessor):
(JSC::JSObject::seal):
(JSC::JSObject::freeze):
(JSC::JSObject::preventExtensions):
(JSC::JSObject::reifyStaticFunctionsForDelete):
(JSC::JSObject::removeDirect):
* runtime/JSObject.h:
(JSC::JSObject::setButterfly):
(JSC::JSObject::putDirectInternal):
(JSC::JSObject::setStructure):
(JSC::JSObject::setStructureAndReallocateStorageIfNecessary):
* runtime/Structure.cpp:
(JSC::Structure::flattenDictionaryStructure):
2013-10-28 Mark Lam <mark.lam@apple.com>
Merge r155471.
https://bugs.webkit.org/show_bug.cgi?id=123409.
Reviewed by Geoffrey Garen.
Re-implemented fix based on the frame iteration mechanhism before the
StackVisitor was available.
2013-09-10 Joseph Pecoraro <pecoraro@apple.com>
Web Inspector: [JSC] Caught exception is treated as uncaught
https://bugs.webkit.org/show_bug.cgi?id=93607
Reviewed by Geoff Garen.
Check up the entire call stack to see if there is an exception handler.
* interpreter/Interpreter.cpp:
(JSC::GetExceptionHandlerFunctor::GetExceptionHandlerFunctor):
(JSC::GetExceptionHandlerFunctor::handler):
(JSC::GetExceptionHandlerFunctor::operator()):
2013-10-25 Lucas Forschler <lforschler@apple.com>
Merge r156214
2013-09-20 Mark Hahnenberg <mhahnenberg@apple.com>
(un)shiftCountWithAnyIndexingType will start over in the middle of copying if it sees a hole
https://bugs.webkit.org/show_bug.cgi?id=121717
Reviewed by Oliver Hunt.
This bug caused the array to become corrupted. We now check for holes before we start moving things,
and start moving things only once we've determined that there are none.
* runtime/JSArray.cpp:
(JSC::JSArray::shiftCountWithAnyIndexingType):
(JSC::JSArray::unshiftCountWithAnyIndexingType):
2013-10-24 Lucas Forschler <lforschler@apple.com>
Merge r154647
2013-08-23 Andy Estes <aestes@apple.com>
Fix issues found by the Clang Static Analyzer
https://bugs.webkit.org/show_bug.cgi?id=120230
Reviewed by Darin Adler.
* API/JSValue.mm:
(valueToString): Don't leak every CFStringRef when in Objective-C GC.
* API/ObjCCallbackFunction.mm:
(JSC::ObjCCallbackFunctionImpl::~ObjCCallbackFunctionImpl): Don't
release m_invocation's target since NSInvocation will do it for us on
-dealloc.
(objCCallbackFunctionForBlock): Tell NSInvocation to retain its target
and -release our reference to the copied block.
* API/tests/minidom.c:
(createStringWithContentsOfFile): Free buffer before returning.
* API/tests/testapi.c:
(createStringWithContentsOfFile): Ditto.
2013-10-24 Lucas Forschler <lforschler@apple.com>
Merge r154346
2013-08-20 Michael Saboff <msaboff@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=120075
REGRESSION (r128400): BBC4 website not displaying pictures
Reviewed by Oliver Hunt.
* runtime/RegExpMatchesArray.h:
(JSC::RegExpMatchesArray::createStructure): Changed the array IndexingType to be ArrayWithSlowPutArrayStorage
so that the match results will be reified before any other modification to the results array.
2013-10-24 Lucas Forschler <lforschler@apple.com>
Merge r154303
2013-08-18 Gavin Barraclough <barraclough@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=119995
Start removing custom implementations of getOwnPropertyDescriptor
Reviewed by Oliver Hunt.
This can now typically implemented in terms of getOwnPropertySlot.
Add a macro to PropertyDescriptor to define an implementation of GOPD in terms of GOPS.
Switch over most classes in JSC & the WebCore bindings generator to use this.
* API/JSCallbackObjectFunctions.h:
* debugger/DebuggerActivation.cpp:
* runtime/Arguments.cpp:
* runtime/ArrayConstructor.cpp:
* runtime/ArrayPrototype.cpp:
* runtime/BooleanPrototype.cpp:
* runtime/DateConstructor.cpp:
* runtime/DatePrototype.cpp:
* runtime/ErrorPrototype.cpp:
* runtime/JSActivation.cpp:
* runtime/JSArray.cpp:
* runtime/JSArrayBuffer.cpp:
* runtime/JSArrayBufferView.cpp:
* runtime/JSCell.cpp:
* runtime/JSDataView.cpp:
* runtime/JSDataViewPrototype.cpp:
* runtime/JSFunction.cpp:
* runtime/JSGenericTypedArrayViewInlines.h:
* runtime/JSNotAnObject.cpp:
* runtime/JSONObject.cpp:
* runtime/JSObject.cpp:
* runtime/NamePrototype.cpp:
* runtime/NumberConstructor.cpp:
* runtime/NumberPrototype.cpp:
* runtime/ObjectConstructor.cpp:
- Implement getOwnPropertySlot in terms of GET_OWN_PROPERTY_DESCRIPTOR_IMPL.
* runtime/PropertyDescriptor.h:
- Added GET_OWN_PROPERTY_DESCRIPTOR_IMPL macro.
* runtime/PropertySlot.h:
(JSC::PropertySlot::isValue):
(JSC::PropertySlot::isGetter):
(JSC::PropertySlot::isCustom):
(JSC::PropertySlot::isCacheableValue):
(JSC::PropertySlot::isCacheableGetter):
(JSC::PropertySlot::isCacheableCustom):
(JSC::PropertySlot::attributes):
(JSC::PropertySlot::getterSetter):
- Add accessors necessary to convert PropertySlot to descriptor.
* runtime/RegExpConstructor.cpp:
* runtime/RegExpMatchesArray.cpp:
* runtime/RegExpMatchesArray.h:
* runtime/RegExpObject.cpp:
* runtime/RegExpPrototype.cpp:
* runtime/StringConstructor.cpp:
* runtime/StringObject.cpp:
- Implement getOwnPropertySlot in terms of GET_OWN_PROPERTY_DESCRIPTOR_IMPL.
2013-10-24 Oliver Hunt <oliver@apple.com>
<https://webkit.org/b/119860> Crash during exception unwinding
Reviewed by Filip Pizlo.
Add an "Unreachable" NodeType, and then rearrange op_throw and op_throw_reference_error
to plant Throw or ThrowReferenceError followed by a flush and then the Unreachable node.
We need this so that Throw and ThrowReferenceError no longer need to be treated as
terminals and the subsequent flush keeps the activation (and other registers) live.
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::::executeEffects):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGNode.h:
(JSC::DFG::Node::isTerminal):
* dfg/DFGNodeType.h:
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2013-10-21 Lucas Forschler <lforschler@apple.com>
Merge r154217
2013-08-16 Filip Pizlo <fpizlo@apple.com>
DFG optimizes out strict mode arguments tear off
https://bugs.webkit.org/show_bug.cgi?id=119504
Reviewed by Mark Hahnenberg and Oliver Hunt.
Don't do the optimization for strict mode.
* dfg/DFGArgumentsSimplificationPhase.cpp:
(JSC::DFG::ArgumentsSimplificationPhase::run):
(JSC::DFG::ArgumentsSimplificationPhase::pruneObviousArgumentCreations):
2013-09-04 Dean Jackson <dino@apple.com>
<rdar://problem/14910916> Disable CSS_SHAPES on safari-537-branch
Reviewed by Beth Dakin.
* Configurations/FeatureDefines.xcconfig:
2013-08-27 Lucas Forschler <lforschler@apple.com>
Merge r154633
2013-08-25 Mark Hahnenberg <mhahnenberg@apple.com>
JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage does a check on the length of the ArrayStorage after possible reallocing it
https://bugs.webkit.org/show_bug.cgi?id=120278
Reviewed by Geoffrey Garen.
* runtime/JSObject.cpp:
(JSC::JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage):
2013-08-08 Lucas Forschler <lforschler@apple.com>
Merge r153819
2013-08-08 Stephanie Lewis <slewis@apple.com>
<rdar://problem/14680524> REGRESSION(153806): Crash @ yahoo.com when WebKit is built with a .order file
Unreviewed.
Ensure llint symbols are in source order.
* JavaScriptCore.order:
2013-08-07 Lucas Forschler <lforschler@apple.com>
Merge r153775
2013-08-06 Stephanie Lewis <slewis@apple.com>
Update Order Files for Safari
<rdar://problem/14517392>
Unreviewed.
* JavaScriptCore.order:
2013-08-07 Lucas Forschler <lforschler@apple.com>
Merge patch from <rdar://problem/14655517>.
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
2013-08-07 Lucas Forschler <lforschler@apple.com>
Merge r153793
2013-08-07 Mark Hahnenberg <mhahnenberg@apple.com>
32-bit code gen for TypeOf doesn't properly update the AbstractInterpreter state
https://bugs.webkit.org/show_bug.cgi?id=119555
Reviewed by Geoffrey Garen.
It uses a speculationCheck where it should be using a DFG_TYPE_CHECK like the 64-bit backend does.
This was causing crashes on maps.google.com in 32-bit debug builds.
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2013-08-07 Lucas Forschler <lforschler@apple.com>
Merge r153374
2013-07-19 Mark Hahnenberg <mhahnenberg@apple.com>
Setting a large numeric property on an object causes it to allocate a huge backing store
https://bugs.webkit.org/show_bug.cgi?id=118914
Reviewed by Geoffrey Garen.
There are two distinct actions that we're trying to optimize for:
new Array(100000);
and:
a = [];
a[100000] = 42;
In the first case, the programmer has indicated that they expect this Array to be very big,
so they should get a contiguous array up until some threshold, above which we perform density
calculations to see if it is indeed dense enough to warrant being contiguous.
In the second case, the programmer hasn't indicated anything about the size of the Array, so
we should be more conservative and assume it should be sparse until we've proven otherwise.
Currently both of those cases are handled by MIN_SPARSE_ARRAY_INDEX. We should distinguish
between them for the purposes of not over-allocating large backing stores like we see on
http://www.peekanalytics.com/burgerjoints/
The way that we'll do this is to keep the MIN_SPARSE_ARRAY_INDEX for the first case, and
introduce a new heuristic for the second case. If we are putting to an index above a certain
threshold (say, 1000) and it is beyond the length of the array, then we will use a sparse
map instead. So for example, in the second case above the empty array has a blank indexing
type and a length of 0. We put-by-val to an index > 1000 and > a.length, so we'll use a sparse map.
This fix is ~800x speedup on the accompanying regression test :-o
* runtime/ArrayConventions.h:
(JSC::indexIsSufficientlyBeyondLengthForSparseMap):
* runtime/JSObject.cpp:
(JSC::JSObject::putByIndexBeyondVectorLengthWithoutAttributes):
(JSC::JSObject::putByIndexBeyondVectorLengthWithArrayStorage):
(JSC::JSObject::putByIndexBeyondVectorLength):
(JSC::JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage):
2013-08-01 Lucas Forschler <lforschler@apple.com>
Merge r153615
2013-08-01 Oliver Hunt <oliver@apple.com>
DFG is not enforcing correct ordering of ToString conversion in MakeRope
https://bugs.webkit.org/show_bug.cgi?id=119408
Reviewed by Filip Pizlo.
Construct ToString and Phantom nodes in advance of MakeRope
nodes to ensure that ordering is ensured, and correct values
will be reified on OSR exit.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
2013-08-01 Mark Hahnenberg <mhahnenberg@apple.com>
GetByVal on Arguments does the wrong size load when checking the Arguments object length
https://bugs.webkit.org/show_bug.cgi?id=119281
Reviewed by Geoffrey Garen.
This leads to out of bounds accesses and subsequent crashes.
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileGetByValOnArguments):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2013-07-29 Lucas Forschler <lforschler@apple.com>
Merge r153071
2013-07-23 Mark Lam <mark.lam@apple.com>
Removed unused sourceOffset from JSTokenLocation.
https://bugs.webkit.org/show_bug.cgi?id=118996.
Reviewed by Geoffrey Garen.
This also removes the assertion reported in the bug because it is now
moot, thereby resolving the assertion failure issue on Windows.
* bytecompiler/NodesCodegen.cpp:
(JSC::ArrayNode::toArgumentList):
(JSC::ApplyFunctionCallDotNode::emitBytecode):
* parser/Lexer.cpp:
(JSC::::lex):
* parser/Lexer.h:
(JSC::::lexExpectIdentifier):
* parser/Nodes.h:
* parser/Parser.cpp:
(JSC::::Parser):
(JSC::::parseFunctionInfo):
(JSC::::parseExpressionOrLabelStatement):
(JSC::::parseMemberExpression):
* parser/Parser.h:
(JSC::::parse):
* parser/ParserTokens.h:
(JSC::JSTokenLocation::JSTokenLocation):
2013-07-29 Lucas Forschler <lforschler@apple.com>
Merge r153410
2013-07-28 Oliver Hunt <oliver@apple.com>
REGRESSION: Crash when opening Facebook.com
https://bugs.webkit.org/show_bug.cgi?id=119155
Reviewed by Andreas Kling.
Scope nodes are always objects, so we should be using SpecObjectOther
rather than SpecCellOther. Marking Scopes as CellOther leads to a
contradiction in the CFA, resulting in bogus codegen.
* dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::executeEffects):
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
2013-07-24 Lucas Forschler <lforschler@apple.com>
Merge r153075
2013-07-23 Filip Pizlo <fpizlo@apple.com>
DFG string concatenation optimizations might emit speculative nodes after emitting nodes that kill the original inputs
https://bugs.webkit.org/show_bug.cgi?id=119032
Reviewed by Oliver Hunt.
It just needs some Phantom action.
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::attemptToMakeFastStringAdd):
2013-07-22 Lucas Forschler <lforschler@apple.com>
Merge r152882
2013-07-18 Andreas Kling <akling@apple.com>
CodeBlock DFG entry list isn't getting shrunk-to-fit after linking.
<http://webkit.org/b/118875>
<rdar://problem/14488577>
Reviewed by Geoffrey Garen.
Move the CodeBlock::shrinkToFit() call out of JITCompiler::link() and to the call sites
so SpeculativeJIT::linkOSREntries() can fill in CodeBlock::m_dfgData->osrEntry first.
886 kB progression on <http://twitter.com/awesomekling>
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::link):
(JSC::DFG::JITCompiler::compile):
(JSC::DFG::JITCompiler::compileFunction):
2013-07-22 Lucas Forschler <lforschler@apple.com>
Merge r152868
2013-07-18 Filip Pizlo <fpizlo@apple.com>
LLInt get_argument_by_val for JSVALUE64 stores into the array profile when it meant to store into the value profile
https://bugs.webkit.org/show_bug.cgi?id=118865
Reviewed by Mark Hahnenberg.
* llint/LowLevelInterpreter64.asm:
2013-07-22 Lucas Forschler <lforschler@apple.com>
Merge r152848
2013-07-18 Andreas Kling <akling@apple.com>
CodeBlock::m_argumentValueProfiles wastes a lot of memory.
<http://webkit.org/b/118852>
<rdar://problem/14481659>
Reviewed by Anders Carlsson.
Use Vector::resizeToFit() for CodeBlock::m_argumentValueProfiles. We don't need any padding
for growth, since we won't be appending to it anyway.
921 KB progression on <http://twitter.com/awesomekling>
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::setNumParameters):
2013-07-22 Lucas Forschler <lforschler@apple.com>
Merge r152737
2013-07-16 Mark Hahnenberg <mhahnenberg@apple.com>
Remove reference to JSValueStructSupport.h from JSExport.h
https://bugs.webkit.org/show_bug.cgi?id=118746
Reviewed by Filip Pizlo.
* API/JSExport.h: No such header exists, so it doesn't make sense to reference it.
2013-07-22 Lucas Forschler <lforschler@apple.com>
Merge r152600
2013-07-12 Brent Fulgham <bfulgham@apple.com>
[Windows] Build correction after r152573/r152577.
https://bugs.webkit.org/show_bug.cgi?id=118610
Reviewed by Oliver Hunt.
* jit/JITThunks.cpp:
(JSC::JITThunks::hostFunctionStub): Hand-feed MSVC++ the fact that we want the second
argument of the make_pair to be a function pointer.
2013-07-19 Lucas Forschler <lforschler@apple.com>
Merge r152818
2013-07-17 Filip Pizlo <fpizlo@apple.com>
Unreviewed, fix 32-bit after http://trac.webkit.org/changeset/152813
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileNewFunctionNoCheck):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2013-07-19 Lucas Forschler <lforschler@apple.com>
Merge r152813
2013-07-17 Filip Pizlo <fpizlo@apple.com>
DFG assumes that NewFunction will never pass its input through
https://bugs.webkit.org/show_bug.cgi?id=118798
Reviewed by Sam Weinig.
Previously the DFG was assuming that NewFunction always returns a function. That's not
the case. It may return whatever was passed to it, if it wasn't passed SpecEmpty.
This fact needed to be wired through the compiler.
* dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::executeEffects):
* dfg/DFGAbstractValue.h:
(JSC::DFG::AbstractValue::makeTop):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::callOperation):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2013-07-18 Lucas Forschler <lforschler@apple.com>
Merge r152807
2013-07-17 Geoffrey Garen <ggaren@apple.com>
JSStringCreateWithCFString should not convert the empty string into the NULL string
https://bugs.webkit.org/show_bug.cgi?id=118816
Reviewed by Sam Weinig.
* API/JSStringRef.cpp:
(JSStringCreateWithUTF8CString): Removed an extraneous comment, which
a previous version of the patch made incorrect.
* API/JSStringRefCF.cpp:
(JSStringCreateWithCFString): Don't convert the empty string into the
null string.
2013-07-17 Lucas Forschler <lforschler@apple.com>
Rollout r152600
2013-07-17 Lucas Forschler <lforschler@apple.com>
Merge r152600
2013-07-12 Brent Fulgham <bfulgham@apple.com>
[Windows] Build correction after r152573/r152577.
https://bugs.webkit.org/show_bug.cgi?id=118610
Reviewed by Oliver Hunt.
* jit/JITThunks.cpp:
(JSC::JITThunks::hostFunctionStub): Hand-feed MSVC++ the fact that we want the second
argument of the make_pair to be a function pointer.
2013-07-17 Lucas Forschler <lforschler@apple.com>
Merge r152742
2013-07-16 Filip Pizlo <fpizlo@apple.com>
MakeRope fixup shouldn't lead to an Identity without kids
https://bugs.webkit.org/show_bug.cgi?id=118745
Reviewed by Mark Hahnenberg.
Make the empty string pruning part of fixupMakeRope() stop if it's on the last child.
Make Node::convertToIdentity release-assert that it has exactly one kid.
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupMakeRope):
* dfg/DFGNode.h:
(JSC::DFG::Node::convertToIdentity):
2013-07-15 Lucas Forschler <lforschler@apple.com>
Merge r152613
2013-07-13 Commit Queue <commit-queue@webkit.org>
Unreviewed, rolling out r151978.
http://trac.webkit.org/changeset/151978
https://bugs.webkit.org/show_bug.cgi?id=118651
Caused regressions at least 3 websites (Requested by rniwa on
#webkit).
* runtime/JSCJSValue.h:
* runtime/JSString.h:
2013-07-15 Lucas Forschler <lforschler@apple.com>
Merge r152577
2013-07-11 Oliver Hunt <oliver@apple.com>
Attempt to fix the windows build.
* jit/JITThunks.cpp:
(JSC::JITThunks::hostFunctionStub):
* jit/JITThunks.h:
2013-07-15 Lucas Forschler <lforschler@apple.com>
Merge r152573
2013-07-10 Oliver Hunt <oliver@apple.com>
NativeExecutable cache needs to use both call and construct functions for key
https://bugs.webkit.org/show_bug.cgi?id=118545
Reviewed by Geoffrey Garen.
Make the native executable cache make use a key pair so we don't decide to
treat all subsequent functions as not being constructors.
* jit/JITThunks.cpp:
(JSC::JITThunks::hostFunctionStub):
* jit/JITThunks.h:
* runtime/JSBoundFunction.cpp:
(JSC::JSBoundFunction::create):
* runtime/JSCell.cpp:
(JSC::JSCell::getCallData):
(JSC::JSCell::getConstructData):
2013-07-09 Lucas Forschler <lforschler@apple.com>
Merge r152497
2013-07-09 Mark Lam <mark.lam@apple.com>
Gardening to unbreak builds on the Windows bot.
Not reviewed.
* parser/ParserTokens.h:
2013-07-09 Lucas Forschler <lforschler@apple.com>
Merge r152494
2013-07-09 Mark Lam <mark.lam@apple.com>
Fix 30% JSBench regression (caused by adding column numbers to stack traces).
https://bugs.webkit.org/show_bug.cgi?id=118481.
Reviewed by Mark Hahnenberg and Geoffrey Garen.
Previously, we already capture ExpressionRangeInfo that provides a divot for
each bytecode that can potentially throw an exception (and therefore generate
a stack trace). On first attempt to compute column numbers, we then do a walk
of the source string to record all line start positions in a table associated
with the SourceProvider. The column number can then be computed as
divot - lineStartFor(bytecodeOffset).
The computation of this lineStarts table is the source of the 30% JSBench
performance regression.
The new code now records lineStarts as the lexer and parser scans the source
code. These lineStarts are then used to compute the column number for the
given divot, and stored in the ExpressionRangeInfo. Similarly, we also capture
the line number at the divot point and store that in the ExpressionRangeInfo.
Hence, to look up line and column numbers, we now lookup the ExpressionRangeInfo
for the bytecodeOffset, and then compute the line and column from the values
stored in the expression info.
The strategy:
1. We want to minimize perturbations to the lexer and parser. Specifically,
the changes added should not change how it scans code, and generate bytecode.
2. We regard the divot as the source character position we are interested
in. As such, we'll capture line and lineStart (for column) at the point
when we capture the divot information. This ensures that the 3 values are
consistent.
How the change is done:
1. Change the lexer to track lineStarts.
2. Change the parser to capture line and lineStarts at the point of capturing
divots.
3. Change the parser and associated code to plumb these values all the way to
the point that the correspoinding ExpressionRangeInfo is emitted.
4. Propagate and record SourceCode firstLine and firstLineColumnOffset to the
the necessary places so that we can add them as needed when reifying
UnlinkedCodeBlocks into CodeBlocks.
5. Compress the line and column number values in the ExpressionRangeInfo. In
practice, we seldom have both large line and column numbers. Hence, we can
encode both in an uint32_t most of the time. For the times when we encounter
both large line and column numbers, we have a fallback to store the "fat"
position info.
6. Emit an ExpressionRangeInfo for UnaryOp nodes to get more line and column
number coverage.
7. Change the interpreter to use the new way of computing line and column.
8. Delete old line and column computation code that is now unused.
Misc details:
- the old lexer was tracking both a startOffset and charPosition where
charPosition equals startOffset - SourceCode.startOffset. We now use
startOffset exclusively throughout the system for consistency.
All offset values (including lineStart) are relative to the start of the
SourceProvider string. These values will only be converted to be relative
to the SourceCode.startOffset at the very last minute i.e. when the divot
is stored into the ExpressionRangeInfo.
This change to use the same offset system everywhere reduces confusion
from having to convert back and forth between the 2 systems. It also
enables a lot of assertions to be used.
- Also fixed some bugs in the choice of divot positions to use. For example,
both Eval and Function expressions previously used column numbers from
the start of the expression but used the line number at the end of the
expression. This is now fixed to use either the start or end positions
as appropriate, but not a mix of line and columns from both.
- Why use ints instead of unsigneds for offsets and lineStarts inside the
lexer and parser?
Some tests (e.g. fast/js/call-base-resolution.html and
fast/js/eval-cross-window.html) has shown that lineStart offsets can be
prior to the SourceCode.startOffset. Keeping the lexer offsets as ints
simplifies computations and makes it easier to maintain the assertions
that (startOffset >= lineStartOffset).
However, column and line numbers are always unsigned when we publish
them to the ExpressionRangeInfo. The ints are only used inside the
lexer and parser ... well, and bytecode generator.
- For all cases, lineStart is always captured where the divot is captured.
However, some sputnik conformance tests have shown that we cannot honor
line breaks for assignment statements like the following:
eval("x\u000A*=\u000A-1;");
In this case, the lineStart is expected to be captured at the start of
the assignment expression instead of at the divot point in the middle.
The assignment expression is the only special case for this.
This patch has been tested against the full layout tests both with release
and debug builds with no regression.
* API/JSContextRef.cpp:
(JSContextCreateBacktrace):
- Updated to use the new StackFrame::computeLineAndColumn().
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::CodeBlock):
- Added m_firstLineColumnOffset initialization.
- Plumbed the firstLineColumnOffset into the SourceCode.
- Initialized column for op_debug using the new way.
(JSC::CodeBlock::lineNumberForBytecodeOffset):
- Changed to compute line number using the ExpressionRangeInfo.
(JSC::CodeBlock::columnNumberForBytecodeOffset): Added
- Changed to compute column number using the ExpressionRangeInfo.
(JSC::CodeBlock::expressionRangeForBytecodeOffset):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::firstLineColumnOffset):
(JSC::GlobalCodeBlock::GlobalCodeBlock):
- Plumbed firstLineColumnOffset through to the super class.
(JSC::ProgramCodeBlock::ProgramCodeBlock):
- Plumbed firstLineColumnOffset through to the super class.
(JSC::EvalCodeBlock::EvalCodeBlock):
- Plumbed firstLineColumnOffset through to the super class.
But for EvalCodeBlocks, the firstLineColumnOffset is always 1
because we're starting with a new source string with no start
offset.
(JSC::FunctionCodeBlock::FunctionCodeBlock):
- Plumbed firstLineColumnOffset through to the super class.
* bytecode/ExpressionRangeInfo.h:
- Added modes for encoding line and column into a single 30-bit
unsigned. The encoding is in 1 of 3 modes:
1. FatLineMode: 22-bit line, 8-bit column
2. FatColumnMode: 8-bit line, 22-bit column
3. FatLineAndColumnMode: 32-bit line, 32-bit column
(JSC::ExpressionRangeInfo::encodeFatLineMode): Added.
- Encodes line and column into the 30-bit position using FatLine mode.
(JSC::ExpressionRangeInfo::encodeFatColumnMode): Added.
- Encodes line and column into the 30-bit position using FatColumn mode.
(JSC::ExpressionRangeInfo::decodeFatLineMode): Added.
- Decodes the FatLine mode 30-bit position into line and column.
(JSC::ExpressionRangeInfo::decodeFatColumnMode): Added.
- Decodes the FatColumn mode 30-bit position into line and column.
* bytecode/UnlinkedCodeBlock.cpp:
(JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
- Plumbed startColumn through.
(JSC::UnlinkedFunctionExecutable::link):
- Plumbed startColumn through.
(JSC::UnlinkedCodeBlock::lineNumberForBytecodeOffset):
- Computes a line number using the new way.
(JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset):
- Added decoding of line and column.
- Added handling of the case when we do not find a fitting expression
range info for a specified bytecodeOffset. This only happens if the
bytecodeOffset is below the first expression range info. In that
case, we'll use the first expression range info entry.
(JSC::UnlinkedCodeBlock::addExpressionInfo):
- Added encoding of line and column.
* bytecode/UnlinkedCodeBlock.h:
- Added m_expressionInfoFatPositions in RareData.
(JSC::UnlinkedFunctionExecutable::functionStartColumn):
(JSC::UnlinkedCodeBlock::shrinkToFit):
- Removed obsoleted m_lineInfo.
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitCall): Plumbed line and lineStart through.
(JSC::BytecodeGenerator::emitCallEval): Plumbed line and lineStart through.
(JSC::BytecodeGenerator::emitCallVarargs): Plumbed line and lineStart through.
(JSC::BytecodeGenerator::emitConstruct): Plumbed line and lineStart through.
(JSC::BytecodeGenerator::emitDebugHook): Plumbed lineStart through.
* bytecompiler/BytecodeGenerator.h:
(JSC::BytecodeGenerator::emitNode):
(JSC::BytecodeGenerator::emitNodeInConditionContext):
- Removed obsoleted m_lineInfo.
(JSC::BytecodeGenerator::emitExpressionInfo):
- Plumbed line and lineStart through.
- Compute the line and column to be added to the expression range info.
* bytecompiler/NodesCodegen.cpp:
(JSC::ThrowableExpressionData::emitThrowReferenceError):
(JSC::ResolveNode::emitBytecode):
(JSC::ArrayNode::toArgumentList):
(JSC::BracketAccessorNode::emitBytecode):
(JSC::DotAccessorNode::emitBytecode):
(JSC::NewExprNode::emitBytecode):
(JSC::EvalFunctionCallNode::emitBytecode):
(JSC::FunctionCallValueNode::emitBytecode):
(JSC::FunctionCallResolveNode::emitBytecode):
(JSC::FunctionCallBracketNode::emitBytecode):
(JSC::FunctionCallDotNode::emitBytecode):
(JSC::CallFunctionCallDotNode::emitBytecode):
(JSC::ApplyFunctionCallDotNode::emitBytecode):
(JSC::PostfixNode::emitResolve):
(JSC::PostfixNode::emitBracket):
(JSC::PostfixNode::emitDot):
(JSC::DeleteResolveNode::emitBytecode):
(JSC::DeleteBracketNode::emitBytecode):
(JSC::DeleteDotNode::emitBytecode):
(JSC::PrefixNode::emitResolve):
(JSC::PrefixNode::emitBracket):
(JSC::PrefixNode::emitDot):
- Plumbed line and lineStart through the above as needed.
(JSC::UnaryOpNode::emitBytecode):
- Added emission of an ExpressionRangeInfo for the UnaryOp node.
(JSC::BinaryOpNode::emitStrcat):
(JSC::ThrowableBinaryOpNode::emitBytecode):
(JSC::InstanceOfNode::emitBytecode):
(JSC::emitReadModifyAssignment):
(JSC::ReadModifyResolveNode::emitBytecode):
(JSC::AssignResolveNode::emitBytecode):
(JSC::AssignDotNode::emitBytecode):
(JSC::ReadModifyDotNode::emitBytecode):
(JSC::AssignBracketNode::emitBytecode):
(JSC::ReadModifyBracketNode::emitBytecode):
- Plumbed line and lineStart through the above as needed.
(JSC::ConstStatementNode::emitBytecode):
(JSC::EmptyStatementNode::emitBytecode):
(JSC::DebuggerStatementNode::emitBytecode):
(JSC::ExprStatementNode::emitBytecode):
(JSC::VarStatementNode::emitBytecode):
(JSC::IfElseNode::emitBytecode):
(JSC::DoWhileNode::emitBytecode):
(JSC::WhileNode::emitBytecode):
(JSC::ForNode::emitBytecode):
(JSC::ForInNode::emitBytecode):
(JSC::ContinueNode::emitBytecode):
(JSC::BreakNode::emitBytecode):
(JSC::ReturnNode::emitBytecode):
(JSC::WithNode::emitBytecode):
(JSC::SwitchNode::emitBytecode):
(JSC::LabelNode::emitBytecode):
(JSC::ThrowNode::emitBytecode):
(JSC::TryNode::emitBytecode):
(JSC::ProgramNode::emitBytecode):
(JSC::EvalNode::emitBytecode):
(JSC::FunctionBodyNode::emitBytecode):
- Plumbed line and lineStart through the above as needed.
* interpreter/Interpreter.cpp:
(JSC::appendSourceToError):
- Added line and column arguments for expressionRangeForBytecodeOffset().
(JSC::StackFrame::computeLineAndColumn):
- Replaces StackFrame::line() and StackFrame::column().
(JSC::StackFrame::expressionInfo):
- Added line and column arguments.
(JSC::StackFrame::toString):
- Changed to use the new StackFrame::computeLineAndColumn().
(JSC::Interpreter::getStackTrace):
- Added the needed firstLineColumnOffset arg for the StackFrame.
* interpreter/Interpreter.h:
* parser/ASTBuilder.h:
(JSC::ASTBuilder::BinaryOpInfo::BinaryOpInfo):
(JSC::ASTBuilder::AssignmentInfo::AssignmentInfo):
(JSC::ASTBuilder::createResolve):
(JSC::ASTBuilder::createBracketAccess):
(JSC::ASTBuilder::createDotAccess):
(JSC::ASTBuilder::createRegExp):
(JSC::ASTBuilder::createNewExpr):
(JSC::ASTBuilder::createAssignResolve):
(JSC::ASTBuilder::createFunctionExpr):
(JSC::ASTBuilder::createFunctionBody):
(JSC::ASTBuilder::createGetterOrSetterProperty):
(JSC::ASTBuilder::createFuncDeclStatement):
(JSC::ASTBuilder::createBlockStatement):
(JSC::ASTBuilder::createExprStatement):
(JSC::ASTBuilder::createIfStatement):
(JSC::ASTBuilder::createForLoop):
(JSC::ASTBuilder::createForInLoop):
(JSC::ASTBuilder::createVarStatement):
(JSC::ASTBuilder::createReturnStatement):
(JSC::ASTBuilder::createBreakStatement):
(JSC::ASTBuilder::createContinueStatement):
(JSC::ASTBuilder::createTryStatement):
(JSC::ASTBuilder::createSwitchStatement):
(JSC::ASTBuilder::createWhileStatement):
(JSC::ASTBuilder::createDoWhileStatement):
(JSC::ASTBuilder::createLabelStatement):
(JSC::ASTBuilder::createWithStatement):
(JSC::ASTBuilder::createThrowStatement):
(JSC::ASTBuilder::createDebugger):
(JSC::ASTBuilder::createConstStatement):
(JSC::ASTBuilder::appendBinaryExpressionInfo):
(JSC::ASTBuilder::appendUnaryToken):
(JSC::ASTBuilder::unaryTokenStackLastStart):
(JSC::ASTBuilder::unaryTokenStackLastLineStartPosition): Added.
(JSC::ASTBuilder::assignmentStackAppend):
(JSC::ASTBuilder::createAssignment):
(JSC::ASTBuilder::setExceptionLocation):
(JSC::ASTBuilder::makeDeleteNode):
(JSC::ASTBuilder::makeFunctionCallNode):
(JSC::ASTBuilder::makeBinaryNode):
(JSC::ASTBuilder::makeAssignNode):
(JSC::ASTBuilder::makePrefixNode):
(JSC::ASTBuilder::makePostfixNode):.
- Plumbed line, lineStart, and startColumn through the above as needed.
* parser/Lexer.cpp:
(JSC::::currentSourcePtr):
(JSC::::setCode):
- Added tracking for sourceoffset and lineStart.
(JSC::::internalShift):
(JSC::::parseIdentifier):
- Added tracking for lineStart.
(JSC::::parseIdentifierSlowCase):
(JSC::::parseString):
- Added tracking for lineStart.
(JSC::::parseStringSlowCase):
(JSC::::lex):
- Added tracking for sourceoffset.
(JSC::::sourceCode):
* parser/Lexer.h:
(JSC::Lexer::currentOffset):
(JSC::Lexer::currentLineStartOffset):
(JSC::Lexer::setOffset):
- Added tracking for lineStart.
(JSC::Lexer::offsetFromSourcePtr): Added. conversion function.
(JSC::Lexer::sourcePtrFromOffset): Added. conversion function.
(JSC::Lexer::setOffsetFromSourcePtr):
(JSC::::lexExpectIdentifier):
- Added tracking for sourceoffset and lineStart.
* parser/NodeConstructors.h:
(JSC::Node::Node):
(JSC::ResolveNode::ResolveNode):
(JSC::EvalFunctionCallNode::EvalFunctionCallNode):
(JSC::FunctionCallValueNode::FunctionCallValueNode):
(JSC::FunctionCallResolveNode::FunctionCallResolveNode):
(JSC::FunctionCallBracketNode::FunctionCallBracketNode):
(JSC::FunctionCallDotNode::FunctionCallDotNode):
(JSC::CallFunctionCallDotNode::CallFunctionCallDotNode):
(JSC::ApplyFunctionCallDotNode::ApplyFunctionCallDotNode):
(JSC::PostfixNode::PostfixNode):
(JSC::DeleteResolveNode::DeleteResolveNode):
(JSC::DeleteBracketNode::DeleteBracketNode):
(JSC::DeleteDotNode::DeleteDotNode):
(JSC::PrefixNode::PrefixNode):
(JSC::ReadModifyResolveNode::ReadModifyResolveNode):
(JSC::ReadModifyBracketNode::ReadModifyBracketNode):
(JSC::AssignBracketNode::AssignBracketNode):
(JSC::AssignDotNode::AssignDotNode):
(JSC::ReadModifyDotNode::ReadModifyDotNode):
(JSC::AssignErrorNode::AssignErrorNode):
(JSC::WithNode::WithNode):
(JSC::ForInNode::ForInNode):
- Plumbed line and lineStart through the above as needed.
* parser/Nodes.cpp:
(JSC::StatementNode::setLoc): Plumbed lineStart.
(JSC::ScopeNode::ScopeNode): Plumbed lineStart.
(JSC::ProgramNode::ProgramNode): Plumbed startColumn.
(JSC::ProgramNode::create): Plumbed startColumn.
(JSC::EvalNode::create):
(JSC::FunctionBodyNode::FunctionBodyNode): Plumbed startColumn.
(JSC::FunctionBodyNode::create): Plumbed startColumn.
* parser/Nodes.h:
(JSC::Node::startOffset):
(JSC::Node::lineStartOffset): Added.
(JSC::StatementNode::firstLine):
(JSC::StatementNode::lastLine):
(JSC::ThrowableExpressionData::ThrowableExpressionData):
(JSC::ThrowableExpressionData::setExceptionSourceCode):
(JSC::ThrowableExpressionData::divotStartOffset):
(JSC::ThrowableExpressionData::divotEndOffset):
(JSC::ThrowableExpressionData::divotLine):
(JSC::ThrowableExpressionData::divotLineStart):
(JSC::ThrowableSubExpressionData::ThrowableSubExpressionData):
(JSC::ThrowableSubExpressionData::setSubexpressionInfo):
(JSC::ThrowableSubExpressionData::subexpressionDivot):
(JSC::ThrowableSubExpressionData::subexpressionStartOffset):
(JSC::ThrowableSubExpressionData::subexpressionEndOffset):
(JSC::ThrowableSubExpressionData::subexpressionLine):
(JSC::ThrowableSubExpressionData::subexpressionLineStart):
(JSC::ThrowablePrefixedSubExpressionData::ThrowablePrefixedSubExpressionData):
(JSC::ThrowablePrefixedSubExpressionData::setSubexpressionInfo):
(JSC::ThrowablePrefixedSubExpressionData::subexpressionDivot):
(JSC::ThrowablePrefixedSubExpressionData::subexpressionStartOffset):
(JSC::ThrowablePrefixedSubExpressionData::subexpressionEndOffset):
(JSC::ThrowablePrefixedSubExpressionData::subexpressionLine):
(JSC::ThrowablePrefixedSubExpressionData::subexpressionLineStart):
(JSC::ScopeNode::startStartOffset):
(JSC::ScopeNode::startLineStartOffset):
(JSC::ProgramNode::startColumn):
(JSC::EvalNode::startColumn):
(JSC::FunctionBodyNode::startColumn):
- Plumbed line and lineStart through the above as needed.
* parser/Parser.cpp:
(JSC::::Parser):
(JSC::::parseSourceElements):
(JSC::::parseVarDeclarationList):
(JSC::::parseConstDeclarationList):
(JSC::::parseForStatement):
(JSC::::parseBreakStatement):
(JSC::::parseContinueStatement):
(JSC::::parseReturnStatement):
(JSC::::parseThrowStatement):
(JSC::::parseWithStatement):
- Plumbed line and lineStart through the above as needed.
(JSC::::parseFunctionBody):
- Plumbed startColumn.
(JSC::::parseFunctionInfo):
(JSC::::parseFunctionDeclaration):
(JSC::LabelInfo::LabelInfo):
(JSC::::parseExpressionOrLabelStatement):
(JSC::::parseAssignmentExpression):
(JSC::::parseBinaryExpression):
(JSC::::parseProperty):
(JSC::::parseObjectLiteral):
(JSC::::parsePrimaryExpression):
(JSC::::parseMemberExpression):
(JSC::::parseUnaryExpression):
- Plumbed line, lineStart, startColumn through the above as needed.
* parser/Parser.h:
(JSC::Parser::next):
(JSC::Parser::nextExpectIdentifier):
(JSC::Parser::tokenStart):
(JSC::Parser::tokenColumn):
(JSC::Parser::tokenEnd):
(JSC::Parser::tokenLineStart):
(JSC::Parser::lastTokenLine):
(JSC::Parser::lastTokenLineStart):
(JSC::::parse):
* parser/ParserTokens.h:
(JSC::JSTokenLocation::JSTokenLocation):
- Plumbed lineStart.
(JSC::JSTokenLocation::lineStartPosition):
(JSC::JSTokenLocation::startPosition):
(JSC::JSTokenLocation::endPosition):
* parser/SourceCode.h:
(JSC::SourceCode::SourceCode):
(JSC::SourceCode::startColumn):
(JSC::makeSource):
(JSC::SourceCode::subExpression):
* parser/SourceProvider.cpp: delete old code.
* parser/SourceProvider.h: delete old code.
* parser/SourceProviderCacheItem.h:
(JSC::SourceProviderCacheItem::closeBraceToken):
(JSC::SourceProviderCacheItem::SourceProviderCacheItem):
- Plumbed lineStart.
* parser/SyntaxChecker.h:
(JSC::SyntaxChecker::makeFunctionCallNode):
(JSC::SyntaxChecker::makeAssignNode):
(JSC::SyntaxChecker::makePrefixNode):
(JSC::SyntaxChecker::makePostfixNode):
(JSC::SyntaxChecker::makeDeleteNode):
(JSC::SyntaxChecker::createResolve):
(JSC::SyntaxChecker::createBracketAccess):
(JSC::SyntaxChecker::createDotAccess):
(JSC::SyntaxChecker::createRegExp):
(JSC::SyntaxChecker::createNewExpr):
(JSC::SyntaxChecker::createAssignResolve):
(JSC::SyntaxChecker::createFunctionExpr):
(JSC::SyntaxChecker::createFunctionBody):
(JSC::SyntaxChecker::createFuncDeclStatement):
(JSC::SyntaxChecker::createForInLoop):
(JSC::SyntaxChecker::createReturnStatement):
(JSC::SyntaxChecker::createBreakStatement):
(JSC::SyntaxChecker::createContinueStatement):
(JSC::SyntaxChecker::createWithStatement):
(JSC::SyntaxChecker::createLabelStatement):
(JSC::SyntaxChecker::createThrowStatement):
(JSC::SyntaxChecker::createGetterOrSetterProperty):
(JSC::SyntaxChecker::appendBinaryExpressionInfo):
(JSC::SyntaxChecker::operatorStackPop):
- Made SyntaxChecker prototype changes to match ASTBuilder due to new
args added for plumbing line, lineStart, and startColumn.
* runtime/CodeCache.cpp:
(JSC::CodeCache::generateBytecode):
(JSC::CodeCache::getCodeBlock):
- Plumbed startColumn.
* runtime/Executable.cpp:
(JSC::FunctionExecutable::FunctionExecutable):
(JSC::ProgramExecutable::compileInternal):
(JSC::FunctionExecutable::produceCodeBlockFor):
(JSC::FunctionExecutable::fromGlobalCode):
- Plumbed startColumn.
* runtime/Executable.h:
(JSC::ScriptExecutable::startColumn):
(JSC::ScriptExecutable::recordParse):
(JSC::FunctionExecutable::create):
- Plumbed startColumn.
2013-07-08 Lucas Forschler <lforschler@apple.com>
Merge r152052
2013-06-26 Anders Carlsson <andersca@apple.com>
Add JSStringCreateWithCharactersNoCopy SPI
https://bugs.webkit.org/show_bug.cgi?id=118074
<rdar://problem/14279905>
Reviewed by Geoffrey Garen.
* API/JSStringRef.cpp:
(JSStringCreateWithCharactersNoCopy):
Create a new OpaqueJSString, using the newly added StringImpl::createWithoutCopying function.
* API/JSStringRefPrivate.h: Added.
Add a home for the JSStringCreateWithCharactersNoCopy function.
* API/OpaqueJSString.h:
(OpaqueJSString::OpaqueJSString):
Just call isolatedCopy on the passed in string.
* API/tests/testapi.c:
Add an API test for JSStringCreateWithCharactersNoCopy.
* JavaScriptCore.xcodeproj/project.pbxproj:
Add new files.
2013-07-08 Lucas Forschler <lforschler@apple.com>
Merge r152314
2013-07-02 Mark Hahnenberg <mhahnenberg@apple.com>
Replace RELEASE_ASSERT with ASSERT in CodeBlock:: bytecodeOffsetForCallAtIndex
https://bugs.webkit.org/show_bug.cgi?id=118316
Reviewed by Geoffrey Garen.
This is causing some crashiness in release builds. We should replace it with an ASSERT
until we track down all the places that need fixing in bug 118315.
* bytecode/CodeBlock.h:
(JSC::CodeBlock::bytecodeOffsetForCallAtIndex):
2013-07-01 Lucas Forschler <lforschler@apple.com>
Merge r152091
2013-06-27 Timothy Hatcher <timothy@apple.com>
Notify the debugger about functions created from source code via new Function() or WebCore::JSLazyEventListener.
https://bugs.webkit.org/show_bug.cgi?id=118063
Reviewed by Geoffrey Garen.
* bytecode/UnlinkedCodeBlock.cpp:
(JSC::UnlinkedFunctionExecutable::fromGlobalCode): Call Debugger::sourceParsed.
2013-07-01 Lucas Forschler <lforschler@apple.com>
Merge r151978
2013-06-25 Ryosuke Niwa <rniwa@webkit.org>
JSString should remember AtomicString
https://bugs.webkit.org/show_bug.cgi?id=117386
Reviewed by Geoffrey Garen.
Added JSValue::toAtomicString and JSString::atomicString. These two functions allow WebCore to update
JSString's m_value to set isAtomic flag and avoid the AtomicStringTable lookups in subsequent attempts
to obtain the AtomicString of the same value.
* runtime/JSCJSValue.h:
* runtime/JSString.h:
(JSC::JSString::atomicString):
(JSC::JSValue::toAtomicString):
2013-06-25 Lucas Forschler <lforschler@apple.com>
Merge r151786
2013-06-20 Mark Hahnenberg <mhahnenberg@apple.com>
Improper deallocation of JSManagedValue causes crashes during autorelease pool draining
https://bugs.webkit.org/show_bug.cgi?id=117840
Reviewed by Geoffrey Garen.
Improperly managing a JSManagedValue can cause a crash when the JSC::Weak inside the
JSManagedValue is destroyed upon deallocation. We would rather have improperly maintained
JSManagedValues cause memory leaks than take down the whole app.
The fix is to use the callback to the JSC::Weak on the destruction of the VM so that we
can safely null it out. This will prevent ~Weak from crashing.
* API/JSManagedValue.mm:
(-[JSManagedValue JSC::JSC::]):
(JSManagedValueHandleOwner::finalize):
* API/tests/testapi.mm: Added a test that crashed prior to this fix due to a leaked
managed reference. Also fixed a small style nit I noticed in another test.
2013-06-25 Lucas Forschler <lforschler@apple.com>
Merge r151923
2013-06-24 Roger Fong <roger_fong@apple.com>
Unreviewed. Makefile build fix for AppleWindows.
* JavaScriptCore.vcxproj/JavaScriptCore.make:
2013-06-21 Lucas Forschler <lforschler@apple.com>
Merge r151787
2013-06-20 Roger Fong <roger_fong@apple.com>
Make Windows makefile copy build output to a different folder.
<rdar://problem/14219184>.
* JavaScriptCore.vcxproj/JavaScriptCore.make:
2013-06-18 Roger Fong <roger_fong@apple.com>
Disable some feature flags.
<rdar://problem/14171207>.
Rubberstamped by Jon Lee.
* Configurations/FeatureDefines.xcconfig:
2013-06-18 Oliver Hunt <oliver@apple.com>
Going to google.com/trends causes a crash
https://bugs.webkit.org/show_bug.cgi?id=117602
Reviewed by Geoffrey Garen.
When handling op_throw, etc we need to flush the variables and arguments
for the entire inline stack, not just the top frame.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::flushAllArgumentsAndCapturedVariablesInInlineStack):
(JSC::DFG::ByteCodeParser::parseBlock):
2013-06-18 Roger Fong <roger_fong@apple.com>
Replace tools32 folder with tools and update WebKit Windows solution accordingly.
<rdar://problem/14118143>.
Rubberstamped by Brent Fulgham.
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.vcxproj/JavaScriptCoreDebug.props:
* JavaScriptCore.vcxproj/JavaScriptCoreDebugCFLite.props:
* JavaScriptCore.vcxproj/JavaScriptCoreGenerated.vcxproj:
* JavaScriptCore.vcxproj/JavaScriptCoreGeneratedDebug.props:
* JavaScriptCore.vcxproj/JavaScriptCoreGeneratedProduction.props:
* JavaScriptCore.vcxproj/JavaScriptCoreGeneratedRelease.props:
* JavaScriptCore.vcxproj/JavaScriptCorePostBuild.cmd:
* JavaScriptCore.vcxproj/JavaScriptCoreProduction.props:
* JavaScriptCore.vcxproj/JavaScriptCoreRelease.props:
* JavaScriptCore.vcxproj/JavaScriptCoreReleaseCFLite.props:
* JavaScriptCore.vcxproj/LLInt/LLIntAssembly/LLIntAssembly.vcxproj:
* JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/LLIntDesiredOffsets.vcxproj:
* JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcxproj:
* JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorDebug.props:
* JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorProduction.props:
* JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorRelease.props:
* JavaScriptCore.vcxproj/jsc/jsc.vcxproj:
* JavaScriptCore.vcxproj/jsc/jscDebug.props:
* JavaScriptCore.vcxproj/jsc/jscProduction.props:
* JavaScriptCore.vcxproj/jsc/jscRelease.props:
* JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj:
* JavaScriptCore.vcxproj/testRegExp/testRegExpDebug.props:
* JavaScriptCore.vcxproj/testRegExp/testRegExpProduction.props:
* JavaScriptCore.vcxproj/testRegExp/testRegExpRelease.props:
* JavaScriptCore.vcxproj/testapi/testapi.vcxproj:
* JavaScriptCore.vcxproj/testapi/testapiDebug.props:
* JavaScriptCore.vcxproj/testapi/testapiDebugCFLite.props:
* JavaScriptCore.vcxproj/testapi/testapiProduction.props:
* JavaScriptCore.vcxproj/testapi/testapiRelease.props:
* JavaScriptCore.vcxproj/testapi/testapiReleaseCFLite.props:
2013-06-17 Roger Fong <roger_fong@apple.com>
Modify Windows makefiles to copy some bin output into Program Files.
https://bugs.webkit.org/show_bug.cgi?id=117714.
<rdar://problem/14179054>
Reviewed by Brent Fulgham.
* JavaScriptCore.vcxproj/JavaScriptCore.make:
2013-06-14 Ryosuke Niwa <rniwa@webkit.org>
Function names on Object.prototype should be common identifiers
https://bugs.webkit.org/show_bug.cgi?id=117614
Reviewed by Darin Adler.
Patch written by Sam Weinig. Make Object's prototype function names common identififers since they're used frequently.
* runtime/CommonIdentifiers.h:
* runtime/FunctionConstructor.cpp:
(JSC::constructFunction):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::reset):
* runtime/JSObject.h:
* runtime/ObjectPrototype.cpp:
(JSC::ObjectPrototype::finishCreation):
* runtime/StringPrototype.cpp:
(JSC::StringPrototype::finishCreation):
2013-06-13 Ryosuke Niwa <rniwa@webkit.org>
Remove LiteralIdentifierTable
https://bugs.webkit.org/show_bug.cgi?id=117613
Reviewed by Geoffrey Garen.
Removed LiteralIdentifierTable since it doesn't seem to have any perf. impact now.
* runtime/Identifier.cpp:
(JSC::Identifier::add):
2013-06-12 Conrad Shultz <conrad_shultz@apple.com>
JSExport header documentation substitutes "semicolon" for "colon"
https://bugs.webkit.org/show_bug.cgi?id=117552
Reviewed by Mark Hahnenberg.
* API/JSExport.h:
Fix a couple typos.
2013-06-10 Raphael Kubo da Costa <raphael.kubo.da.costa@intel.com>
[JSC] Remove a vestige of wxWidgets support.
https://bugs.webkit.org/show_bug.cgi?id=117419
Reviewed by Benjamin Poulain.
* runtime/JSExportMacros.h: Remove a check for BUILDING_WX__ that
seems to have gone unnoticed when the wxWidgets port was removed.
2013-06-06 Roger Fong <roger_fong@apple.com>
Stop copying AAS binaries into build folder.
https://bugs.webkit.org/show_bug.cgi?id=117319.
Rubberstamped by Darin Adler.
* JavaScriptCore.vcxproj/JavaScriptCorePreLink.cmd:
* JavaScriptCore.vcxproj/jsc/jscPostBuild.cmd:
* JavaScriptCore.vcxproj/jsc/jscPreLink.cmd:
* JavaScriptCore.vcxproj/testRegExp/testRegExpPostBuild.cmd:
* JavaScriptCore.vcxproj/testRegExp/testRegExpPreLink.cmd:
* JavaScriptCore.vcxproj/testapi/testapiPreLink.cmd:
2013-06-05 Filip Pizlo <fpizlo@apple.com>
DFG CFA shouldn't filter ArrayModes with ALL_NON_ARRAY_ARRAY_MODES if the speculated type is not SpecArray
https://bugs.webkit.org/show_bug.cgi?id=117279
<rdar://problem/14078025>
Reviewed by Mark Hahnenberg.
* dfg/DFGAbstractValue.h:
(JSC::DFG::AbstractValue::filterArrayModesByType):
2013-06-05 Michael Saboff <msaboff@apple.com>
JSC: Crash beneath cti_op_div @ http://gmailblog.blogspot.com
https://bugs.webkit.org/show_bug.cgi?id=117280
Reviewed by Filip Pizlo.
Updated the merging of VariableAccessData nodes in ArgumentPosition lists
to find the unified VariableAccessData node that is the root of the
current node instead of using the current node directly when merging
attributes.
Added new dump code to dump the ArgumentPosition list.
* dfg/DFGArgumentPosition.h:
(JSC::DFG::rgumentPosition::mergeArgumentPredictionAwareness):
(JSC::DFG::ArgumentPosition::mergeArgumentUnboxingAwareness):
(JSC::DFG::ArgumentPosition::dump):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
2013-06-05 Bear Travis <betravis@adobe.com>
[CSS Exclusions][CSS Shapes] Split CSS Exclusions & Shapes compile & runtime flags
https://bugs.webkit.org/show_bug.cgi?id=117172
Reviewed by Alexandru Chiculita.
Adding the CSS_SHAPES compile flag.
* Configurations/FeatureDefines.xcconfig:
2013-06-05 Balazs Kilvady <kilvadyb@homejinni.com>
JSC Assertion tests failures on MIPS.
https://bugs.webkit.org/show_bug.cgi?id=116552
Reviewed by Geoffrey Garen.
Fix condition handlig in branchAdd32 implemetations.
* assembler/MacroAssemblerMIPS.h:
(JSC::MacroAssemblerMIPS::branchAdd32):
2013-06-04 Julien Brianceau <jbrianceau@nds.com>
[sh4] Add floating point absolute function support in baseline JIT.
https://bugs.webkit.org/show_bug.cgi?id=117147
Reviewed by Geoffrey Garen.
* assembler/MacroAssemblerSH4.h:
(JSC::MacroAssemblerSH4::supportsFloatingPointAbs):
(JSC::MacroAssemblerSH4::absDouble):
* assembler/SH4Assembler.h:
(JSC::SH4Assembler::dabs):
(JSC::SH4Assembler::printInstr):
2013-06-04 Zan Dobersek <zdobersek@igalia.com>
[JSC] Test262 15.5.4.9_3 test is failing
https://bugs.webkit.org/show_bug.cgi?id=116789
Reviewed by Geoffrey Garen.
Bring the String.prototype.localeCompare behavior in line wit ES5 15.9.4.9.
If method is not given enough arguments, the minimal amount of arguments must be assumed, with their value being undefined.
The first argument to localeCompare, in its string form, is used as the 'that' string that's used in the comparison.
Therefor, when calling str.localeCompare() or str.localeCompare(undefined), the first argument is `undefined` and the
string "undefined" is used as the string to which value of str is compared.
* runtime/StringPrototype.cpp:
(JSC::stringProtoFuncLocaleCompare): Remove the early return in case of no given arguments to achieve the desired behavior.
2013-06-03 Hojong Han <hojong.han@samsung.com>
[EFL] Implement GCActivityCallback
https://bugs.webkit.org/show_bug.cgi?id=95923
Reviewed by Geoffrey Garen.
Implements the activity triggered garbage collector.
Additional GCs can be triggered by platfrom timer.
It has sort of compaction effect not to make JSC heap grow fast
so that memory usage becomes lower than usual.
* PlatformEfl.cmake: Added.
* heap/HeapTimer.cpp:
(JSC):
(JSC::HeapTimer::HeapTimer):
(JSC::HeapTimer::~HeapTimer):
(JSC::HeapTimer::add):
(JSC::HeapTimer::stop):
(JSC::HeapTimer::timerEvent):
* heap/HeapTimer.h:
(HeapTimer):
* jsc.cpp:
(main):
* runtime/GCActivityCallback.cpp:
(JSC):
(JSC::DefaultGCActivityCallback::DefaultGCActivityCallback):
(JSC::DefaultGCActivityCallback::scheduleTimer):
(JSC::DefaultGCActivityCallback::cancelTimer):
(JSC::DefaultGCActivityCallback::didAllocate):
* runtime/GCActivityCallback.h:
(GCActivityCallback):
(JSC::GCActivityCallback::GCActivityCallback):
(DefaultGCActivityCallback):
2013-06-03 Roger Fong <roger_fong@apple.com>
Nuke VS2005 files from the tree.
<rdar://problem/14042021>.
Rubberstamped by Brent Fulgham.
* JavaScriptCore.vcproj: Removed.
* JavaScriptCore.vcproj/JavaScriptCore: Removed.
* JavaScriptCore.vcproj/JavaScriptCore.make: Removed.
* JavaScriptCore.vcproj/JavaScriptCore.resources: Removed.
* JavaScriptCore.vcproj/JavaScriptCore.resources/Info.plist: Removed.
* JavaScriptCore.vcproj/JavaScriptCore.sln: Removed.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Removed.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCF.vsprops: Removed.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCFLite.vsprops: Removed.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops: Removed.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebug.vsprops: Removed.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebugAll.vsprops: Removed.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebugCairoCFLite.vsprops: Removed.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def: Removed.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make: Removed.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj: Removed.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedCommon.vsprops: Removed.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebug.vsprops: Removed.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugAll.vsprops: Removed.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugCairoCFLite.vsprops: Removed.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedProduction.vsprops: Removed.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedRelease.vsprops: Removed.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleaseCairoCFLite.vsprops: Removed.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleasePGO.vsprops: Removed.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCorePGOOptimize.vsprops: Removed.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCorePostBuild.cmd: Removed.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCorePreBuild.cmd: Removed.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCorePreLink.cmd: Removed.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreProduction.vsprops: Removed.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreRelease.vsprops: Removed.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleaseCairoCFLite.vsprops: Removed.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops: Removed.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGOOptimize.vsprops: Removed.
* JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh: Removed.
* JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: Removed.
* JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: Removed.
* JavaScriptCore.vcproj/LLIntAssembly: Removed.
* JavaScriptCore.vcproj/LLIntAssembly/LLIntAssembly.make: Removed.
* JavaScriptCore.vcproj/LLIntAssembly/LLIntAssembly.vcproj: Removed.
* JavaScriptCore.vcproj/LLIntAssembly/build-LLIntAssembly.sh: Removed.
* JavaScriptCore.vcproj/LLIntDesiredOffsets: Removed.
* JavaScriptCore.vcproj/LLIntDesiredOffsets/LLIntDesiredOffsets.make: Removed.
* JavaScriptCore.vcproj/LLIntDesiredOffsets/LLIntDesiredOffsets.vcproj: Removed.
* JavaScriptCore.vcproj/LLIntDesiredOffsets/build-LLIntDesiredOffsets.sh: Removed.
* JavaScriptCore.vcproj/LLIntOffsetsExtractor: Removed.
* JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcproj: Removed.
* JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorCommon.vsprops: Removed.
* JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorDebug.vsprops: Removed.
* JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorDebugAll.vsprops: Removed.
* JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorDebugCairoCFLite.vsprops: Removed.
* JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorProduction.vsprops: Removed.
* JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorRelease.vsprops: Removed.
* JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorReleaseCairoCFLite.vsprops: Removed.
* JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorReleasePGO.vsprops: Removed.
* JavaScriptCore.vcproj/jsc: Removed.
* JavaScriptCore.vcproj/jsc/jsc.vcproj: Removed.
* JavaScriptCore.vcproj/jsc/jscCommon.vsprops: Removed.
* JavaScriptCore.vcproj/jsc/jscDebug.vsprops: Removed.
* JavaScriptCore.vcproj/jsc/jscDebugAll.vsprops: Removed.
* JavaScriptCore.vcproj/jsc/jscDebugCairoCFLite.vsprops: Removed.
* JavaScriptCore.vcproj/jsc/jscPostBuild.cmd: Removed.
* JavaScriptCore.vcproj/jsc/jscPreBuild.cmd: Removed.
* JavaScriptCore.vcproj/jsc/jscPreLink.cmd: Removed.
* JavaScriptCore.vcproj/jsc/jscProduction.vsprops: Removed.
* JavaScriptCore.vcproj/jsc/jscRelease.vsprops: Removed.
* JavaScriptCore.vcproj/jsc/jscReleaseCairoCFLite.vsprops: Removed.
* JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops: Removed.
* JavaScriptCore.vcproj/testRegExp: Removed.
* JavaScriptCore.vcproj/testRegExp/testRegExp.vcproj: Removed.
* JavaScriptCore.vcproj/testRegExp/testRegExpCommon.vsprops: Removed.
* JavaScriptCore.vcproj/testRegExp/testRegExpDebug.vsprops: Removed.
* JavaScriptCore.vcproj/testRegExp/testRegExpDebugAll.vsprops: Removed.
* JavaScriptCore.vcproj/testRegExp/testRegExpDebugCairoCFLite.vsprops: Removed.
* JavaScriptCore.vcproj/testRegExp/testRegExpPostBuild.cmd: Removed.
* JavaScriptCore.vcproj/testRegExp/testRegExpPreBuild.cmd: Removed.
* JavaScriptCore.vcproj/testRegExp/testRegExpPreLink.cmd: Removed.
* JavaScriptCore.vcproj/testRegExp/testRegExpProduction.vsprops: Removed.
* JavaScriptCore.vcproj/testRegExp/testRegExpRelease.vsprops: Removed.
* JavaScriptCore.vcproj/testRegExp/testRegExpReleaseCairoCFLite.vsprops: Removed.
* JavaScriptCore.vcproj/testRegExp/testRegExpReleasePGO.vsprops: Removed.
* JavaScriptCore.vcproj/testapi: Removed.
* JavaScriptCore.vcproj/testapi/testapi.vcproj: Removed.
* JavaScriptCore.vcproj/testapi/testapiCommon.vsprops: Removed.
* JavaScriptCore.vcproj/testapi/testapiDebug.vsprops: Removed.
* JavaScriptCore.vcproj/testapi/testapiDebugAll.vsprops: Removed.
* JavaScriptCore.vcproj/testapi/testapiDebugCairoCFLite.vsprops: Removed.
* JavaScriptCore.vcproj/testapi/testapiPostBuild.cmd: Removed.
* JavaScriptCore.vcproj/testapi/testapiPreBuild.cmd: Removed.
* JavaScriptCore.vcproj/testapi/testapiPreLink.cmd: Removed.
* JavaScriptCore.vcproj/testapi/testapiProduction.vsprops: Removed.
* JavaScriptCore.vcproj/testapi/testapiRelease.vsprops: Removed.
* JavaScriptCore.vcproj/testapi/testapiReleaseCairoCFLite.vsprops: Removed.
2013-05-31 Filip Pizlo <fpizlo@apple.com>
Incorrect assertion in DFG::Graph::uncheckedActivationRegisterFor()
<rdar://problem/13989324>
Rubber stamped by Mark Hahnenberg.
This has a bogus assertion that checks that the passed CodeOrigin doesn't have
an inline call frame. This was well intentioned in the sense that it is true
that inlined call frames wouldn't have an activation register. But that doesn't
mean that people won't ask. Removing the assertion fixes a debug-only crash and
has no impact on production code. This change adds a comment to that effect.
* dfg/DFGGraph.h:
(JSC::DFG::Graph::uncheckedActivationRegisterFor):
2013-05-31 Julien Brianceau <jbrianceau@nds.com>
[sh4] Fix Overflow case of branchMul32 in baseline JIT.
https://bugs.webkit.org/show_bug.cgi?id=117057
Reviewed by Oliver Hunt.
Current implementation of Overflow case in branchMul32 performs an
unsigned multiplication whereas a signed multiplication is expected.
* assembler/MacroAssemblerSH4.h:
(JSC::MacroAssemblerSH4::branchMul32):
2013-05-31 Julien Brianceau <jbrianceau@nds.com>
[sh4] Fix floating point comparisons in baseline JIT.
https://bugs.webkit.org/show_bug.cgi?id=117066.
Reviewed by Oliver Hunt.
Current implementation of branchDouble function in baseline JIT is wrong
for some conditions and overkill for others. For instance:
- With DoubleGreaterThanOrEqual condition, branch will be taken if either
operand is NaN with current implementation whereras it should not.
- With DoubleNotEqualOrUnordered condition, performed NaN checks are
useless (because comparison result is false if either operand is NaN).
* assembler/MacroAssemblerSH4.h:
(JSC::MacroAssemblerSH4::branchDouble):
2013-05-31 Julien Brianceau <jbrianceau@nds.com>
[sh4] Fix double floating point transfer in baseline JIT.
https://bugs.webkit.org/show_bug.cgi?id=117054
Reviewed by Oliver Hunt.
In current implementation, dmovRegReg function transfers only one single
FPRegister as PR=1 and SZ=0 in floating point status/control register.
Double transfers must be performed with two fmov.s opcodes.
* assembler/MacroAssemblerSH4.h:
(JSC::MacroAssemblerSH4::moveDouble):
(JSC::MacroAssemblerSH4::addDouble): Handle (op2==dest) case properly.
(JSC::MacroAssemblerSH4::sqrtDouble):
* assembler/SH4Assembler.h:
(JSC::SH4Assembler::fmovsRegReg):
2013-05-31 Julien Brianceau <jbrianceau@nds.com>
[sh4] Handle branchType properly in branchTruncateDoubleToInt32.
https://bugs.webkit.org/show_bug.cgi?id=117062
Reviewed by Oliver Hunt.
Current implementation of branchTruncateDoubleToInt32 is incorrect
when branchType == BranchIfTruncateSuccessful in sh4 baseline JIT.
* assembler/MacroAssemblerSH4.h:
(JSC::MacroAssemblerSH4::branchTruncateDoubleToInt32):
2013-05-31 Brent Fulgham <bfulgham@apple.com>
[Windows] Unreviewed build fix for VS2005 builders.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def: Add
missing export for WTF::SHA1::computeHexDigest
2013-05-30 David Farler <dfarler@apple.com>
Fix jscore-test when not using --sdk option with jsDriver.pl
https://bugs.webkit.org/show_bug.cgi?id=116339
Reviewed by Joe Pecoraro.
* tests/mozilla/jsDriver.pl:
(execute_tests):
With each test, the shell_command needs to be started from scratch.
This fix will clear the shell_command and start over as before with
the opt_arch option when not using --sdk with jsDriver.pl.
2013-05-30 Roger Fong <roger_fong@apple.com>
Get rid of JavaScript exports file on AppleWin port.
https://bugs.webkit.org/show_bug.cgi?id=117050.
Reviewed by Darin Adler.
Delete the JavaScriptCoreExportGenerator folder and remove dependencies.
Start linking in WTF.lib now that it's a shared library.
* JavaScriptCore.vcxproj/JavaScriptCore.submit.sln:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
* JavaScriptCore.vcxproj/JavaScriptCoreCommon.props:
* JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator: Removed.
* JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGenerator.vcxproj: Removed.
* JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGenerator.vcxproj.filters: Removed.
* JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorBuildCmd.cmd: Removed.
* JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorCommon.props: Removed.
* JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorDebug.props: Removed.
* JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorPostBuild.cmd: Removed.
* JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorPreBuild.cmd: Removed.
* JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorProduction.props: Removed.
* JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorRelease.props: Removed.
* JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in: Removed.
* JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/make-export-file-generator: Removed.
* JavaScriptCore.vcxproj/jsc/jscCommon.props:
* JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj:
* JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj.filters:
* JavaScriptCore.vcxproj/testRegExp/testRegExpCommon.props:
* JavaScriptCore.vcxproj/testapi/testapiCommon.props:
2013-05-22 David Farler <dfarler@apple.com>
Add --sdk option to jsDriver.pl to run with iOS Simulator
https://bugs.webkit.org/show_bug.cgi?id=116339
Reviewed by David Kilzer.
* tests/mozilla/jsDriver.pl:
(execute_tests):
Prefix shell command with the path to the "sim" tool.
(parse_args):
Add -d / --sdk option.
(usage):
Help message for -d / --sdk option.
2013-05-30 Julien Brianceau <jbrianceau@nds.com>
[sh4] Optimize NaN checks in LLINT for floating point comparisons.
https://bugs.webkit.org/show_bug.cgi?id=117049
Reviewed by Oliver Hunt.
Use the fcmp/eq opcode in sh4 LLINT to test if a double is NaN.
This is more efficient, doesn't require two tmp registers and requires
less code than current implementation (which converts double to float,
then checks 'E = Emax + 1' and 'f != 0').
* offlineasm/sh4.rb:
2013-05-30 Oliver Hunt <oliver@apple.com>
JSCallbackObject does not correctly initialise the PropertySlot for getOwnPropertyDescriptor
https://bugs.webkit.org/show_bug.cgi?id=117053
Reviewed by Mark Hahnenberg.
Set appropriate thisValue on the PropertySlot
* API/JSCallbackObjectFunctions.h:
(JSC::::getOwnPropertyDescriptor):
* API/tests/testapi.mm:
2013-05-29 Jeffrey Pfau <jpfau@apple.com>
[Mac] Enable cache partitioning and the public suffix list on 10.8
<rdar://problem/13679019>
Rubber-stamped by David Kilzer.
* Configurations/FeatureDefines.xcconfig:
2013-05-28 Brent Fulgham <bfulgham@apple.com>
[Windows] Put correct byteCompile symbol in file. Previous version
had an extra 'i' appended to the end.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
* JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:
2013-05-28 Brent Fulgham <bfulgham@apple.com>
[Windows] Unreviewed build fix. Remove ?byteCompile symbol that
is no longer accessible during link.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
* JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:
2013-05-28 Gavin Barraclough <barraclough@apple.com>
String(new Date(2010,10,1)) is wrong in KRAT, YAKT
https://bugs.webkit.org/show_bug.cgi?id=106750
Reviewed by Darin Adler.
* runtime/JSDateMath.cpp:
(JSC::msToGregorianDateTime):
- Additional review comment fix.
2013-05-28 Brent Fulgham <bfulgham@apple.com>
[Windows] Unreviewed build fix after r150833
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
A CR/LF combination was lost in the file, combining two symbols.
2013-05-27 Gavin Barraclough <barraclough@apple.com>
String(new Date(2010,10,1)) is wrong in KRAT, YAKT
https://bugs.webkit.org/show_bug.cgi?id=106750
Reviewed by Darin Adler.
First part of a fix, simplfy date handling code, instead of operating separately
on the UTC-standard and standard-DST offsets, just generate a combined UTC-local
offset (this is what we actually need, and what the OS gives us).
* runtime/JSDateMath.cpp:
(JSC::getLocalTimeOffset):
- removed getUTCOffset, converted getDSTOffset -> getLocalTimeOffset
(JSC::gregorianDateTimeToMS):
(JSC::msToGregorianDateTime):
(JSC::parseDateFromNullTerminatedCharacters):
- call getLocalTimeOffset instead of getUTCOffset/getDSTOffset
* runtime/VM.cpp:
(JSC::VM::resetDateCache):
- removed cachedUTCOffset, converted DSTOffsetCache -> LocalTimeOffsetCache
* runtime/VM.h:
(JSC::LocalTimeOffsetCache::LocalTimeOffsetCache):
(JSC::LocalTimeOffsetCache::reset):
(LocalTimeOffsetCache):
- removed cachedUTCOffset, converted DSTOffsetCache -> LocalTimeOffsetCache
2013-05-28 Mark Hahnenberg <mhahnenberg@apple.com>
r150199 is very wrong
https://bugs.webkit.org/show_bug.cgi?id=116876
JSValue needs to protect its internal JSValueRef.
Reviewed by Darin Adler.
* API/JSValue.mm:
(-[JSValue initWithValue:inContext:]):
(-[JSValue dealloc]):
* API/tests/testapi.mm: Added a simple test to make sure that we protect the
underlying JavaScript value across garbage collections.
2013-05-27 Patrick Gansterer <paroga@webkit.org>
Use ICU_INCLUDE_DIRS in BlackBerry CMake files
https://bugs.webkit.org/show_bug.cgi?id=116210
Reviewed by Rob Buis.
Set and use the ICU_INCLUDE_DIRS variable to avoid
duplicated adding of the ICU include directory.
* PlatformBlackBerry.cmake:
2013-05-27 Gabor Rapcsanyi <rgabor@webkit.org>
MacroAssemblerARM should use xor to swap registers instead of move
https://bugs.webkit.org/show_bug.cgi?id=116306
Reviewed by Zoltan Herczeg.
Change register swapping to xor from move and this way we don't need
temporary register anymore.
* assembler/MacroAssemblerARM.h:
(JSC::MacroAssemblerARM::swap):
2013-05-25 Filip Pizlo <fpizlo@apple.com>
We broke (-2^31/-1)|0 in the DFG
https://bugs.webkit.org/show_bug.cgi?id=116767
Reviewed by Andreas Kling.
The bug is that we were assuming that in the -2^31 case, we already had -2^31
in the result register. This was a wrong assumption.
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileIntegerArithDivForX86):
2013-05-24 Filip Pizlo <fpizlo@apple.com>
We broke !(0/0)
https://bugs.webkit.org/show_bug.cgi?id=116736
Reviewed by Gavin Barraclough.
* parser/ASTBuilder.h:
(JSC::ASTBuilder::createLogicalNot):
* runtime/JSCJSValueInlines.h:
(JSC::JSValue::pureToBoolean):
2013-05-24 Julien Brianceau <jbrianceau@nds.com>
[sh4] Optimize LLINT generated code and fix few bugs in baseline JIT.
https://bugs.webkit.org/show_bug.cgi?id=116716
Reviewed by Geoffrey Garen.
* assembler/MacroAssemblerSH4.h:
(JSC::MacroAssemblerSH4::mul32): Cosmetic changes.
(JSC::MacroAssemblerSH4::convertInt32ToDouble): Absolute address was not dereferenced.
(JSC::MacroAssemblerSH4::branch32): Absolute address was not dereferenced.
(JSC::MacroAssemblerSH4::revertJumpReplacementToBranchPtrWithPatch): Use all 32 bits of pointer for revertJump call.
* assembler/SH4Assembler.h:
(JSC::SH4Assembler::revertJump): Use changePCrelativeAddress to patch the whole pointer.
(JSC::SH4Assembler::linkJump): Cosmetic change.
* offlineasm/sh4.rb: Optimize LLINT generated code.
2013-05-23 Peter Wang <peter.wang@torchmobile.com.cn>
CLoop llint backend should not use the d8 register as scratch register
https://bugs.webkit.org/show_bug.cgi?id=116019
Reviewed by Csaba Osztrogonác.
* offlineasm/cloop.rb:
2013-05-22 Peter Wang <peter.wang@torchmobile.com.cn>
Use uninitialized register in "JIT::emit_op_neq_null" and "emit_op_eq_null"
https://bugs.webkit.org/show_bug.cgi?id=116593
Reviewed by Filip Pizlo.
Generated instructions using uninitialized register. It's caused by a mistake of r126494.
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::emit_op_eq_null):
(JSC::JIT::emit_op_neq_null):
2013-05-22 Filip Pizlo <fpizlo@apple.com>
Fix indentation of CodeBlock.h
Rubber stampted by Mark Hahnenberg.
* bytecode/CodeBlock.h:
2013-05-22 Julien Brianceau <jbrianceau@nds.com>
[sh4] Remove MacroAssemblerSH4.cpp file.
https://bugs.webkit.org/show_bug.cgi?id=116596.
Reviewed by Geoffrey Garen.
Move linkCall and repatchCall implementations from MacroAssemblerSH4.cpp
to MacroAssemblerSH4.h and remove MacroAssemblerSH4.cpp, as it is done
for other architectures.
* GNUmakefile.list.am:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Target.pri:
* assembler/MacroAssemblerSH4.cpp: Removed.
* assembler/MacroAssemblerSH4.h:
(JSC::MacroAssemblerSH4::linkCall):
(MacroAssemblerSH4):
(JSC::MacroAssemblerSH4::repatchCall):
2013-05-21 Brent Fulgham <bfulgham@apple.com>
[Windows] Unreviewed speculative fix for test-bots.
Add export declaration for WTFInvokeCrashHook to avoid runtime
load error on test bots.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
* JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:
2013-05-21 Mark Lam <mark.lam@apple.com>
Added missing assert condition for PositiveOrZero in ARM branch32().
https://bugs.webkit.org/show_bug.cgi?id=116538.
Reviewed by Geoffrey Garen.
* assembler/MacroAssemblerARM.h:
(JSC::MacroAssemblerARM::branchAdd32):
2013-05-20 Mark Hahnenberg <mhahnenberg@apple.com>
Disable SuperRegion
https://bugs.webkit.org/show_bug.cgi?id=116362
Rubber stamped by Geoff Garen.
* heap/Region.h:
2013-05-20 Oliver Hunt <oliver@apple.com>
Make C API more robust against null contexts
https://bugs.webkit.org/show_bug.cgi?id=116462
Reviewed by Anders Carlsson.
Handle null contexts in a non-crashy way. It's a bug to ever call the
API with a null context, and the absence of a context means we can't
produce a meaningful result, so we still assert in debug builds.
Now where possible we detect and early return, returning null for any
pointer type, NaN for doubles, and false for any boolean result.
* API/JSBase.cpp:
(JSEvaluateScript):
(JSCheckScriptSyntax):
(JSReportExtraMemoryCost):
* API/JSContextRef.cpp:
(JSContextGetGlobalObject):
(JSContextGetGroup):
(JSContextGetGlobalContext):
(JSContextCreateBacktrace):
* API/JSObjectRef.cpp:
(JSObjectMake):
(JSObjectMakeFunctionWithCallback):
(JSObjectMakeConstructor):
(JSObjectMakeFunction):
(JSObjectMakeArray):
(JSObjectMakeDate):
(JSObjectMakeError):
(JSObjectMakeRegExp):
(JSObjectGetPrototype):
(JSObjectSetPrototype):
(JSObjectHasProperty):
(JSObjectGetProperty):
(JSObjectSetProperty):
(JSObjectGetPropertyAtIndex):
(JSObjectSetPropertyAtIndex):
(JSObjectDeleteProperty):
(JSObjectCopyPropertyNames):
* API/JSValueRef.cpp:
(JSValueGetType):
(JSValueIsUndefined):
(JSValueIsNull):
(JSValueIsBoolean):
(JSValueIsNumber):
(JSValueIsString):
(JSValueIsObject):
(JSValueIsObjectOfClass):
(JSValueIsEqual):
(JSValueIsStrictEqual):
(JSValueIsInstanceOfConstructor):
(JSValueMakeUndefined):
(JSValueMakeNull):
(JSValueMakeBoolean):
(JSValueMakeNumber):
(JSValueMakeString):
(JSValueMakeFromJSONString):
(JSValueCreateJSONString):
(JSValueToBoolean):
(JSValueToNumber):
(JSValueToStringCopy):
(JSValueToObject):
(JSValueProtect):
* API/JSWeakObjectMapRefPrivate.cpp:
2013-05-20 David Kilzer <ddkilzer@apple.com>
Synchronize FeatureDefines.xcconfig
* Configurations/FeatureDefines.xcconfig: Remove
ENABLE_LINK_PRERENDER. This was missed in r150356.
2013-05-19 Anders Carlsson <andersca@apple.com>
Remove link prerendering code
https://bugs.webkit.org/show_bug.cgi?id=116415
Reviewed by Darin Adler.
This code was only used by Chromium and is dead now.
* Configurations/FeatureDefines.xcconfig:
2013-05-18 Patrick Gansterer <paroga@webkit.org>
[CMake] Replace *_LIBRARY_NAME with *_OUTPUT_NAME
https://bugs.webkit.org/show_bug.cgi?id=114554
Reviewed by Gyuyoung Kim.
Using variables as target names is very uncommon in CMake.
The usual way to specify the name of the resulting binary
is to set the OUTPUT_NAME target property.
* CMakeLists.txt:
* shell/CMakeLists.txt:
2013-05-17 Patrick Gansterer <paroga@webkit.org>
[CMake] Remove invalid include paths
https://bugs.webkit.org/show_bug.cgi?id=116213
Reviewed by Gyuyoung Kim.
Since "${JAVASCRIPTCORE_DIR}/wtf" does not exist, it is safe
to remove them from the list of include directories.
* PlatformEfl.cmake: Removed.
* PlatformGTK.cmake: Removed.
2013-05-16 Patrick Gansterer <paroga@webkit.org>
Consolidate lists in JavaScriptCore CMake files
https://bugs.webkit.org/show_bug.cgi?id=115992
Reviewed by Gyuyoung Kim.
Move common files into the CMakeLists.txt to avoid duplicating the list of files.
Also rebase the recently added GTK files to match the other CMake ports, since
the submitted patch was based on an older version of the source tree.
* CMakeLists.txt:
* PlatformEfl.cmake:
* PlatformGTK.cmake:
* shell/CMakeLists.txt:
* shell/PlatformEfl.cmake:
* shell/PlatformGTK.cmake:
2013-05-16 Geoffrey Garen <ggaren@apple.com>
JSValue shouldn't protect/unprotect its context
https://bugs.webkit.org/show_bug.cgi?id=116234
Reviewed by Mark Hahnenberg.
Our retain on _context is sufficient.
* API/JSValue.mm:
(-[JSValue initWithValue:inContext:]):
(-[JSValue dealloc]):
2013-05-15 Ryosuke Niwa <rniwa@webkit.org>
Another Windows build fix attempt after r150160.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
* JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:
2013-05-15 Oliver Hunt <oliver@apple.com>
RefCountedArray needs to use vector initialisers for its backing store
https://bugs.webkit.org/show_bug.cgi?id=116194
Reviewed by Gavin Barraclough.
Use an out of line function to clear the exception stack to avoid
needing to include otherwise unnecessary headers all over the place.
Everything else is just being updated to use that.
* bytecompiler/BytecodeGenerator.cpp:
* interpreter/CallFrame.h:
(JSC::ExecState::clearSupplementaryExceptionInfo):
* interpreter/Interpreter.cpp:
(JSC::Interpreter::addStackTraceIfNecessary):
(JSC::Interpreter::throwException):
* runtime/JSGlobalObject.cpp:
(JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope):
* runtime/VM.cpp:
(JSC):
(JSC::VM::clearExceptionStack):
* runtime/VM.h:
(VM):
(JSC::VM::exceptionStack):
2013-05-15 Commit Queue <commit-queue@webkit.org>
Unreviewed, rolling out r150051.
http://trac.webkit.org/changeset/150051
https://bugs.webkit.org/show_bug.cgi?id=116186
Broke all JSC tests on Mac and the author is unresponsive
(Requested by rniwa on #webkit).
* JavaScriptCore.xcodeproj/project.pbxproj:
2013-05-15 Julien Brianceau <jbrianceau@nds.com>
Remove savedTimeoutReg from JITStackFrame for sh4 base JIT.
https://bugs.webkit.org/show_bug.cgi?id=116143
Reviewed by Geoffrey Garen.
Since r148119, timeoutCheckRegister is removed from baseline JIT.
So we don't need to save r8 register in JITStackFrame anymore for sh4.
* jit/JITStubs.cpp:
* jit/JITStubs.h:
(JITStackFrame):
2013-05-15 Nico Weber <thakis@chromium.org>
WebKit doesn't support MSVS2003 any more, remove preprocessor checks for older versions.
https://bugs.webkit.org/show_bug.cgi?id=116157
Reviewed by Anders Carlsson.
Also remove a gcc3.2 workaround.
Merges parts of these two commits by the talented Nico Weber:
https://chromium.googlesource.com/chromium/blink/+/3677e2f47348daeff405a40b6f90fbdf0654c2f5
https://chromium.googlesource.com/chromium/blink/+/0fcd96c448dc30be1416dcc15713c53710c1a312
* os-win32/inttypes.h:
2013-05-13 Alvaro Lopez Ortega <alvaro@alobbs.com>
Nightly build's jsc doesn't work without DYLD_FRAMEWORK...
https://bugs.webkit.org/show_bug.cgi?id=79065
Reviewed by Darin Adler.
Fixes the build process so the depencencies of the jsc binary are
modified before its copied to its target directory. In this way
jsc should always use relative reference to the JavaScriptCore
libraries.
* JavaScriptCore.xcodeproj/project.pbxproj: Fixes the commands in
the "Copy Into Framework" target.
2013-05-13 Mark Hahnenberg <mhahnenberg@apple.com>
Objective-C API: scanExternalObjectGraph should not create new JSVirtualMachine wrappers
https://bugs.webkit.org/show_bug.cgi?id=116074
If scanExternalObjectGraph creates a new JSVirtualMachine wrapper during collection, when the
scanExternalObjectGraph call finishes and the autorelease pool is drained we will dealloc the
JSVirtualMachine which will cause us to try to take the API lock for the corresponding VM.
If this happens on a GC thread other than the "main" thread, we will deadlock. The solution
is to just check the VM cache, and if there is no JSVirtualMachine wrapper, return early.
Reviewed by Darin Adler.
* API/JSVirtualMachine.mm:
(scanExternalObjectGraph):
2013-05-13 Benjamin Poulain <benjamin@webkit.org>
Improve stringProtoFuncLastIndexOf for the prefix case
https://bugs.webkit.org/show_bug.cgi?id=115952
Reviewed by Geoffrey Garen.
* runtime/StringPrototype.cpp:
(JSC::stringProtoFuncLastIndexOf):
Use the optimized string search when possible.
On Joseph Pecoraro's tests, this gives a ~30% speed improvement.
2013-05-13 Zalan Bujtas <zalan@apple.com>
WebProcess consuming very high CPU on linkedin.com
https://bugs.webkit.org/show_bug.cgi?id=115601
Reviewed by Andreas Kling.
Disable WEB_TIMING_MINIMAL.
Turn off window.performance and performance.now(). Some JS frameworks expect
additional Web Timing APIs, when performance.now() is available.
* Configurations/FeatureDefines.xcconfig:
2013-05-12 Anders Carlsson <andersca@apple.com>
Stop including UnusedParam.h
https://bugs.webkit.org/show_bug.cgi?id=116003
Reviewed by Sam Weinig.
UnusedParam.h is empty now so there's no need to include it anymore.
* API/APICast.h:
* API/tests/JSNode.c:
* API/tests/JSNodeList.c:
* API/tests/minidom.c:
* API/tests/testapi.c:
* assembler/AbstractMacroAssembler.h:
* assembler/MacroAssemblerCodeRef.h:
* bytecode/CodeBlock.cpp:
* heap/HandleStack.h:
* interpreter/JSStackInlines.h:
* jit/CompactJITCodeMap.h:
* jit/ExecutableAllocator.h:
* parser/SourceProvider.h:
* runtime/DatePrototype.cpp:
* runtime/JSNotAnObject.cpp:
* runtime/JSSegmentedVariableObject.h:
* runtime/JSVariableObject.h:
* runtime/Options.cpp:
* runtime/PropertyOffset.h:
2013-05-11 Martin Robinson <mrobinson@igalia.com>
[GTK] Add a basic cmake build for WTF and JavaScriptCore
https://bugs.webkit.org/show_bug.cgi?id=115967
Reviewed by Laszlo Gombos.
* PlatformGTK.cmake: Added.
* shell/PlatformGTK.cmake: Added.
2013-05-10 Laszlo Gombos <l.gombos@samsung.com>
Remove USE(OS_RANDOMNESS)
https://bugs.webkit.org/show_bug.cgi?id=108095
Reviewed by Darin Adler.
Remove the USE(OS_RANDOMNESS) guard as it is turned on for all
ports.
* jit/JIT.cpp:
(JSC::JIT::JIT):
2013-05-10 Mark Hahnenberg <mhahnenberg@apple.com>
Rename StructureCheckHoistingPhase to TypeCheckHoistingPhase
https://bugs.webkit.org/show_bug.cgi?id=115938
We're going to add some more types of check hoisting soon, so let's have the right name here.
Rubber stamped by Filip Pizlo.
* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Target.pri:
* dfg/DFGDriver.cpp:
(JSC::DFG::compile):
* dfg/DFGStructureCheckHoistingPhase.cpp: Removed.
* dfg/DFGStructureCheckHoistingPhase.h: Removed.
* dfg/DFGTypeCheckHoistingPhase.cpp: Copied from Source/JavaScriptCore/dfg/DFGStructureCheckHoistingPhase.cpp.
(JSC::DFG::TypeCheckHoistingPhase::TypeCheckHoistingPhase):
(JSC::DFG::performTypeCheckHoisting):
* dfg/DFGTypeCheckHoistingPhase.h: Copied from Source/JavaScriptCore/dfg/DFGStructureCheckHoistingPhase.h.
2013-05-09 Christophe Dumez <ch.dumez@sisa.samsung.com>
Unreviewed build fix after r149836.
It broke at least EFL and GTK builds. Move new static members initialization
outside the class. Those need to have a definition outside the class because
their address is used (e.g. CodeCacheMap::nonGlobalWorkingSetMaxEntries).
* runtime/CodeCache.cpp:
(JSC):
* runtime/CodeCache.h:
(CodeCacheMap):
2013-05-08 Oliver Hunt <oliver@apple.com>
Code cache stores bogus var references for functions in eval code
https://bugs.webkit.org/show_bug.cgi?id=115747
Reviewed by Mark Hahnenberg.
Non-global eval now uses a per-CodeBlock cache, and only use it
when we're at the top of a function's scope. This means that we
will no longer cache the parsing of a single string across
multiple functions, and we won't cache when we're nested inside
constructs like |with| and |catch| where previously we would, which
is good because caching in those cases is unsound.
* bytecode/EvalCodeCache.h:
(JSC):
(JSC::EvalCodeCache::getSlow):
(JSC::EvalCodeCache::get):
* bytecode/UnlinkedCodeBlock.h:
(JSC::UnlinkedCodeBlock::codeCacheForEval):
(UnlinkedCodeBlock):
(RareData):
* debugger/Debugger.cpp:
(JSC::evaluateInGlobalCallFrame):
* debugger/DebuggerCallFrame.cpp:
(JSC::DebuggerCallFrame::evaluate):
* interpreter/Interpreter.cpp:
(JSC::eval):
* runtime/CodeCache.cpp:
(JSC::CodeCache::CodeCache):
(JSC::CodeCache::generateBytecode):
(JSC):
(JSC::CodeCache::getCodeBlock):
* runtime/CodeCache.h:
(JSC::CodeCacheMap::CodeCacheMap):
(CodeCacheMap):
(JSC::CodeCacheMap::canPruneQuickly):
(JSC::CodeCacheMap::prune):
(JSC::CodeCache::create):
(CodeCache):
* runtime/Executable.cpp:
(JSC::EvalExecutable::EvalExecutable):
(JSC::EvalExecutable::compileInternal):
* runtime/Executable.h:
(JSC::EvalExecutable::create):
(EvalExecutable):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::createEvalCodeBlock):
* runtime/JSGlobalObject.h:
(JSGlobalObject):
* runtime/JSGlobalObjectFunctions.cpp:
(JSC::globalFuncEval):
* runtime/VM.cpp:
(JSC::VM::VM):
* runtime/VM.h:
(VM):
2013-05-08 Mark Hahnenberg <mhahnenberg@apple.com>
DFGArrayMode::fromObserved is too liberal when it sees different Array and NonArray shapes
https://bugs.webkit.org/show_bug.cgi?id=115805
Reviewed by Geoffrey Garen.
It checks the observed ArrayModes to see if we have seen any ArrayWith* first. If so, it assumes it's
an Array::Array, even if we've also observed any NonArrayWith* in the ArrayProfile. This leads to the
code generated by jumpSlowForUnwantedArrayMode to check the indexing type against (shape | IsArray)
instead of just shape, which can cause us to exit a lot in the case that we saw a NonArray.
To fix this we need to add a case that checks for both ArrayWith* and NonArrayWith* cases first, which
should then use Array::PossiblyArray, then do the checks we were already doing.
* bytecode/ArrayProfile.h:
(JSC::hasSeenArray):
(JSC::hasSeenNonArray):
* dfg/DFGArrayMode.cpp:
(JSC::DFG::ArrayMode::fromObserved):
2013-05-09 Joe Mason <jmason@blackberry.com>
[BlackBerry] Set up logging buffer on start of jsc executable
https://bugs.webkit.org/show_bug.cgi?id=114688
Reviewed by Rob Buis.
Internal PR: 322715
Internally Reviewed By: Jeff Rogers
* jsc.cpp:
(main): call BB::Platform::setupApplicationLogging
2013-05-08 Michael Saboff <msaboff@apple.com>
JSC: There should be a disassembler for ARM Thumb 2
https://bugs.webkit.org/show_bug.cgi?id=115827
Reviewed by Filip Pizlo.
Added a new disassembler for ARMv7 Thumb2 instructions for use by the JSC debugging
and profiling code. The opcode coverage is currently not complete. It covers all
of the integer instructions JSC currently emits, but only a limited number of
floating point opcodes. Currently that is just the 64 bit vmov and vmsr instructions.
The disassembler is structured as a base opcode class ARMv7DOpcode with sub-classes
for each instruction group. There is a public format method that does the bulk of
the disassembly work. There are two broad sub-classes, ARMv7D16BitOpcode and
ARMv7D32BitOpcode, for the 16 bit and 32 bit opcodes. There are sub-classes under
those two classes for individual and related groups of opcodes. Instructions are
"dispatched" to the right subclass via two arrays of linked lists in the inner classes
OpcodeGroup. There is one such inner class for each ARMv7D16BitOpcode and ARMv7D32BitOpcode.
Each OpcodeGroup has a mask and a pattern that it applies to the instruction to determine
that it matches a particular group. OpcodeGroup uses a static method to reinterpret_cast
the Opcode object to the right base class for the instruction group for formatting.
The cast eliminates the need of allocating an object for each decoded instruction.
Unknown instructions are formatted as ".word 1234" or ".long 12345678" depending whether
the instruction is 16 or 32 bit.
* JavaScriptCore.xcodeproj/project.pbxproj:
* disassembler/ARMv7: Added.
* disassembler/ARMv7/ARMv7DOpcode.cpp: Added.
(ARMv7Disassembler):
(OpcodeGroupInitializer):
(JSC::ARMv7Disassembler::ARMv7DOpcode::init):
(JSC::ARMv7Disassembler::ARMv7DOpcode::startITBlock):
(JSC::ARMv7Disassembler::ARMv7DOpcode::saveITConditionAt):
(JSC::ARMv7Disassembler::ARMv7DOpcode::fetchOpcode):
(JSC::ARMv7Disassembler::ARMv7DOpcode::disassemble):
(JSC::ARMv7Disassembler::ARMv7DOpcode::bufferPrintf):
(JSC::ARMv7Disassembler::ARMv7DOpcode::appendInstructionName):
(JSC::ARMv7Disassembler::ARMv7DOpcode::appendRegisterName):
(JSC::ARMv7Disassembler::ARMv7DOpcode::appendRegisterList):
(JSC::ARMv7Disassembler::ARMv7DOpcode::appendFPRegisterName):
(JSC::ARMv7Disassembler::ARMv7D16BitOpcode::init):
(JSC::ARMv7Disassembler::ARMv7D16BitOpcode::doDisassemble):
(JSC::ARMv7Disassembler::ARMv7D16BitOpcode::defaultFormat):
(JSC::ARMv7Disassembler::ARMv7DOpcodeAddRegisterT2::format):
(JSC::ARMv7Disassembler::ARMv7DOpcodeAddSPPlusImmediate::format):
(JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractT1::format):
(JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate3::format):
(JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate8::format):
(JSC::ARMv7Disassembler::ARMv7DOpcodeBranchConditionalT1::format):
(JSC::ARMv7Disassembler::ARMv7DOpcodeBranchExchangeT1::format):
(JSC::ARMv7Disassembler::ARMv7DOpcodeBranchT2::format):
(JSC::ARMv7Disassembler::ARMv7DOpcodeCompareImmediateT1::format):
(JSC::ARMv7Disassembler::ARMv7DOpcodeCompareRegisterT1::format):
(JSC::ARMv7Disassembler::ARMv7DOpcodeCompareRegisterT2::format):
(JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegisterT1::format):
(JSC::ARMv7Disassembler::ARMv7DOpcodeGeneratePCRelativeAddress::format):
(JSC::ARMv7Disassembler::ARMv7DOpcodeLoadFromLiteralPool::format):
(JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::format):
(JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterOffsetT1::format):
(JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterSPRelative::format):
(JSC::ARMv7Disassembler::ARMv7DOpcodeLogicalImmediateT1::format):
(JSC::ARMv7Disassembler::ARMv7DOpcodeMiscAddSubSP::format):
(JSC::ARMv7Disassembler::ARMv7DOpcodeMiscBreakpointT1::format):
(JSC::ARMv7Disassembler::ARMv7DOpcodeMiscByteHalfwordOps::format):
(JSC::ARMv7Disassembler::ARMv7DOpcodeMiscCompareAndBranch::format):
(JSC::ARMv7Disassembler::ARMv7DOpcodeMiscHint16::format):
(JSC::ARMv7Disassembler::ARMv7DOpcodeMiscIfThenT1::format):
(JSC::ARMv7Disassembler::ARMv7DOpcodeMiscPushPop::format):
(JSC::ARMv7Disassembler::ARMv7DOpcodeMoveImmediateT1::format):
(JSC::ARMv7Disassembler::ARMv7DOpcodeMoveRegisterT1::format):
(JSC::ARMv7Disassembler::ARMv7D32BitOpcode::init):
(JSC::ARMv7Disassembler::ARMv7D32BitOpcode::doDisassemble):
(JSC::ARMv7Disassembler::ARMv7D32BitOpcode::defaultFormat):
(JSC::ARMv7Disassembler::ARMv7DOpcodeConditionalBranchT3::format):
(JSC::ARMv7Disassembler::ARMv7DOpcodeBranchOrBranchLink::format):
(JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingModifiedImmediate::appendModifiedImmediate):
(JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingModifiedImmediate::format):
(JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::appendImmShift):
(JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::format):
(JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::format):
(JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::appendFPRegister):
(JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegShift::format):
(JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegExtend::format):
(JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegParallel::format):
(JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegMisc::format):
(JSC::ARMv7Disassembler::ARMv7DOpcodeHint32::format):
(JSC::ARMv7Disassembler::ARMv7DOpcodeLoadRegister::format):
(JSC::ARMv7Disassembler::ARMv7DOpcodeLoadSignedImmediate::format):
(JSC::ARMv7Disassembler::ARMv7DOpcodeLoadUnsignedImmediate::format):
(JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::format):
(JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::format):
(JSC::ARMv7Disassembler::ARMv7DOpcodeDataPushPopSingle::format):
(JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate12::format):
(JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate8::format):
(JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleRegister::format):
(JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVDoublePrecision::format):
(JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVSinglePrecision::format):
(JSC::ARMv7Disassembler::ARMv7DOpcodeVMSR::format):
* disassembler/ARMv7/ARMv7DOpcode.h: Added.
(ARMv7Disassembler):
(ARMv7DOpcode):
(JSC::ARMv7Disassembler::ARMv7DOpcode::ARMv7DOpcode):
(JSC::ARMv7Disassembler::ARMv7DOpcode::is32BitInstruction):
(JSC::ARMv7Disassembler::ARMv7DOpcode::isFPInstruction):
(JSC::ARMv7Disassembler::ARMv7DOpcode::conditionName):
(JSC::ARMv7Disassembler::ARMv7DOpcode::shiftName):
(JSC::ARMv7Disassembler::ARMv7DOpcode::inITBlock):
(JSC::ARMv7Disassembler::ARMv7DOpcode::startingITBlock):
(JSC::ARMv7Disassembler::ARMv7DOpcode::endITBlock):
(JSC::ARMv7Disassembler::ARMv7DOpcode::appendInstructionNameNoITBlock):
(JSC::ARMv7Disassembler::ARMv7DOpcode::appendSeparator):
(JSC::ARMv7Disassembler::ARMv7DOpcode::appendCharacter):
(JSC::ARMv7Disassembler::ARMv7DOpcode::appendString):
(JSC::ARMv7Disassembler::ARMv7DOpcode::appendShiftType):
(JSC::ARMv7Disassembler::ARMv7DOpcode::appendSignedImmediate):
(JSC::ARMv7Disassembler::ARMv7DOpcode::appendUnsignedImmediate):
(JSC::ARMv7Disassembler::ARMv7DOpcode::appendPCRelativeOffset):
(JSC::ARMv7Disassembler::ARMv7DOpcode::appendShiftAmount):
(ARMv7D16BitOpcode):
(OpcodeGroup):
(JSC::ARMv7Disassembler::ARMv7D16BitOpcode::OpcodeGroup::OpcodeGroup):
(JSC::ARMv7Disassembler::ARMv7D16BitOpcode::OpcodeGroup::setNext):
(JSC::ARMv7Disassembler::ARMv7D16BitOpcode::OpcodeGroup::next):
(JSC::ARMv7Disassembler::ARMv7D16BitOpcode::OpcodeGroup::matches):
(JSC::ARMv7Disassembler::ARMv7D16BitOpcode::OpcodeGroup::format):
(JSC::ARMv7Disassembler::ARMv7D16BitOpcode::rm):
(JSC::ARMv7Disassembler::ARMv7D16BitOpcode::rd):
(JSC::ARMv7Disassembler::ARMv7D16BitOpcode::opcodeGroupNumber):
(ARMv7DOpcodeAddRegisterT2):
(JSC::ARMv7Disassembler::ARMv7DOpcodeAddRegisterT2::rdn):
(JSC::ARMv7Disassembler::ARMv7DOpcodeAddRegisterT2::rm):
(ARMv7DOpcodeAddSPPlusImmediate):
(JSC::ARMv7Disassembler::ARMv7DOpcodeAddSPPlusImmediate::rd):
(JSC::ARMv7Disassembler::ARMv7DOpcodeAddSPPlusImmediate::immediate8):
(ARMv7DOpcodeAddSubtract):
(ARMv7DOpcodeAddSubtractT1):
(JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractT1::opName):
(JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractT1::op):
(JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractT1::rm):
(JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractT1::rn):
(ARMv7DOpcodeAddSubtractImmediate3):
(JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate3::opName):
(JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate3::op):
(JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate3::immediate3):
(JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate3::rn):
(ARMv7DOpcodeAddSubtractImmediate8):
(JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate8::opName):
(JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate8::op):
(JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate8::rdn):
(JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate8::immediate8):
(ARMv7DOpcodeBranchConditionalT1):
(JSC::ARMv7Disassembler::ARMv7DOpcodeBranchConditionalT1::condition):
(JSC::ARMv7Disassembler::ARMv7DOpcodeBranchConditionalT1::offset):
(ARMv7DOpcodeBranchExchangeT1):
(JSC::ARMv7Disassembler::ARMv7DOpcodeBranchExchangeT1::opName):
(JSC::ARMv7Disassembler::ARMv7DOpcodeBranchExchangeT1::rm):
(ARMv7DOpcodeBranchT2):
(JSC::ARMv7Disassembler::ARMv7DOpcodeBranchT2::immediate11):
(ARMv7DOpcodeCompareImmediateT1):
(JSC::ARMv7Disassembler::ARMv7DOpcodeCompareImmediateT1::rn):
(JSC::ARMv7Disassembler::ARMv7DOpcodeCompareImmediateT1::immediate8):
(ARMv7DOpcodeCompareRegisterT1):
(JSC::ARMv7Disassembler::ARMv7DOpcodeCompareRegisterT1::rn):
(ARMv7DOpcodeCompareRegisterT2):
(JSC::ARMv7Disassembler::ARMv7DOpcodeCompareRegisterT2::rn):
(JSC::ARMv7Disassembler::ARMv7DOpcodeCompareRegisterT2::rm):
(ARMv7DOpcodeDataProcessingRegisterT1):
(JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegisterT1::opName):
(JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegisterT1::op):
(JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegisterT1::rm):
(JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegisterT1::rdn):
(ARMv7DOpcodeGeneratePCRelativeAddress):
(JSC::ARMv7Disassembler::ARMv7DOpcodeGeneratePCRelativeAddress::rd):
(JSC::ARMv7Disassembler::ARMv7DOpcodeGeneratePCRelativeAddress::immediate8):
(ARMv7DOpcodeLoadFromLiteralPool):
(JSC::ARMv7Disassembler::ARMv7DOpcodeLoadFromLiteralPool::rt):
(JSC::ARMv7Disassembler::ARMv7DOpcodeLoadFromLiteralPool::immediate8):
(ARMv7DOpcodeLoadStoreRegisterImmediate):
(JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::opName):
(JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::op):
(JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::immediate5):
(JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::rn):
(JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::rt):
(JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::scale):
(ARMv7DOpcodeLoadStoreRegisterImmediateWordAndByte):
(ARMv7DOpcodeLoadStoreRegisterImmediateHalfWord):
(ARMv7DOpcodeLoadStoreRegisterOffsetT1):
(JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterOffsetT1::opName):
(JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterOffsetT1::opB):
(JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterOffsetT1::rm):
(JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterOffsetT1::rn):
(JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterOffsetT1::rt):
(ARMv7DOpcodeLoadStoreRegisterSPRelative):
(JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterSPRelative::opName):
(JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterSPRelative::op):
(JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterSPRelative::rt):
(JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterSPRelative::immediate8):
(ARMv7DOpcodeLogicalImmediateT1):
(JSC::ARMv7Disassembler::ARMv7DOpcodeLogicalImmediateT1::opName):
(JSC::ARMv7Disassembler::ARMv7DOpcodeLogicalImmediateT1::op):
(JSC::ARMv7Disassembler::ARMv7DOpcodeLogicalImmediateT1::immediate5):
(ARMv7DOpcodeMiscAddSubSP):
(JSC::ARMv7Disassembler::ARMv7DOpcodeMiscAddSubSP::opName):
(JSC::ARMv7Disassembler::ARMv7DOpcodeMiscAddSubSP::op):
(JSC::ARMv7Disassembler::ARMv7DOpcodeMiscAddSubSP::immediate7):
(ARMv7DOpcodeMiscByteHalfwordOps):
(JSC::ARMv7Disassembler::ARMv7DOpcodeMiscByteHalfwordOps::opName):
(JSC::ARMv7Disassembler::ARMv7DOpcodeMiscByteHalfwordOps::op):
(ARMv7DOpcodeMiscBreakpointT1):
(JSC::ARMv7Disassembler::ARMv7DOpcodeMiscBreakpointT1::immediate8):
(ARMv7DOpcodeMiscCompareAndBranch):
(JSC::ARMv7Disassembler::ARMv7DOpcodeMiscCompareAndBranch::opName):
(JSC::ARMv7Disassembler::ARMv7DOpcodeMiscCompareAndBranch::op):
(JSC::ARMv7Disassembler::ARMv7DOpcodeMiscCompareAndBranch::immediate6):
(JSC::ARMv7Disassembler::ARMv7DOpcodeMiscCompareAndBranch::rn):
(ARMv7DOpcodeMiscHint16):
(JSC::ARMv7Disassembler::ARMv7DOpcodeMiscHint16::opName):
(JSC::ARMv7Disassembler::ARMv7DOpcodeMiscHint16::opA):
(ARMv7DOpcodeMiscIfThenT1):
(JSC::ARMv7Disassembler::ARMv7DOpcodeMiscIfThenT1::firstCondition):
(JSC::ARMv7Disassembler::ARMv7DOpcodeMiscIfThenT1::mask):
(ARMv7DOpcodeMiscPushPop):
(JSC::ARMv7Disassembler::ARMv7DOpcodeMiscPushPop::opName):
(JSC::ARMv7Disassembler::ARMv7DOpcodeMiscPushPop::op):
(JSC::ARMv7Disassembler::ARMv7DOpcodeMiscPushPop::registerMask):
(ARMv7DOpcodeMoveImmediateT1):
(JSC::ARMv7Disassembler::ARMv7DOpcodeMoveImmediateT1::rd):
(JSC::ARMv7Disassembler::ARMv7DOpcodeMoveImmediateT1::immediate8):
(ARMv7DOpcodeMoveRegisterT1):
(JSC::ARMv7Disassembler::ARMv7DOpcodeMoveRegisterT1::rd):
(JSC::ARMv7Disassembler::ARMv7DOpcodeMoveRegisterT1::rm):
(ARMv7D32BitOpcode):
(JSC::ARMv7Disassembler::ARMv7D32BitOpcode::OpcodeGroup::OpcodeGroup):
(JSC::ARMv7Disassembler::ARMv7D32BitOpcode::OpcodeGroup::setNext):
(JSC::ARMv7Disassembler::ARMv7D32BitOpcode::OpcodeGroup::next):
(JSC::ARMv7Disassembler::ARMv7D32BitOpcode::OpcodeGroup::matches):
(JSC::ARMv7Disassembler::ARMv7D32BitOpcode::OpcodeGroup::format):
(JSC::ARMv7Disassembler::ARMv7D32BitOpcode::rd):
(JSC::ARMv7Disassembler::ARMv7D32BitOpcode::rm):
(JSC::ARMv7Disassembler::ARMv7D32BitOpcode::rn):
(JSC::ARMv7Disassembler::ARMv7D32BitOpcode::rt):
(JSC::ARMv7Disassembler::ARMv7D32BitOpcode::opcodeGroupNumber):
(ARMv7DOpcodeBranchRelative):
(JSC::ARMv7Disassembler::ARMv7DOpcodeBranchRelative::sBit):
(JSC::ARMv7Disassembler::ARMv7DOpcodeBranchRelative::j1):
(JSC::ARMv7Disassembler::ARMv7DOpcodeBranchRelative::j2):
(JSC::ARMv7Disassembler::ARMv7DOpcodeBranchRelative::immediate11):
(ARMv7DOpcodeConditionalBranchT3):
(JSC::ARMv7Disassembler::ARMv7DOpcodeConditionalBranchT3::offset):
(JSC::ARMv7Disassembler::ARMv7DOpcodeConditionalBranchT3::condition):
(JSC::ARMv7Disassembler::ARMv7DOpcodeConditionalBranchT3::immediate6):
(ARMv7DOpcodeBranchOrBranchLink):
(JSC::ARMv7Disassembler::ARMv7DOpcodeBranchOrBranchLink::offset):
(JSC::ARMv7Disassembler::ARMv7DOpcodeBranchOrBranchLink::immediate10):
(JSC::ARMv7Disassembler::ARMv7DOpcodeBranchOrBranchLink::isBL):
(ARMv7DOpcodeDataProcessingLogicalAndRithmetic):
(ARMv7DOpcodeDataProcessingModifiedImmediate):
(JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingModifiedImmediate::opName):
(JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingModifiedImmediate::op):
(JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingModifiedImmediate::sBit):
(JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingModifiedImmediate::immediate12):
(ARMv7DOpcodeDataProcessingShiftedReg):
(JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::opName):
(JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::sBit):
(JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::op):
(JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::immediate5):
(JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::type):
(JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::tbBit):
(JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::tBit):
(ARMv7DOpcodeDataProcessingReg):
(JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingReg::op1):
(JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingReg::op2):
(ARMv7DOpcodeDataProcessingRegShift):
(JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegShift::opName):
(ARMv7DOpcodeDataProcessingRegExtend):
(JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegExtend::opExtendName):
(JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegExtend::opExtendAndAddName):
(JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegExtend::rotate):
(ARMv7DOpcodeDataProcessingRegParallel):
(JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegParallel::opName):
(ARMv7DOpcodeDataProcessingRegMisc):
(JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegMisc::opName):
(ARMv7DOpcodeHint32):
(JSC::ARMv7Disassembler::ARMv7DOpcodeHint32::opName):
(JSC::ARMv7Disassembler::ARMv7DOpcodeHint32::isDebugHint):
(JSC::ARMv7Disassembler::ARMv7DOpcodeHint32::debugOption):
(JSC::ARMv7Disassembler::ARMv7DOpcodeHint32::op):
(ARMv7DOpcodeFPTransfer):
(JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::opH):
(JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::opL):
(JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::rt):
(JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::opC):
(JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::opB):
(JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::vd):
(JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::vn):
(ARMv7DOpcodeDataLoad):
(JSC::ARMv7Disassembler::ARMv7DOpcodeDataLoad::opName):
(JSC::ARMv7Disassembler::ARMv7DOpcodeDataLoad::op):
(ARMv7DOpcodeLoadRegister):
(JSC::ARMv7Disassembler::ARMv7DOpcodeLoadRegister::immediate2):
(ARMv7DOpcodeLoadSignedImmediate):
(JSC::ARMv7Disassembler::ARMv7DOpcodeLoadSignedImmediate::pBit):
(JSC::ARMv7Disassembler::ARMv7DOpcodeLoadSignedImmediate::uBit):
(JSC::ARMv7Disassembler::ARMv7DOpcodeLoadSignedImmediate::wBit):
(JSC::ARMv7Disassembler::ARMv7DOpcodeLoadSignedImmediate::immediate8):
(ARMv7DOpcodeLoadUnsignedImmediate):
(JSC::ARMv7Disassembler::ARMv7DOpcodeLoadUnsignedImmediate::immediate12):
(ARMv7DOpcodeLongMultipleDivide):
(JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::opName):
(JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::smlalOpName):
(JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::smlaldOpName):
(JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::smlsldOpName):
(JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::rdLo):
(JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::rdHi):
(JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::op1):
(JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::op2):
(JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::nBit):
(JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::mBit):
(ARMv7DOpcodeDataPushPopSingle):
(JSC::ARMv7Disassembler::ARMv7DOpcodeDataPushPopSingle::opName):
(JSC::ARMv7Disassembler::ARMv7DOpcodeDataPushPopSingle::op):
(ARMv7DOpcodeDataStoreSingle):
(JSC::ARMv7Disassembler::ARMv7DOpcodeDataStoreSingle::opName):
(JSC::ARMv7Disassembler::ARMv7DOpcodeDataStoreSingle::op):
(ARMv7DOpcodeStoreSingleImmediate12):
(JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate12::immediate12):
(ARMv7DOpcodeStoreSingleImmediate8):
(JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate8::pBit):
(JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate8::uBit):
(JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate8::wBit):
(JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate8::immediate8):
(ARMv7DOpcodeStoreSingleRegister):
(JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleRegister::immediate2):
(ARMv7DOpcodeUnmodifiedImmediate):
(JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::opName):
(JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::op):
(JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::shBit):
(JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::bitNumOrSatImmediate):
(JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::immediate5):
(JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::immediate12):
(JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::immediate16):
(ARMv7DOpcodeVMOVDoublePrecision):
(JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVDoublePrecision::op):
(JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVDoublePrecision::rt2):
(JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVDoublePrecision::rt):
(JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVDoublePrecision::vm):
(ARMv7DOpcodeVMOVSinglePrecision):
(JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVSinglePrecision::op):
(JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVSinglePrecision::rt2):
(JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVSinglePrecision::rt):
(JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVSinglePrecision::vm):
(ARMv7DOpcodeVMSR):
(JSC::ARMv7Disassembler::ARMv7DOpcodeVMSR::opL):
(JSC::ARMv7Disassembler::ARMv7DOpcodeVMSR::rt):
* disassembler/ARMv7Disassembler.cpp: Added.
(JSC::tryToDisassemble):
2013-05-07 Julien Brianceau <jbrianceau@nds.com>
Take advantage of pre-decrement and post-increment opcodes for sh4 base JIT.
https://bugs.webkit.org/show_bug.cgi?id=115722
Reviewed by Oliver Hunt.
* assembler/MacroAssemblerSH4.h:
(JSC::MacroAssemblerSH4::load8PostInc):
(MacroAssemblerSH4):
(JSC::MacroAssemblerSH4::load16Unaligned):
(JSC::MacroAssemblerSH4::load16PostInc):
(JSC::MacroAssemblerSH4::storeDouble):
(JSC::MacroAssemblerSH4::load32WithUnalignedHalfWords):
* assembler/SH4Assembler.h:
(JSC::SH4Assembler::movwMemRegIn):
(SH4Assembler):
(JSC::SH4Assembler::movbMemRegIn):
(JSC::SH4Assembler::printInstr):
2013-05-07 Anders Carlsson <andersca@apple.com>
Remove AlwaysInline.h from WTF
https://bugs.webkit.org/show_bug.cgi?id=115727
Reviewed by Brent Fulgham.
The macro that used to be in AlwaysInline.h is now in Compiler.h so there's no reason
to keep AlwaysInline.h around anymore.
* jit/JSInterfaceJIT.h:
* parser/Lexer.h:
* runtime/JSCJSValue.h:
* runtime/SymbolTable.h:
2013-05-07 Mikhail Pozdnyakov <mikhail.pozdnyakov@intel.com>
HashTraits<RefPtr<P> >::PeekType should be raw pointer for better performance
https://bugs.webkit.org/show_bug.cgi?id=115646
Reviewed by Darin Adler.
* bytecompiler/StaticPropertyAnalyzer.h:
(JSC::StaticPropertyAnalyzer::putById):
Updated accordingly to new HashMap<.., RefPtr>::get() semantics.
2013-05-06 Julien Brianceau <jbrianceau@nds.com>
Misc bugfix and cleaning in sh4 base JIT.
https://bugs.webkit.org/show_bug.cgi?id=115627
Reviewed by Oliver Hunt.
Get rid of loadX(RegisterID r0, RegisterID src, RegisterID dest) functions.
Remove misplaced extuw() implementation from MacroAssemblerSH4.
Add movbRegMemr0 and movwRegMemr0 functions in SH4Assembler.
* assembler/MacroAssemblerSH4.h:
(JSC::MacroAssemblerSH4::add32): Skip operation when first operand is a zero immediate.
(JSC::MacroAssemblerSH4::sub32): Skip operation when first operand is a zero immediate.
(JSC::MacroAssemblerSH4::load32): Fix wrong usage of r0 register.
(JSC::MacroAssemblerSH4::load8Signed): Handle "base == r0" case.
(MacroAssemblerSH4):
(JSC::MacroAssemblerSH4::load16): Handle "base == r0" case.
(JSC::MacroAssemblerSH4::load16Unaligned): Use extuw() implementation from SH4Assembler.
(JSC::MacroAssemblerSH4::load16Signed): Cosmetic change.
(JSC::MacroAssemblerSH4::store8): Fix unhandled BaseIndex offset and handle (base == r0) case.
(JSC::MacroAssemblerSH4::store16): Fix unhandled BaseIndex offset and handle (base == r0) case.
(JSC::MacroAssemblerSH4::store32):
* assembler/SH4Assembler.h:
(JSC::SH4Assembler::movwRegMemr0):
(SH4Assembler):
(JSC::SH4Assembler::movbRegMemr0):
(JSC::SH4Assembler::placeConstantPoolBarrier): Cosmetic change.
(JSC::SH4Assembler::maxJumpReplacementSize):
(JSC::SH4Assembler::replaceWithJump): Correct branch range and save an opcode.
(JSC::SH4Assembler::printInstr):
2013-05-06 Anders Carlsson <andersca@apple.com>
Stop using WTF::deleteAllValues in JavaScriptCore
https://bugs.webkit.org/show_bug.cgi?id=115670
Reviewed by Oliver Hunt.
Change the Vectors used to Vectors of OwnPtrs instead.
* heap/DFGCodeBlocks.cpp:
(JSC::DFGCodeBlocks::~DFGCodeBlocks):
(JSC::DFGCodeBlocks::deleteUnmarkedJettisonedCodeBlocks):
2013-05-06 Andras Becsi <andras.becsi@digia.com>
Build with GCC 4.8 fails because of -Wmaybe-uninitialized
https://bugs.webkit.org/show_bug.cgi?id=115648
Reviewed by Michael Saboff.
Initialize values in Options::setOption since from
there we end up calling OptionRange::init with
uninitialized members.
* runtime/Options.cpp:
2013-05-06 Gabor Rapcsanyi <rgabor@webkit.org>
JSC ARM traditional failing on Octane NavierStokes test
https://bugs.webkit.org/show_bug.cgi?id=115626
Reviewed by Zoltan Herczeg.
Change the ARM traditional assembler to use double precision on value
conversions.
* assembler/ARMAssembler.h:
2013-05-03 Michael Saboff <msaboff@apple.com>
There should be a runtime option to constrain what functions get DFG compiled
https://bugs.webkit.org/show_bug.cgi?id=115576
Reviewed by Mark Hahnenberg.
Added OptionRange to Options to allow checking that something is within an option
or not. The new OptionClass supports range strings in the form of [!]<low>[:<high>].
If only one value is given, then it will be used for both low and high. A leading
'!' inverts the check. If no range is given, then checking for a value within a range
will always return true. Added the option "bytecodeRangeToDFGCompile" that takes an
OptionRange string to select the bytecode range of code blocks to DFG compile.
* dfg/DFGDriver.cpp:
(JSC::DFG::compile): Added new check for bytecode count within bytecodeRangeToDFGCompile
range.
* runtime/Options.cpp:
(JSC::parse): Added overloaded parse() for OptionRange.
(JSC::OptionRange::init): Parse range string and then initialize the range.
(JSC::OptionRange::isInRange): Function used by consumer to check if a value is within
the specified range.
(JSC::Options::dumpOption): Added code to dump OptionRange options.
* runtime/Options.h:
(OptionRange): New class.
(JSC::OptionRange::operator= ): This is really used as a default ctor for use within
the Option static array initialization.
(JSC::OptionRange::rangeString): This is used for debug. It assumes that the char*
passed into OptionRange::init is valid when this function is called.
2013-05-02 Oliver Hunt <oliver@apple.com>
Fix potential bug in lookup logic
https://bugs.webkit.org/show_bug.cgi?id=115522
Reviewed by Mark Hahnenberg.
Though not a problem in practise, it is technically possible
to inject an un-proxied global object into the scope chain
via the C API. This change makes sure that the scope walk
in BytecodeGenerator actually limits itself to scopes that
are statically bindable.
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::resolve):
* runtime/JSObject.h:
(JSObject):
(JSC):
(JSC::JSObject::isStaticScopeObject):
2013-05-01 Roger Fong <roger_fong@apple.com>
Set Path in makefile for AppleWin.
* JavaScriptCore.vcxproj/JavaScriptCore.make:
2013-05-01 Benjamin Poulain <benjamin@webkit.org>
Remove the remaining wscript
https://bugs.webkit.org/show_bug.cgi?id=115459
Reviewed by Andreas Kling.
* wscript: Removed.
2013-04-30 Mark Lam <mark.lam@apple.com>
JSContextGroupSetExecutionTimeLimit() should not pass a callback to the
VM watchdog if its client did not pass one in.
https://bugs.webkit.org/show_bug.cgi?id=115461.
Reviewed by Geoffrey Garen.
* API/JSContextRef.cpp:
(internalScriptTimeoutCallback):
(JSContextGroupSetExecutionTimeLimit):
* API/tests/testapi.c:
(main):
- Added test case when the time limit callback is 0.
- Also updated a check to verify that a TerminatedExecutionException is
thrown when the time out is cancelled.
- Also fixed some cosmetic typos.
2013-04-30 Geoffrey Garen <ggaren@apple.com>
Removed op_ensure_property_exists
https://bugs.webkit.org/show_bug.cgi?id=115460
Reviewed by Mark Hahnenberg.
It was unused, and whatever it was once used for was not optimized.
* JavaScriptCore.order:
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dumpBytecode):
* bytecode/Opcode.h:
(JSC::padOpcodeName):
* jit/JIT.cpp:
(JSC::JIT::privateCompileMainPass):
* jit/JIT.h:
* jit/JITOpcodes.cpp:
* jit/JITOpcodes32_64.cpp:
* jit/JITStubs.cpp:
* jit/JITStubs.h:
* llint/LLIntSlowPaths.cpp:
* llint/LLIntSlowPaths.h:
* llint/LowLevelInterpreter.asm:
2013-04-30 Oliver Hunt <oliver@apple.com>
JSC Stack walking logic craches in the face of inlined functions triggering VM re-entry
https://bugs.webkit.org/show_bug.cgi?id=115449
Reviewed by Geoffrey Garen.
Rename callframeishost to something that makes sense, and fix
getCallerInfo to correctly handle inline functions calling into
the VM.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::codeOriginForReturn):
Make this more robust in the face of incorrect stack walking
* interpreter/CallFrame.cpp:
(JSC::CallFrame::trueCallerFrame):
Everyone has to perform a codeblock() check before calling this
so we might as well just do it here.
* interpreter/Interpreter.cpp:
(JSC::getCallerInfo):
2013-04-30 Julien Brianceau <jbrianceau@nds.com>
Bug fixing in sh4 base JIT and LLINT.
https://bugs.webkit.org/show_bug.cgi?id=115420
Reviewed by Oliver Hunt.
* assembler/MacroAssemblerSH4.h:
(JSC::MacroAssemblerSH4::lshift32):
(JSC::MacroAssemblerSH4::rshift32):
(JSC::MacroAssemblerSH4::branchMul32):
(JSC::MacroAssemblerSH4::urshift32):
(JSC::MacroAssemblerSH4::replaceWithJump):
(JSC::MacroAssemblerSH4::maxJumpReplacementSize):
* assembler/SH4Assembler.h:
(JSC::SH4Assembler::shldRegReg):
(JSC::SH4Assembler::shadRegReg):
(JSC::SH4Assembler::shalImm8r):
(SH4Assembler):
(JSC::SH4Assembler::sharImm8r):
(JSC::SH4Assembler::maxJumpReplacementSize):
(JSC::SH4Assembler::replaceWithJump):
* offlineasm/sh4.rb:
2013-04-30 Geoffrey Garen <ggaren@apple.com>
Objective-C JavaScriptCore API should publicly support bridging to C
https://bugs.webkit.org/show_bug.cgi?id=115447
Reviewed by Mark Hahnenberg.
For consistency, I renamed
+[JSValue valueWithValue:] => +[JSValue valueWithJSValueRef]
+[JSContext contextWithGlobalContextRef] => +[JSContext contextWithJSGlobalContextRef]
-[JSContext globalContext] => -[JSContext JSGlobalContextRef]
I searched svn to verify that these functions don't have clients yet,
so we won't break anything.
I also exported as public API
+[JSValue valueWithJSValueRef:]
+[JSContext contextWithJSGlobalContextRef:]
It's hard to integrate with the C API without these.
2013-04-30 Commit Queue <rniwa@webkit.org>
Unreviewed, rolling out r149349 and r149354.
http://trac.webkit.org/changeset/149349
http://trac.webkit.org/changeset/149354
https://bugs.webkit.org/show_bug.cgi?id=115444
The Thumb version of compileSoftModulo make invalid use of
registers (Requested by benjaminp on #webkit).
* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.xcodeproj/project.pbxproj:
* assembler/ARMv7Assembler.h:
(ARMv7Assembler):
* assembler/AbstractMacroAssembler.h:
(JSC::isARMv7s):
(JSC):
* assembler/MacroAssemblerARMv7.cpp: Removed.
* assembler/MacroAssemblerARMv7.h:
(MacroAssemblerARMv7):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileSoftModulo):
(DFG):
(JSC::DFG::SpeculativeJIT::compileIntegerArithDivForARMv7s):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::callOperation):
(SpeculativeJIT):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
2013-04-30 Zalan Bujtas <zalan@apple.com>
Animations fail to start on http://www.google.com/insidesearch/howsearchworks/thestory/
https://bugs.webkit.org/show_bug.cgi?id=111244
Reviewed by David Kilzer.
Enable performance.now() as a minimal subset of Web Timing API.
It returns DOMHighResTimeStamp, a monotonically increasing value representing the
number of milliseconds from the start of the navigation of the current document.
JS libraries use this API to check against the requestAnimationFrame() timestamp.
* Configurations/FeatureDefines.xcconfig:
2013-04-30 Zoltan Arvai <zarvai@inf.u-szeged.hu>
Unreviewed. Speculative build fix on Qt Arm and Mips after r149349.
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileSoftModulo):
2013-04-29 Cosmin Truta <ctruta@blackberry.com>
[ARM] Expand the use of integer division
https://bugs.webkit.org/show_bug.cgi?id=115138
Reviewed by Benjamin Poulain.
If availability of hardware integer division isn't known at compile
time, check the CPU flags and decide at runtime whether to fall back
to software. Currently, this OS-specific check is implemented on QNX.
Moreover, use operator % instead of fmod() in the calculation of the
software modulo. Even when it's software-emulated, operator % is faster
than fmod(): on ARM v7 QNX, without hardware division, we noticed
>3% speedup on SunSpider.
* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.xcodeproj/project.pbxproj:
* assembler/ARMv7Assembler.h:
(JSC::ARMv7Assembler::sdiv): Did not compile conditionally.
(JSC::ARMv7Assembler::udiv): Ditto.
* assembler/AbstractMacroAssembler.h:
(JSC::isARMv7s): Removed.
* assembler/MacroAssemblerARMv7.cpp: Added.
(JSC::isIntegerDivSupported): Added.
* assembler/MacroAssemblerARMv7.h:
(JSC::MacroAssemblerARMv7::supportsIntegerDiv): Added.
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode): Checked MacroAssembler::supportsIntegerDiv() in ArithDiv case.
* dfg/DFGOperations.cpp:
(JSC::DFG::operationModOnInts): Added.
* dfg/DFGOperations.h:
(JSC::DFG::Z_DFGOperation_ZZ): Added.
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileSoftModulo): Separated the X86-specific and ARM-specific codegen
from the common implementation; used operationModOnInts on ARM.
(JSC::DFG::SpeculativeJIT::compileIntegerArithDivForARM): Renamed from compileIntegerArithDivForARMv7.
(JSC::DFG::SpeculativeJIT::compileArithMod): Allowed run-time detection of integer div on ARM.
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::callOperation): Added overloads with Z_DFGOperation_ZZ arguments.
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile): Used compileIntegerArithDivForARM.
2013-04-29 Benjamin Poulain <benjamin@webkit.org>
Unify the data access of StringImpl members from JavaScriptCore
https://bugs.webkit.org/show_bug.cgi?id=115320
Reviewed by Andreas Kling.
DFG accesses the member infos by directly calling the methods on StringImpl,
while the baseline JIT was using helper methods on ThunkHelpers.
Cut the middle man, and use StringImpl directly everywhere.
* jit/JITInlines.h:
(JSC::JIT::emitLoadCharacterString):
* jit/JITPropertyAccess.cpp:
(JSC::JIT::stringGetByValStubGenerator):
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::stringGetByValStubGenerator):
* jit/JSInterfaceJIT.h:
* jit/ThunkGenerators.cpp:
(JSC::stringCharLoad):
2013-04-29 Benjamin Poulain <bpoulain@apple.com>
Use push and pop for iOS math function thunks
https://bugs.webkit.org/show_bug.cgi?id=115215
Reviewed by Filip Pizlo.
The iOS ABI is a little different than regular ARM ABI regarding stack alignment.
The requirement is 4 bytes:
"The ARM environment uses a stack that—at the point of function calls—is 4-byte aligned,
grows downward, and contains local variables and a function’s parameters."
Subsequently, we can just use push and pop to preserve the link register.
* jit/ThunkGenerators.cpp:
2013-04-29 Brent Fulgham <bfulgham@webkit.org>
[Windows, WinCairo] Get rid of last few pthread include/link references.
https://bugs.webkit.org/show_bug.cgi?id=115375
Reviewed by Tim Horton.
* JavaScriptCore.vcproj/jsc/jscPostBuild.cmd:
* JavaScriptCore.vcxproj/JavaScriptCoreCommon.props:
* JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorCommon.props:
* JavaScriptCore.vcxproj/jsc/jscCommon.props:
* JavaScriptCore.vcxproj/testRegExp/testRegExpCommon.props:
* JavaScriptCore.vcxproj/testapi/testapiCommon.props:
2013-04-29 Roger Fong <roger_fong@apple.com>
Unreviewed. AppleWin VS2010 build fix.
* JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:
2013-04-26 Mark Hahnenberg <mhahnenberg@apple.com>
~BlockAllocator should ASSERT that it has no more Regions left
https://bugs.webkit.org/show_bug.cgi?id=115287
Reviewed by Andreas Kling.
* heap/BlockAllocator.cpp:
(JSC::BlockAllocator::~BlockAllocator):
(JSC::BlockAllocator::allRegionSetsAreEmpty):
* heap/BlockAllocator.h:
(RegionSet):
(JSC::BlockAllocator::RegionSet::isEmpty):
(BlockAllocator):
2013-04-29 Mark Hahnenberg <mhahnenberg@apple.com>
IndexingTypes should use hex
https://bugs.webkit.org/show_bug.cgi?id=115286
Decimal is kind of confusing/hard to read because they're used as bit masks. Hex seems more appropriate.
Reviewed by Geoffrey Garen.
* runtime/IndexingType.h:
2013-04-29 Carlos Garcia Campos <cgarcia@igalia.com>
Unreviewed. Fix make distcheck.
* GNUmakefile.list.am: Add missing headers files to compilation
and offlineasm/sh4.rb script.
2013-04-28 Dean Jackson <dino@apple.com>
[Mac] Disable canvas backing store scaling (HIGH_DPI_CANVAS)
https://bugs.webkit.org/show_bug.cgi?id=115310
Reviewed by Simon Fraser.
Remove ENABLE_HIGH_DPI_CANVAS_macosx.
* Configurations/FeatureDefines.xcconfig:
2013-04-27 Darin Adler <darin@apple.com>
Move from constructor and member function adoptCF/NS to free function adoptCF/NS.
https://bugs.webkit.org/show_bug.cgi?id=115307
Reviewed by Geoffrey Garen.
* heap/HeapTimer.cpp:
(JSC::HeapTimer::HeapTimer):
* runtime/VM.cpp:
(JSC::enableAssembler):
Use adoptCF free function.
2013-04-27 Anders Carlsson <andersca@apple.com>
Try to fix the Windows build.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
2013-04-25 Geoffrey Garen <ggaren@apple.com>
Cleaned up pre/post inc/dec in bytecode
https://bugs.webkit.org/show_bug.cgi?id=115222
Reviewed by Filip Pizlo.
A few related changes here:
(*) Removed post_inc and post_dec. The two-result form was awkward to
reason about. Being explicit about the intermediate mov and to_number
reduces DFG overhead, removes some fragile ASSERTs from the DFG, and
fixes a const bug. Plus, we get to blow away 262 lines of code.
(*) Renamed pre_inc and pre_dec to inc and dec, since there's only one
version now.
(*) Renamed to_jsnumber to to_number, to match the ECMA name.
(*) Tightened up the codegen and runtime support for to_number.
* JavaScriptCore.order: Order!
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dumpBytecode):
* bytecode/Opcode.h:
(JSC::padOpcodeName):
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitInc):
(JSC::BytecodeGenerator::emitDec):
* bytecompiler/BytecodeGenerator.h:
(JSC::BytecodeGenerator::emitToNumber):
(BytecodeGenerator): Removed post_inc and post_dec.
* bytecompiler/NodesCodegen.cpp:
(JSC::emitPreIncOrDec): Updated for rename.
(JSC::emitPostIncOrDec): Issue an explicit mov and to_number when needed.
These are rare, and they boil away in the DFG.
(JSC::PostfixNode::emitResolve):
(JSC::PrefixNode::emitResolve): For const, use an explicit mov instead
of any special forms. This fixes a bug where we would do string
add/subtract instead of number.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGCapabilities.h:
(JSC::DFG::canCompileOpcode):
* jit/JIT.cpp:
(JSC::JIT::privateCompileMainPass):
(JSC::JIT::privateCompileSlowCases):
* jit/JIT.h:
* jit/JITArithmetic.cpp:
(JSC::JIT::emit_op_inc):
(JSC::JIT::emitSlow_op_inc):
(JSC::JIT::emit_op_dec):
(JSC::JIT::emitSlow_op_dec):
* jit/JITArithmetic32_64.cpp:
(JSC::JIT::emit_op_inc):
(JSC::JIT::emitSlow_op_inc):
(JSC::JIT::emit_op_dec):
(JSC::JIT::emitSlow_op_dec): Removed post_inc/dec, and updated for renames.
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_to_number):
(JSC::JIT::emitSlow_op_to_number): Removed a test for number cells. There's
no such thing!
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::emit_op_to_number): Use LowestTag to avoid making assumptions
about the lowest valued tag.
(JSC::JIT::emitSlow_op_to_number): Updated for renames.
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* jit/JITStubs.h:
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
* llint/LLIntSlowPaths.h:
* llint/LowLevelInterpreter32_64.asm:
* llint/LowLevelInterpreter64.asm:
* parser/NodeConstructors.h:
(JSC::UnaryPlusNode::UnaryPlusNode): Removed post_inc/dec, and updated for renames.
* runtime/Operations.cpp:
(JSC::jsIsObjectType): Removed a test for number cells. There's
no such thing!
2013-04-27 Julien Brianceau <jbrianceau@nds.com>
REGRESSION(r149114): cache flush for SH4 arch may flush an extra page.
https://bugs.webkit.org/show_bug.cgi?id=115305
Reviewed by Andreas Kling.
* assembler/SH4Assembler.h:
(JSC::SH4Assembler::cacheFlush):
2013-04-26 Geoffrey Garen <ggaren@apple.com>
Re-landing <http://trac.webkit.org/changeset/148999>
Filled out more cases of branch folding in bytecode when emitting
expressions into a branching context
https://bugs.webkit.org/show_bug.cgi?id=115057
Reviewed by Phil Pizlo.
We can't fold the number == 1 case to boolean because all non-zero numbers
down-cast to true, but only 1 is == to true.
2013-04-26 Filip Pizlo <fpizlo@apple.com>
Correct indentation of SymbolTable.h
Rubber stamped by Mark Hahnenberg.
* runtime/SymbolTable.h:
2013-04-26 Roger Fong <roger_fong@apple.com>
Make Apple Windows VS2010 build results into and get dependencies from __32 suffixed folders.
Make the DebugSuffix configuration use _debug dependencies.
* JavaScriptCore.vcxproj/JavaScriptCore.make:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
* JavaScriptCore.vcxproj/JavaScriptCoreCF.props:
* JavaScriptCore.vcxproj/JavaScriptCoreCommon.props:
* JavaScriptCore.vcxproj/JavaScriptCoreDebug.props:
* JavaScriptCore.vcxproj/JavaScriptCoreDebugCFLite.props:
* JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGenerator.vcxproj:
* JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGenerator.vcxproj.filters:
* JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorBuildCmd.cmd:
* JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorCommon.props:
* JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorDebug.props:
* JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorPostBuild.cmd:
* JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorPreBuild.cmd:
* JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorProduction.props:
* JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorRelease.props:
* JavaScriptCore.vcxproj/JavaScriptCoreGenerated.make:
* JavaScriptCore.vcxproj/JavaScriptCoreGenerated.vcxproj:
* JavaScriptCore.vcxproj/JavaScriptCoreGeneratedCommon.props:
* JavaScriptCore.vcxproj/JavaScriptCoreGeneratedDebug.props:
* JavaScriptCore.vcxproj/JavaScriptCoreGeneratedProduction.props:
* JavaScriptCore.vcxproj/JavaScriptCoreGeneratedRelease.props:
* JavaScriptCore.vcxproj/JavaScriptCorePostBuild.cmd:
* JavaScriptCore.vcxproj/JavaScriptCorePreLink.cmd:
* JavaScriptCore.vcxproj/JavaScriptCoreProduction.props:
* JavaScriptCore.vcxproj/JavaScriptCoreRelease.props:
* JavaScriptCore.vcxproj/JavaScriptCoreReleaseCFLite.props:
* JavaScriptCore.vcxproj/LLInt/LLIntAssembly/LLIntAssembly.make:
* JavaScriptCore.vcxproj/LLInt/LLIntAssembly/LLIntAssembly.vcxproj:
* JavaScriptCore.vcxproj/LLInt/LLIntAssembly/build-LLIntAssembly.sh:
* JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/LLIntDesiredOffsets.make:
* JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/LLIntDesiredOffsets.vcxproj:
* JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/build-LLIntDesiredOffsets.sh:
* JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcxproj:
* JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorCommon.props:
* JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorDebug.props:
* JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorProduction.props:
* JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorRelease.props:
* JavaScriptCore.vcxproj/build-generated-files.sh:
* JavaScriptCore.vcxproj/copy-files.cmd:
* JavaScriptCore.vcxproj/jsc/jsc.vcxproj:
* JavaScriptCore.vcxproj/jsc/jscCommon.props:
* JavaScriptCore.vcxproj/jsc/jscDebug.props:
* JavaScriptCore.vcxproj/jsc/jscPostBuild.cmd:
* JavaScriptCore.vcxproj/jsc/jscPreLink.cmd:
* JavaScriptCore.vcxproj/jsc/jscProduction.props:
* JavaScriptCore.vcxproj/jsc/jscRelease.props:
* JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj:
* JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj.filters:
* JavaScriptCore.vcxproj/testRegExp/testRegExpCommon.props:
* JavaScriptCore.vcxproj/testRegExp/testRegExpDebug.props:
* JavaScriptCore.vcxproj/testRegExp/testRegExpPostBuild.cmd:
* JavaScriptCore.vcxproj/testRegExp/testRegExpPreLink.cmd:
* JavaScriptCore.vcxproj/testRegExp/testRegExpProduction.props:
* JavaScriptCore.vcxproj/testRegExp/testRegExpRelease.props:
* JavaScriptCore.vcxproj/testapi/testapi.vcxproj:
* JavaScriptCore.vcxproj/testapi/testapiCommon.props:
* JavaScriptCore.vcxproj/testapi/testapiCommonCFLite.props:
* JavaScriptCore.vcxproj/testapi/testapiDebug.props:
* JavaScriptCore.vcxproj/testapi/testapiDebugCFLite.props:
* JavaScriptCore.vcxproj/testapi/testapiPreLink.cmd:
* JavaScriptCore.vcxproj/testapi/testapiProduction.props:
* JavaScriptCore.vcxproj/testapi/testapiRelease.props:
* JavaScriptCore.vcxproj/testapi/testapiReleaseCFLite.props:
2013-04-26 Roger Fong <roger_fong@apple.com>
Disable sub-pixel layout on mac.
https://bugs.webkit.org/show_bug.cgi?id=114999.
Reviewed by Simon Fraser.
* Configurations/FeatureDefines.xcconfig:
2013-04-26 Oliver Hunt <oliver@apple.com>
Make stack tracing more robust
https://bugs.webkit.org/show_bug.cgi?id=115272
Reviewed by Geoffrey Garen.
CallFrame already handles stack walking confusion robustly,
so we should make sure that the actual walk handles that as well.
* interpreter/Interpreter.cpp:
(JSC::getCallerInfo):
2013-04-26 Mark Hahnenberg <mhahnenberg@apple.com>
REGRESSION(r149165): It made many tests crash on 32 bit
https://bugs.webkit.org/show_bug.cgi?id=115227
Reviewed by Csaba Osztrogonác.
m_reservation is uninitialized when ENABLE(SUPER_REGION) is false.
* heap/SuperRegion.cpp:
(JSC::SuperRegion::~SuperRegion):
2013-04-26 Julien Brianceau <jbrianceau@nds.com>
Fix SH4 build broken since r149159.
https://bugs.webkit.org/show_bug.cgi?id=115229
Add BranchTruncateType enum in SH4 port and handle it in branchTruncateDoubleToInt32.
Reviewed by Allan Sandfeld Jensen.
* assembler/MacroAssemblerSH4.h:
(JSC::MacroAssemblerSH4::branchTruncateDoubleToInt32):
2013-04-25 Mark Hahnenberg <mhahnenberg@apple.com>
SuperRegion doesn't call deallocate() on its PageReservation
https://bugs.webkit.org/show_bug.cgi?id=115208
Reviewed by Geoffrey Garen.
It should. This doesn't cause us to leak physical memory, but it does cause us to leak virtual
address space (and probably mach ports), which is also bad :-( FixedVMPoolExecutableAllocator
also has this bug, but it doesn't matter much because there's only one instance of that class
throughout the entire lifetime of the process, whereas each VM has its own SuperRegion.
* heap/SuperRegion.cpp:
(JSC::SuperRegion::~SuperRegion):
* heap/SuperRegion.h:
(SuperRegion):
* jit/ExecutableAllocatorFixedVMPool.cpp:
(FixedVMPoolExecutableAllocator):
(JSC::FixedVMPoolExecutableAllocator::~FixedVMPoolExecutableAllocator):
2013-04-25 Filip Pizlo <fpizlo@apple.com>
DFG doesn't support to_jsnumber
https://bugs.webkit.org/show_bug.cgi?id=115129
Reviewed by Geoffrey Garen.
Based on Oliver's patch. Implements to_jsnumber as Identity(Number:@thingy), and then does
an optimization in Fixup to turn Identity(Number:) into Identity(Int32:) if the predictions
tell us to. Identity is later turned into Phantom.
Also fixed BackPropMask, which appeared to have NodeDoesNotExit included in it. That's
wrong; NodeDoesNotExit is not a backward propagation property.
Also fixed Identity to be marked as CanExit (i.e. not NodeDoesNotExit).
This more than doubles the FPS on ammo.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGCapabilities.h:
(JSC::DFG::canCompileOpcode):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
(FixupPhase):
(JSC::DFG::FixupPhase::observeUseKindOnNode):
(JSC::DFG::FixupPhase::observeUseKindOnEdge):
* dfg/DFGNodeFlags.h:
(DFG):
* dfg/DFGNodeType.h:
(DFG):
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
2013-04-24 Oliver Hunt <oliver@apple.com>
Add support for Math.imul
https://bugs.webkit.org/show_bug.cgi?id=115143
Reviewed by Filip Pizlo.
Add support for Math.imul, a thunk generator for Math.imul,
and an intrinsic.
Fairly self explanatory set of changes, DFG intrinsics simply
leverages the existing ValueToInt32 nodes.
* create_hash_table:
* dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::executeEffects):
* dfg/DFGBackwardsPropagationPhase.cpp:
(JSC::DFG::BackwardsPropagationPhase::propagate):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleIntrinsic):
* dfg/DFGCSEPhase.cpp:
(JSC::DFG::CSEPhase::performNodeCSE):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGNodeType.h:
(DFG):
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileArithIMul):
* dfg/DFGSpeculativeJIT.h:
(SpeculativeJIT):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* jit/ThunkGenerators.cpp:
(JSC::imulThunkGenerator):
(JSC):
* jit/ThunkGenerators.h:
(JSC):
* runtime/Intrinsic.h:
* runtime/MathObject.cpp:
(JSC):
(JSC::mathProtoFuncIMul):
* runtime/VM.cpp:
(JSC::thunkGeneratorForIntrinsic):
2013-04-25 Filip Pizlo <fpizlo@apple.com>
Unreviewed, roll out http://trac.webkit.org/changeset/148999
It broke http://kripken.github.io/ammo.js/examples/new/ammo.html
* JavaScriptCore.order:
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitNewArray):
(JSC::BytecodeGenerator::emitThrowReferenceError):
(JSC::BytecodeGenerator::emitReadOnlyExceptionIfNeeded):
* bytecompiler/BytecodeGenerator.h:
(JSC::BytecodeGenerator::shouldEmitProfileHooks):
(BytecodeGenerator):
* bytecompiler/NodesCodegen.cpp:
(JSC):
(JSC::NullNode::emitBytecode):
(JSC::BooleanNode::emitBytecode):
(JSC::NumberNode::emitBytecode):
(JSC::StringNode::emitBytecode):
(JSC::IfNode::emitBytecode):
(JSC::IfElseNode::emitBytecode):
* parser/ASTBuilder.h:
(JSC::ASTBuilder::createIfStatement):
(ASTBuilder):
* parser/NodeConstructors.h:
(JSC):
(JSC::NullNode::NullNode):
(JSC::BooleanNode::BooleanNode):
(JSC::NumberNode::NumberNode):
(JSC::StringNode::StringNode):
(JSC::IfNode::IfNode):
(JSC::IfElseNode::IfElseNode):
* parser/Nodes.h:
(JSC::ExpressionNode::isPure):
(JSC::ExpressionNode::isSubtract):
(StatementNode):
(NullNode):
(JSC::NullNode::isNull):
(BooleanNode):
(JSC::BooleanNode::isPure):
(NumberNode):
(JSC::NumberNode::value):
(JSC::NumberNode::isPure):
(StringNode):
(JSC::StringNode::isPure):
(JSC::StringNode::isString):
(BinaryOpNode):
(IfNode):
(JSC):
(IfElseNode):
(ContinueNode):
(BreakNode):
* parser/Parser.cpp:
(JSC::::parseIfStatement):
* parser/ResultType.h:
(ResultType):
* runtime/JSCJSValueInlines.h:
(JSC::JSValue::pureToBoolean):
* runtime/JSCell.h:
(JSCell):
* runtime/JSCellInlines.h:
(JSC):
2013-04-25 Filip Pizlo <fpizlo@apple.com>
PreciseJumpTargets should treat loop_hint as a jump target
https://bugs.webkit.org/show_bug.cgi?id=115209
Reviewed by Mark Hahnenberg.
I didn't add a test but I turned this into a release assertion. Running Octane is enough
to trigger it.
* bytecode/PreciseJumpTargets.cpp:
(JSC::computePreciseJumpTargets):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
2013-04-25 Roman Zhuykov <zhroma@ispras.ru>
Fix problems with processing negative zero on DFG.
https://bugs.webkit.org/show_bug.cgi?id=113862
Reviewed by Filip Pizlo.
Fix NodeNeedsNegZero flag propagation in BackwardPropagationPhase.
Function arithNodeFlags should not mask NodeNeedsNegZero flag for ArithNegate and DoubleAsInt32
nodes and this flag should be always used to decide where we need to generate nezative-zero checks.
Remove unnecessary negative-zero checks from integer ArithDiv on ARM.
Also remove such checks from integer ArithMod on ARM and X86, and make them always to
check not only "modulo_result == 0" but also "dividend < 0".
Generate faster code for case when ArithMod operation divisor is constant power of 2 on ARMv7
in the same way as on ARMv7s, and add negative-zero checks into this code when needed.
Change speculationCheck ExitKind from Overflow to NegativeZero where applicable.
This shows 30% speedup of math-spectral-norm, and 5% speedup
on SunSpider overall on ARMv7 Linux.
* assembler/MacroAssemblerARM.h:
(JSC::MacroAssemblerARM::branchConvertDoubleToInt32):
* assembler/MacroAssemblerARMv7.h:
(JSC::MacroAssemblerARMv7::branchConvertDoubleToInt32):
* assembler/MacroAssemblerMIPS.h:
(JSC::MacroAssemblerMIPS::branchConvertDoubleToInt32):
* assembler/MacroAssemblerSH4.h:
(JSC::MacroAssemblerSH4::branchConvertDoubleToInt32):
* assembler/MacroAssemblerX86Common.h:
(JSC::MacroAssemblerX86Common::branchConvertDoubleToInt32):
* dfg/DFGBackwardsPropagationPhase.cpp:
(JSC::DFG::BackwardsPropagationPhase::isNotNegZero):
(JSC::DFG::BackwardsPropagationPhase::isNotPosZero):
(JSC::DFG::BackwardsPropagationPhase::propagate):
* dfg/DFGNode.h:
(JSC::DFG::Node::arithNodeFlags):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileDoubleAsInt32):
(JSC::DFG::SpeculativeJIT::compileSoftModulo):
(JSC::DFG::SpeculativeJIT::compileArithNegate):
2013-04-25 Oliver Hunt <oliver@apple.com>
Stack guards are too conservative
https://bugs.webkit.org/show_bug.cgi?id=115147
Reviewed by Mark Hahnenberg.
Increase stack guard to closer to old size.
* interpreter/Interpreter.cpp:
(JSC::Interpreter::StackPolicy::StackPolicy):
2013-04-25 Oliver Hunt <oliver@apple.com>
Stack guards are too conservative
https://bugs.webkit.org/show_bug.cgi?id=115147
Reviewed by Geoffrey Garen.
Reduce the limits and simplify the decision making.
* interpreter/Interpreter.cpp:
(JSC::Interpreter::StackPolicy::StackPolicy):
2013-04-25 Nick Diego Yamane <nick.yamane@openbossa.org>
JSC: Fix interpreter misbehavior in builds with JIT disabled
https://bugs.webkit.org/show_bug.cgi?id=115190
Reviewed by Oliver Hunt.
Commit http://trac.webkit.org/changeset/147858 modified
some details on how JS stack traces are built. The method
"getLineNumberForCallFrame", renamed in that changeset to
"getBytecodeOffsetForCallFrame" is always returning `0' when
JIT is disabled
How to reproduce:
- Build webkit with JIT disabled
- Open MiniBrowser, for example, with http://google.com
- In a debug build, WebProcess will hit the following ASSERT:
Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp:279 ASSERT(low);
* interpreter/Interpreter.cpp:
(JSC::getBytecodeOffsetForCallFrame):
2013-04-25 Oliver Hunt <oliver@apple.com>
Make checkSyntax take a VM instead of an ExecState
RS=Tim
* jsc.cpp:
(runInteractive):
* runtime/Completion.cpp:
(JSC::checkSyntax):
* runtime/Completion.h:
(JSC):
2013-04-25 Michael Saboff <msaboff@apple.com>
32 Bit: Crash due to RegExpTest nodes not setting result type to Boolean
https://bugs.webkit.org/show_bug.cgi?id=115188
Reviewed by Geoffrey Garen.
Changed the RegExpTest node to set the AbstractValue to boolean, since that
what it is.
* dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::executeEffects):
2013-04-25 Julien Brianceau <jbrianceau@nds.com>
REGRESSION(r137994): Random crashes occur with SH4 JSC.
https://bugs.webkit.org/show_bug.cgi?id=115167.
Reviewed by Oliver Hunt.
Since r137994, uncommited pages could be inside the area of memory in
parameter of the cacheFlush function. That's why we have to flush each
page separately to avoid a fail of the whole flush, if an uncommited page
is in the area.
This patch is very similar to changeset 145194 made for ARMv7 architecture,
see https://bugs.webkit.org/show_bug.cgi?id=111441 for further information.
* assembler/SH4Assembler.h:
(JSC::SH4Assembler::cacheFlush):
2013-04-24 Mark Lam <mark.lam@apple.com>
Add watchdog timer polling for the DFG.
https://bugs.webkit.org/show_bug.cgi?id=115134.
Reviewed by Geoffrey Garen.
The strategy is to add a speculation check to the DFG generated code to
test if the watchdog timer has fired or not. If the watchdog timer has
fired, the generated code will do an OSR exit to the baseline JIT, and
let it handle servicing the watchdog timer.
If the watchdog is not enabled, this speculation check will not be
emitted.
* API/tests/testapi.c:
(currentCPUTime_callAsFunction):
(extendTerminateCallback):
(main):
- removed try/catch statements so that we can test the watchdog on the DFG.
- added JS bindings to a native currentCPUTime() function so that the timeout
tests can be more accurate.
- also shortened the time values so that the tests can complete sooner.
* bytecode/ExitKind.h:
* dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::executeEffects):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGNodeType.h:
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* runtime/Watchdog.cpp:
(JSC::Watchdog::setTimeLimit):
2013-04-24 Filip Pizlo <fpizlo@apple.com>
Special thunks for math functions should work on ARMv7
https://bugs.webkit.org/show_bug.cgi?id=115144
Reviewed by Gavin Barraclough and Oliver Hunt.
The only hard bit here was ensuring that we implemented the very special
"cheap C call" convention on ARMv7.
* assembler/AbstractMacroAssembler.h:
(JSC::isARMv7s):
(JSC):
(JSC::isX86):
* dfg/DFGCommon.h:
* jit/SpecializedThunkJIT.h:
(SpecializedThunkJIT):
(JSC::SpecializedThunkJIT::callDoubleToDoublePreservingReturn):
* jit/ThunkGenerators.cpp:
(JSC::floorThunkGenerator):
(JSC::ceilThunkGenerator):
(JSC::roundThunkGenerator):
(JSC::expThunkGenerator):
(JSC::logThunkGenerator):
2013-04-24 Julien Brianceau <jbrianceau@nds.com>
Misc bugfix and cleaning in sh4 base JIT.
https://bugs.webkit.org/show_bug.cgi?id=115022.
Reviewed by Oliver Hunt.
Remove unused add32() and sub32() with scratchreg parameter to avoid
confusion as this function prototype means another behaviour.
Remove unused "void push(Address)" function which seems quite buggy.
* assembler/MacroAssemblerSH4.h:
(JSC::MacroAssemblerSH4::and32): Cosmetic change.
(JSC::MacroAssemblerSH4::lshift32): Cosmetic change.
(JSC::MacroAssemblerSH4::or32): Cosmetic change.
(JSC::MacroAssemblerSH4::xor32): Cosmetic change.
(MacroAssemblerSH4):
(JSC::MacroAssemblerSH4::load32): Cosmetic change.
(JSC::MacroAssemblerSH4::load8Signed): Fix invalid offset upper limit
when using r0 register and cosmetic changes.
(JSC::MacroAssemblerSH4::load8): Reuse load8Signed to avoid duplication.
(JSC::MacroAssemblerSH4::load16): Fix invalid offset upper limit when
using r0 register, fix missing offset shift and cosmetic changes.
(JSC::MacroAssemblerSH4::store32): Cosmetic change.
(JSC::MacroAssemblerSH4::branchAdd32): Store result value before branch.
2013-04-24 Patrick Gansterer <paroga@webkit.org>
[WIN] Remove pthread from Visual Studio files in JavaScriptCore
https://bugs.webkit.org/show_bug.cgi?id=114864
Reviewed by Brent Fulgham.
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
* JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorCommon.vsprops:
* JavaScriptCore.vcproj/jsc/jscCommon.vsprops:
* JavaScriptCore.vcproj/testRegExp/testRegExpCommon.vsprops:
* JavaScriptCore.vcproj/testapi/testapiCommon.vsprops:
* JavaScriptCore.vcxproj/JavaScriptCoreCommon.props:
* JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorCommon.props:
* JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorCommon.props:
* JavaScriptCore.vcxproj/jsc/jscCommon.props:
* JavaScriptCore.vcxproj/testRegExp/testRegExpCommon.props:
* JavaScriptCore.vcxproj/testapi/testapiCommon.props:
* JavaScriptCore.vcxproj/testapi/testapiCommonCFLite.props:
2013-04-24 Filip Pizlo <fpizlo@apple.com>
DFG should keep the operand to create_this alive if it's emitting code for create_this
https://bugs.webkit.org/show_bug.cgi?id=115133
Reviewed by Mark Hahnenberg.
The DFG must model bytecode liveness, or else OSR exit is going to have a really bad time.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
2013-04-24 Roger Fong <roger_fong@apple.com>
Have VS2010 WebKit solution look in WebKit_Libraries/lib32 for dependencies.
* JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorPostBuild.cmd:
* JavaScriptCore.vcxproj/JavaScriptCorePreLink.cmd:
* JavaScriptCore.vcxproj/jsc/jscPostBuild.cmd:
* JavaScriptCore.vcxproj/jsc/jscPreLink.cmd:
* JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj.filters:
* JavaScriptCore.vcxproj/testRegExp/testRegExpPostBuild.cmd:
* JavaScriptCore.vcxproj/testRegExp/testRegExpPreLink.cmd:
* JavaScriptCore.vcxproj/testapi/testapiPreLink.cmd:
2013-04-24 Geoffrey Garen <ggaren@apple.com>
32-bit build fix.
Unreviewed.
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compilePeepHoleBooleanBranch): Explicitly
truncate to 32-bit to avoid compiler warnings. It's safe to truncate
because the payload of a boolean is the low bits on both 64-bit and 32-bit.
2013-04-23 Geoffrey Garen <ggaren@apple.com>
Filled out more cases of branch folding in the DFG
https://bugs.webkit.org/show_bug.cgi?id=115088
Reviewed by Oliver Hunt.
No change on the benchmarks we track, but a 3X speedup on a
microbenchmark that uses these techniques.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock): (!/=)= and (!/=)== can constant
fold all types, not just numbers, because true constants have no
side effects when type-converted at runtime.
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGNode.h:
(JSC::DFG::Node::shouldSpeculateBoolean): Added support for fixing up
boolean uses, like we do for other types like number.
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compilePeepHoleBooleanBranch):
(JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
(JSC::DFG::SpeculativeJIT::compare):
(JSC::DFG::SpeculativeJIT::compileStrictEq):
(JSC::DFG::SpeculativeJIT::compileBooleanCompare): Peephole fuse
boolean compare and/or compare-branch, now that we have the types for
them.
* dfg/DFGSpeculativeJIT.h: Updated declarations.
== Rolled over to ChangeLog-2013-04-24 ==