1 2013-08-03 David Kilzer <ddkilzer@apple.com>
3 <rdar://problem/14642129> iOS: Crash in JIT code @ pivotaltracker.com due to incorrect ToPrimitive reported type speculations
5 Merge ToT WebKit r153674.
7 2013-08-02 Oliver Hunt <oliver@apple.com>
9 Incorrect type speculation reported by ToPrimitive
10 https://bugs.webkit.org/show_bug.cgi?id=119458
12 Reviewed by Mark Hahnenberg.
14 Make sure that we report the correct type possibilities for the output
17 * dfg/DFGAbstractInterpreterInlines.h:
18 (JSC::DFG::::executeEffects):
20 2013-08-03 David Kilzer <ddkilzer@apple.com>
22 <rdar://problem/14642073> iOS: Incorrect ToString/liveness in MakeRope construction
24 Merge ToT WebKit r153615.
26 2013-08-01 Oliver Hunt <oliver@apple.com>
28 DFG is not enforcing correct ordering of ToString conversion in MakeRope
29 https://bugs.webkit.org/show_bug.cgi?id=119408
31 Reviewed by Filip Pizlo.
33 Construct ToString and Phantom nodes in advance of MakeRope
34 nodes to ensure that ordering is ensured, and correct values
35 will be reified on OSR exit.
37 * dfg/DFGByteCodeParser.cpp:
38 (JSC::DFG::ByteCodeParser::parseBlock):
40 2013-08-03 David Kilzer <ddkilzer@apple.com>
42 <rdar://problem/14641805> iOS: REGRESSION: Crash when opening Facebook.com (119155)
44 Merge ToT WebKit r153410.
46 2013-07-28 Oliver Hunt <oliver@apple.com>
48 REGRESSION: Crash when opening Facebook.com
49 https://bugs.webkit.org/show_bug.cgi?id=119155
51 Reviewed by Andreas Kling.
53 Scope nodes are always objects, so we should be using SpecObjectOther
54 rather than SpecCellOther. Marking Scopes as CellOther leads to a
55 contradiction in the CFA, resulting in bogus codegen.
57 * dfg/DFGAbstractInterpreterInlines.h:
58 (JSC::DFG::::executeEffects):
59 * dfg/DFGPredictionPropagationPhase.cpp:
60 (JSC::DFG::PredictionPropagationPhase::propagate):
62 2013-08-03 David Kilzer <ddkilzer@apple.com>
64 <rdar://problem/14641772> iOS: Removed unused sourceOffset from JSTokenLocation. (118996)
66 Merge ToT WebKit r153071.
68 2013-07-23 Mark Lam <mark.lam@apple.com>
70 Removed unused sourceOffset from JSTokenLocation.
71 https://bugs.webkit.org/show_bug.cgi?id=118996.
73 Reviewed by Geoffrey Garen.
75 This also removes the assertion reported in the bug because it is now
76 moot, thereby resolving the assertion failure issue on Windows.
78 * bytecompiler/NodesCodegen.cpp:
79 (JSC::ArrayNode::toArgumentList):
80 (JSC::ApplyFunctionCallDotNode::emitBytecode):
84 (JSC::::lexExpectIdentifier):
88 (JSC::::parseFunctionInfo):
89 (JSC::::parseExpressionOrLabelStatement):
90 (JSC::::parseMemberExpression):
93 * parser/ParserTokens.h:
94 (JSC::JSTokenLocation::JSTokenLocation):
96 2013-07-31 David Kilzer <ddkilzer@apple.com>
98 <rdar://problem/14605489> iOS: Crash beneath jsTypeStringForValue @ zazzle.com (read past the end of the Arguments array)
100 Merge ToT WebKit r153500.
102 2013-07-30 Mark Hahnenberg <mhahnenberg@apple.com>
104 GetByVal on Arguments does the wrong size load when checking the Arguments object length
105 https://bugs.webkit.org/show_bug.cgi?id=119281
107 Reviewed by Geoffrey Garen.
109 This leads to out of bounds accesses and subsequent crashes.
111 * dfg/DFGSpeculativeJIT.cpp:
112 (JSC::DFG::SpeculativeJIT::compileGetByValOnArguments):
113 * dfg/DFGSpeculativeJIT64.cpp:
114 (JSC::DFG::SpeculativeJIT::compile):
116 2013-07-31 Andy Estes <aestes@apple.com>
118 <rdar://problem/14601962> iOS: CodeBlock DFG entry list isn't getting shrunk-to-fit after linking. (118875)
120 Merged ToT WebKit r152882.
122 2013-07-18 Andreas Kling <akling@apple.com>
124 CodeBlock DFG entry list isn't getting shrunk-to-fit after linking.
125 <http://webkit.org/b/118875>
126 <rdar://problem/14488577>
128 Reviewed by Geoffrey Garen.
130 Move the CodeBlock::shrinkToFit() call out of JITCompiler::link() and to the call sites
131 so SpeculativeJIT::linkOSREntries() can fill in CodeBlock::m_dfgData->osrEntry first.
133 886 kB progression on <http://twitter.com/awesomekling>
135 * dfg/DFGJITCompiler.cpp:
136 (JSC::DFG::JITCompiler::link):
137 (JSC::DFG::JITCompiler::compile):
138 (JSC::DFG::JITCompiler::compileFunction):
140 2013-07-31 Andy Estes <aestes@apple.com>
142 <rdar://problem/14601537> iOS: CodeBlock::m_argumentValueProfiles wastes a lot of memory. (118852)
144 Merged ToT WebKit r152848.
146 2013-07-18 Andreas Kling <akling@apple.com>
148 CodeBlock::m_argumentValueProfiles wastes a lot of memory.
149 <http://webkit.org/b/118852>
150 <rdar://problem/14481659>
152 Reviewed by Anders Carlsson.
154 Use Vector::resizeToFit() for CodeBlock::m_argumentValueProfiles. We don't need any padding
155 for growth, since we won't be appending to it anyway.
157 921 KB progression on <http://twitter.com/awesomekling>
159 * bytecode/CodeBlock.cpp:
160 (JSC::CodeBlock::setNumParameters):
162 2013-07-30 Andy Estes <aestes@apple.com>
164 <rdar://problem/14600834> iOS: [JavaScriptCore] reference to non-existent header in JSValue.h
166 Merged ToT WebKit r152737.
168 2013-07-16 Mark Hahnenberg <mhahnenberg@apple.com>
170 Remove reference to JSValueStructSupport.h from JSExport.h
171 https://bugs.webkit.org/show_bug.cgi?id=118746
173 Reviewed by Filip Pizlo.
175 * API/JSExport.h: No such header exists, so it doesn't make sense to reference it.
177 2013-07-30 Daniel Bates <dabates@apple.com>
179 <rdar://problem/14592535> iOS: Given an empty string, JSStringCreateWithCFString() should not return a JSStringRef whose characters member is NULL
181 Merge ToT WebKit r152807.
183 2013-07-30 Geoffrey Garen <ggaren@apple.com>
185 JSStringCreateWithCFString should not convert the empty string into the NULL string
186 https://bugs.webkit.org/show_bug.cgi?id=118816
188 Reviewed by Sam Weinig.
190 * API/JSStringRef.cpp:
191 (JSStringCreateWithUTF8CString): Removed an extraneous comment, which
192 a previous version of the patch made incorrect.
194 * API/JSStringRefCF.cpp:
195 (JSStringCreateWithCFString): Don't convert the empty string into the
198 2013-07-24 David Kilzer <ddkilzer@apple.com>
200 <rdar://problem/14534782> iOS: DFG string concatenation optimizations might emit speculative nodes after emitting nodes that kill the original inputs (119032)
202 Merge ToT WebKit r153075.
204 2013-07-23 Filip Pizlo <fpizlo@apple.com>
206 DFG string concatenation optimizations might emit speculative nodes after emitting nodes that kill the original inputs
207 https://bugs.webkit.org/show_bug.cgi?id=119032
209 Reviewed by Oliver Hunt.
211 It just needs some Phantom action.
213 * dfg/DFGFixupPhase.cpp:
214 (JSC::DFG::FixupPhase::attemptToMakeFastStringAdd):
216 2013-07-21 David Kilzer <ddkilzer@apple.com>
218 <rdar://problem/14495049> iOS: LLInt get_argument_by_val for JSVALUE64 stores into the array profile when it meant to store into the value profile (118865)
220 Merge ToT WebKit r152868.
222 2013-07-18 Filip Pizlo <fpizlo@apple.com>
224 LLInt get_argument_by_val for JSVALUE64 stores into the array profile when it meant to store into the value profile
225 https://bugs.webkit.org/show_bug.cgi?id=118865
227 Reviewed by Mark Hahnenberg.
229 * llint/LowLevelInterpreter64.asm:
231 2013-07-21 David Kilzer <ddkilzer@apple.com>
233 <rdar://problem/14495065> iOS: DFG assumes that NewFunction will never pass its input through (118798)
235 Merge ToT WebKit r152813, r152818.
237 2013-07-17 Filip Pizlo <fpizlo@apple.com>
239 Unreviewed, fix 32-bit after http://trac.webkit.org/changeset/152813
241 * dfg/DFGSpeculativeJIT.cpp:
242 (JSC::DFG::SpeculativeJIT::compileNewFunctionNoCheck):
243 * dfg/DFGSpeculativeJIT32_64.cpp:
244 (JSC::DFG::SpeculativeJIT::compile):
246 2013-07-17 Filip Pizlo <fpizlo@apple.com>
248 DFG assumes that NewFunction will never pass its input through
249 https://bugs.webkit.org/show_bug.cgi?id=118798
251 Reviewed by Sam Weinig.
253 Previously the DFG was assuming that NewFunction always returns a function. That's not
254 the case. It may return whatever was passed to it, if it wasn't passed SpecEmpty.
256 This fact needed to be wired through the compiler.
258 * dfg/DFGAbstractState.cpp:
259 (JSC::DFG::AbstractState::executeEffects):
260 * dfg/DFGAbstractValue.h:
261 (JSC::DFG::AbstractValue::makeTop):
263 (JSC::DFG::Graph::dump):
264 * dfg/DFGOperations.cpp:
265 * dfg/DFGOperations.h:
266 * dfg/DFGPredictionPropagationPhase.cpp:
267 (JSC::DFG::PredictionPropagationPhase::propagate):
268 * dfg/DFGSpeculativeJIT.h:
269 (JSC::DFG::SpeculativeJIT::callOperation):
270 * dfg/DFGSpeculativeJIT32_64.cpp:
271 (JSC::DFG::SpeculativeJIT::compile):
272 * dfg/DFGSpeculativeJIT64.cpp:
273 (JSC::DFG::SpeculativeJIT::compile):
275 2013-07-10 Oliver Hunt <oliver@apple.com>
277 <rdar://problem/14417366> JavaScriptCore Uninitialized Memory Vulnerability [V-v31xnbnoc5]
279 Merge OpenSource r152573
281 2013-07-10 Oliver Hunt <oliver@apple.com>
283 NativeExecutable cache needs to use both call and construct functions for key
284 https://bugs.webkit.org/show_bug.cgi?id=118545
286 Reviewed by Geoffrey Garen.
288 Make the native executable cache make use a key pair so we don't decide to
289 treat all subsequent functions as not being constructors.
292 (JSC::JITThunks::hostFunctionStub):
294 * runtime/JSBoundFunction.cpp:
295 (JSC::JSBoundFunction::create):
296 * runtime/JSCell.cpp:
297 (JSC::JSCell::getCallData):
298 (JSC::JSCell::getConstructData):
300 2013-07-01 Joseph Pecoraro <pecoraro@apple.com>
302 <rdar://problem/14308371> Gracefully handle dropping support for <input type="datetime">
304 Drop the ENABLE so that <input type="datetime"> fallsback to the
305 appearance of an <input type="text">. It was already handling like
306 a textfield due to RuntimeEnabledFeatures.
310 * Configurations/FeatureDefines.xcconfig:
312 2013-07-01 Mark Hahnenberg <mhahnenberg@apple.com>
314 <rdar://problem/14171014> Seed 1 #2 hang - MobileSafari failed to resume in time (0x8badf00d) due to JSLock deadlock between Reader detection and JS confirm dialog
316 Reviewed by Geoff Garen.
318 DropAllLocks needs to be more judicious with locking the SpinLock when modifying
319 any of JSLock's auxiliary variables (e.g. m_lockCount, m_ownerThread, etc.).
321 * runtime/JSLock.cpp:
322 (JSC::JSLock::unlock):
323 (JSC::JSLock::dropAllLocks): Changed to require a held SpinLock as an argument.
324 (JSC::JSLock::dropAllLocksUnconditionally): Ditto.
325 (JSC::JSLock::grabAllLocks): Ditto. Also now unlocks the SpinLock around acquiring
326 the mutex and then reacquires it after it gets the mutex. We have to do this since we
327 no longer control the locking of the SpinLock.
328 (JSC::JSLock::DropAllLocks::DropAllLocks): DropAllLocks now takes the SpinLock before
329 calling the helper functions.
330 (JSC::JSLock::DropAllLocks::~DropAllLocks): Similarly, ~DropAllLocks now takes the SpinLock
331 before calling grabAllLocks.
334 2013-06-28 Mark Hahnenberg <mhahnenberg@apple.com>
336 J85: 11B404: Very high JIT memory usage in vmmap
337 <rdar://problem/14235816>
339 Rubber stamped by Geoff Garen.
341 CPU(ARM) doesn't include CPU(ARM64), which is how we determine the size of our fixed
342 pool of executable memory.
344 * jit/ExecutableAllocator.h:
346 2013-06-26 Anders Carlsson <andersca@apple.com>
348 <rdar://problem/14279905> Add JSStringCreateWithCharactersNoCopy SPI (118074)
350 Merge ToT WebKit r152052.
352 2013-06-26 Anders Carlsson <andersca@apple.com>
354 Add JSStringCreateWithCharactersNoCopy SPI
355 https://bugs.webkit.org/show_bug.cgi?id=118074
356 <rdar://problem/14279905>
358 Reviewed by Geoffrey Garen.
360 * API/JSStringRef.cpp:
361 (JSStringCreateWithCharactersNoCopy):
362 Create a new OpaqueJSString, using the newly added StringImpl::createWithoutCopying function.
364 * API/JSStringRefPrivate.h: Added.
365 Add a home for the JSStringCreateWithCharactersNoCopy function.
367 * API/OpaqueJSString.h:
368 (OpaqueJSString::OpaqueJSString):
369 Just call isolatedCopy on the passed in string.
371 * API/tests/testapi.c:
372 Add an API test for JSStringCreateWithCharactersNoCopy.
374 * JavaScriptCore.xcodeproj/project.pbxproj:
377 2013-05-30 David Farler <dfarler@apple.com>
379 <rdar://problem/13952116> run-javascriptcore-tests always returns 0 on Mountain Lion
381 Merged ToT WebKit r150998
383 2013-05-30 David Farler <dfarler@apple.com>
385 Fix jscore-test when not using --sdk option with jsDriver.pl
386 https://bugs.webkit.org/show_bug.cgi?id=116339
388 Reviewed by Joe Pecoraro.
390 * tests/mozilla/jsDriver.pl:
392 With each test, the shell_command needs to be started from scratch.
394 This fix will clear the shell_command and start over as before with
395 the opt_arch option when not using --sdk with jsDriver.pl.
397 2013-05-30 David Farler <dfarler@apple.com>
399 <rdar://problem/13952116> run-javascriptcore-tests always returns 0 on Mountain Lion
401 Merged ToT WebKit r150994
403 2013-05-22 David Farler <dfarler@apple.com>
405 Add --sdk option to jsDriver.pl to run with iOS Simulator
406 https://bugs.webkit.org/show_bug.cgi?id=116339
408 Reviewed by David Kilzer.
410 * tests/mozilla/jsDriver.pl:
412 Prefix shell command with the path to the "sim" tool.
414 Add -d / --sdk option.
416 Help message for -d / --sdk option.
418 2013-05-29 Roger Fong <roger_fong@apple.com>
420 Disable some feature flags.
421 <rdar://problem/12952646>.
423 Rubberstamped by Jon Lee.
426 ENABLE_CSS_COMPOSITING
427 ENABLE_CSS_EXCLUSIONS
429 ENABLE_IFRAME_SEAMLESS
430 ENABLE_CSS_TRANSFORMS_ANIMATIONS_UNPREFIXED
431 ENABLE_SHARED_WORKERS
433 * Configurations/FeatureDefines.xcconfig:
435 2013-05-23 Chris Fleizach <cfleizach@apple.com>
437 <rdar://problem/13974584> WEB SPEECH: enable WebSpeech for iOS
439 Reviewed by David Kilzer.
441 * Configurations/FeatureDefines.xcconfig:
443 2013-05-22 David Farler <dfarler@apple.com>
445 Add --sdk flag to jsDriver.pl to allow running in the iOS simulator
446 https://bugs.webkit.org/show_bug.cgi?id=116339
448 Reviewed by Joe Pecoraro.
450 * tests/mozilla/jsDriver.pl:
452 Use -find to prevent false return 0 from xcrun on Mountain Lion.
454 2013-05-20 Oliver Hunt <oliver@apple.com>
456 <rdar://problem/11855076> CrashTracer: Crash ReaderController::collectReadingListItemInformation() due to passing a NULL ctx to JSValueIsObject(
458 Merged ToT WebKit r150381
460 2013-05-20 Oliver Hunt <oliver@apple.com>
462 Make C API more robust against null contexts
463 https://bugs.webkit.org/show_bug.cgi?id=116462
465 Reviewed by Anders Carlsson.
467 Handle null contexts in a non-crashy way. It's a bug to ever call the
468 API with a null context, and the absence of a context means we can't
469 produce a meaningful result, so we still assert in debug builds.
471 Now where possible we detect and early return, returning null for any
472 pointer type, NaN for doubles, and false for any boolean result.
476 (JSCheckScriptSyntax):
477 (JSReportExtraMemoryCost):
478 * API/JSContextRef.cpp:
479 (JSContextGetGlobalObject):
481 (JSContextGetGlobalContext):
482 (JSContextCreateBacktrace):
483 * API/JSObjectRef.cpp:
485 (JSObjectMakeFunctionWithCallback):
486 (JSObjectMakeConstructor):
487 (JSObjectMakeFunction):
491 (JSObjectMakeRegExp):
492 (JSObjectGetPrototype):
493 (JSObjectSetPrototype):
494 (JSObjectHasProperty):
495 (JSObjectGetProperty):
496 (JSObjectSetProperty):
497 (JSObjectGetPropertyAtIndex):
498 (JSObjectSetPropertyAtIndex):
499 (JSObjectDeleteProperty):
500 (JSObjectCopyPropertyNames):
501 * API/JSValueRef.cpp:
503 (JSValueIsUndefined):
509 (JSValueIsObjectOfClass):
511 (JSValueIsStrictEqual):
512 (JSValueIsInstanceOfConstructor):
513 (JSValueMakeUndefined):
515 (JSValueMakeBoolean):
518 (JSValueMakeFromJSONString):
519 (JSValueCreateJSONString):
522 (JSValueToStringCopy):
525 * API/JSWeakObjectMapRefPrivate.cpp:
527 2013-05-17 David Farler <dfarler@apple.com>
529 <rdar://problem/13907880> MobileSafari buildbot: jscore-test fails for the simulator: dyld: Symbol not found: _objc_isAuto
531 Reviewed by David Kilzer and Joe Pecoraro.
533 * tests/mozilla/jsDriver.pl: Add -d/--sdk option to use a simulator SDK.
534 (execute_tests): Prefix jsc command with xcrun sim call if SDK is set.
536 2013-05-15 Oliver Hunt <oliver@apple.com>
538 <rdar://problem/13888177> REGRESSION: Crash beneath createScriptCallStackFromException @ www.cars.com
539 Merged ToT WebKit 150160
541 2013-05-15 Oliver Hunt <oliver@apple.com>
543 RefCountedArray needs to use vector initialisers for its backing store
544 https://bugs.webkit.org/show_bug.cgi?id=116194
546 Reviewed by Gavin Barraclough.
548 Use an out of line function to clear the exception stack to avoid
549 needing to include otherwise unnecessary headers all over the place.
551 Everything else is just being updated to use that.
553 * bytecompiler/BytecodeGenerator.cpp:
554 * interpreter/CallFrame.h:
555 (JSC::ExecState::clearSupplementaryExceptionInfo):
556 * interpreter/Interpreter.cpp:
557 (JSC::Interpreter::addStackTraceIfNecessary):
558 (JSC::Interpreter::throwException):
559 * runtime/JSGlobalObject.cpp:
560 (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope):
563 (JSC::VM::clearExceptionStack):
566 (JSC::VM::exceptionStack):
568 2013-05-14 Mark Lam <mark.lam@apple.com>
570 Rename globalData to vm to match the renaming in the rest of the code.
571 This unbreaks the debug build for arm64.
573 Reviewed by Mark Hahnenberg.
576 (JSC::performPlatformSpecificJITAssertions):
578 2013-05-14 Mark Hahnenberg <mhahnenberg@apple.com>
580 <rdar://problem/13889005> Objective-C API: Bridging between C API and Obj-C API should be part of the public interface
582 Merged ToT WebKit r149401
584 2013-04-30 Geoffrey Garen <ggaren@apple.com>
586 Objective-C JavaScriptCore API should publicly support bridging to C
587 https://bugs.webkit.org/show_bug.cgi?id=115447
589 Reviewed by Mark Hahnenberg.
591 For consistency, I renamed
593 +[JSValue valueWithValue:] => +[JSValue valueWithJSValueRef]
594 +[JSContext contextWithGlobalContextRef] => +[JSContext contextWithJSGlobalContextRef]
595 -[JSContext globalContext] => -[JSContext JSGlobalContextRef]
597 I searched svn to verify that these functions don't have clients yet,
598 so we won't break anything.
600 I also exported as public API
602 +[JSValue valueWithJSValueRef:]
603 +[JSContext contextWithJSGlobalContextRef:]
605 It's hard to integrate with the C API without these.
607 2013-05-13 Mark Hahnenberg <mhahnenberg@apple.com>
609 <rdar://problem/13877067> REGRESSION: Deadlock in AdSheet during JavaScript GC
611 Merged ToT WebKit r150050.
613 2013-05-13 Mark Hahnenberg <mhahnenberg@apple.com>
615 Objective-C API: scanExternalObjectGraph should not create new JSVirtualMachine wrappers
616 https://bugs.webkit.org/show_bug.cgi?id=116074
618 If scanExternalObjectGraph creates a new JSVirtualMachine wrapper during collection, when the
619 scanExternalObjectGraph call finishes and the autorelease pool is drained we will dealloc the
620 JSVirtualMachine which will cause us to try to take the API lock for the corresponding VM.
621 If this happens on a GC thread other than the "main" thread, we will deadlock. The solution
622 is to just check the VM cache, and if there is no JSVirtualMachine wrapper, return early.
624 Reviewed by Darin Adler.
626 * API/JSVirtualMachine.mm:
627 (scanExternalObjectGraph):
629 2013-05-09 Michael Saboff <msaboff@apple.com>
631 Merged ToT WebKit r149821.
633 2013-05-08 Michael Saboff <msaboff@apple.com>
635 JSC: There should be a disassembler for ARM Thumb 2
636 https://bugs.webkit.org/show_bug.cgi?id=115827
638 Reviewed by Filip Pizlo.
640 Added a new disassembler for ARMv7 Thumb2 instructions for use by the JSC debugging
641 and profiling code. The opcode coverage is currently not complete. It covers all
642 of the integer instructions JSC currently emits, but only a limited number of
643 floating point opcodes. Currently that is just the 64 bit vmov and vmsr instructions.
645 The disassembler is structured as a base opcode class ARMv7DOpcode with sub-classes
646 for each instruction group. There is a public format method that does the bulk of
647 the disassembly work. There are two broad sub-classes, ARMv7D16BitOpcode and
648 ARMv7D32BitOpcode, for the 16 bit and 32 bit opcodes. There are sub-classes under
649 those two classes for individual and related groups of opcodes. Instructions are
650 "dispatched" to the right subclass via two arrays of linked lists in the inner classes
651 OpcodeGroup. There is one such inner class for each ARMv7D16BitOpcode and ARMv7D32BitOpcode.
652 Each OpcodeGroup has a mask and a pattern that it applies to the instruction to determine
653 that it matches a particular group. OpcodeGroup uses a static method to reinterpret_cast
654 the Opcode object to the right base class for the instruction group for formatting.
655 The cast eliminates the need of allocating an object for each decoded instruction.
656 Unknown instructions are formatted as ".word 1234" or ".long 12345678" depending whether
657 the instruction is 16 or 32 bit.
659 * JavaScriptCore.xcodeproj/project.pbxproj:
660 * disassembler/ARMv7: Added.
661 * disassembler/ARMv7/ARMv7DOpcode.cpp: Added.
663 (OpcodeGroupInitializer):
664 (JSC::ARMv7Disassembler::ARMv7DOpcode::init):
665 (JSC::ARMv7Disassembler::ARMv7DOpcode::startITBlock):
666 (JSC::ARMv7Disassembler::ARMv7DOpcode::saveITConditionAt):
667 (JSC::ARMv7Disassembler::ARMv7DOpcode::fetchOpcode):
668 (JSC::ARMv7Disassembler::ARMv7DOpcode::disassemble):
669 (JSC::ARMv7Disassembler::ARMv7DOpcode::bufferPrintf):
670 (JSC::ARMv7Disassembler::ARMv7DOpcode::appendInstructionName):
671 (JSC::ARMv7Disassembler::ARMv7DOpcode::appendRegisterName):
672 (JSC::ARMv7Disassembler::ARMv7DOpcode::appendRegisterList):
673 (JSC::ARMv7Disassembler::ARMv7DOpcode::appendFPRegisterName):
674 (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::init):
675 (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::doDisassemble):
676 (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::defaultFormat):
677 (JSC::ARMv7Disassembler::ARMv7DOpcodeAddRegisterT2::format):
678 (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSPPlusImmediate::format):
679 (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractT1::format):
680 (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate3::format):
681 (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate8::format):
682 (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchConditionalT1::format):
683 (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchExchangeT1::format):
684 (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchT2::format):
685 (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareImmediateT1::format):
686 (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareRegisterT1::format):
687 (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareRegisterT2::format):
688 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegisterT1::format):
689 (JSC::ARMv7Disassembler::ARMv7DOpcodeGeneratePCRelativeAddress::format):
690 (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadFromLiteralPool::format):
691 (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::format):
692 (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterOffsetT1::format):
693 (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterSPRelative::format):
694 (JSC::ARMv7Disassembler::ARMv7DOpcodeLogicalImmediateT1::format):
695 (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscAddSubSP::format):
696 (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscBreakpointT1::format):
697 (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscByteHalfwordOps::format):
698 (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscCompareAndBranch::format):
699 (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscHint16::format):
700 (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscIfThenT1::format):
701 (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscPushPop::format):
702 (JSC::ARMv7Disassembler::ARMv7DOpcodeMoveImmediateT1::format):
703 (JSC::ARMv7Disassembler::ARMv7DOpcodeMoveRegisterT1::format):
704 (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::init):
705 (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::doDisassemble):
706 (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::defaultFormat):
707 (JSC::ARMv7Disassembler::ARMv7DOpcodeConditionalBranchT3::format):
708 (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchOrBranchLink::format):
709 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingModifiedImmediate::appendModifiedImmediate):
710 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingModifiedImmediate::format):
711 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::appendImmShift):
712 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::format):
713 (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::format):
714 (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::appendFPRegister):
715 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegShift::format):
716 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegExtend::format):
717 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegParallel::format):
718 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegMisc::format):
719 (JSC::ARMv7Disassembler::ARMv7DOpcodeHint32::format):
720 (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadRegister::format):
721 (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadSignedImmediate::format):
722 (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadUnsignedImmediate::format):
723 (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::format):
724 (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::format):
725 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataPushPopSingle::format):
726 (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate12::format):
727 (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate8::format):
728 (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleRegister::format):
729 (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVDoublePrecision::format):
730 (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVSinglePrecision::format):
731 (JSC::ARMv7Disassembler::ARMv7DOpcodeVMSR::format):
732 * disassembler/ARMv7/ARMv7DOpcode.h: Added.
735 (JSC::ARMv7Disassembler::ARMv7DOpcode::ARMv7DOpcode):
736 (JSC::ARMv7Disassembler::ARMv7DOpcode::is32BitInstruction):
737 (JSC::ARMv7Disassembler::ARMv7DOpcode::isFPInstruction):
738 (JSC::ARMv7Disassembler::ARMv7DOpcode::conditionName):
739 (JSC::ARMv7Disassembler::ARMv7DOpcode::shiftName):
740 (JSC::ARMv7Disassembler::ARMv7DOpcode::inITBlock):
741 (JSC::ARMv7Disassembler::ARMv7DOpcode::startingITBlock):
742 (JSC::ARMv7Disassembler::ARMv7DOpcode::endITBlock):
743 (JSC::ARMv7Disassembler::ARMv7DOpcode::appendInstructionNameNoITBlock):
744 (JSC::ARMv7Disassembler::ARMv7DOpcode::appendSeparator):
745 (JSC::ARMv7Disassembler::ARMv7DOpcode::appendCharacter):
746 (JSC::ARMv7Disassembler::ARMv7DOpcode::appendString):
747 (JSC::ARMv7Disassembler::ARMv7DOpcode::appendShiftType):
748 (JSC::ARMv7Disassembler::ARMv7DOpcode::appendSignedImmediate):
749 (JSC::ARMv7Disassembler::ARMv7DOpcode::appendUnsignedImmediate):
750 (JSC::ARMv7Disassembler::ARMv7DOpcode::appendPCRelativeOffset):
751 (JSC::ARMv7Disassembler::ARMv7DOpcode::appendShiftAmount):
754 (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::OpcodeGroup::OpcodeGroup):
755 (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::OpcodeGroup::setNext):
756 (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::OpcodeGroup::next):
757 (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::OpcodeGroup::matches):
758 (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::OpcodeGroup::format):
759 (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::rm):
760 (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::rd):
761 (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::opcodeGroupNumber):
762 (ARMv7DOpcodeAddRegisterT2):
763 (JSC::ARMv7Disassembler::ARMv7DOpcodeAddRegisterT2::rdn):
764 (JSC::ARMv7Disassembler::ARMv7DOpcodeAddRegisterT2::rm):
765 (ARMv7DOpcodeAddSPPlusImmediate):
766 (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSPPlusImmediate::rd):
767 (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSPPlusImmediate::immediate8):
768 (ARMv7DOpcodeAddSubtract):
769 (ARMv7DOpcodeAddSubtractT1):
770 (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractT1::opName):
771 (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractT1::op):
772 (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractT1::rm):
773 (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractT1::rn):
774 (ARMv7DOpcodeAddSubtractImmediate3):
775 (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate3::opName):
776 (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate3::op):
777 (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate3::immediate3):
778 (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate3::rn):
779 (ARMv7DOpcodeAddSubtractImmediate8):
780 (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate8::opName):
781 (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate8::op):
782 (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate8::rdn):
783 (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate8::immediate8):
784 (ARMv7DOpcodeBranchConditionalT1):
785 (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchConditionalT1::condition):
786 (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchConditionalT1::offset):
787 (ARMv7DOpcodeBranchExchangeT1):
788 (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchExchangeT1::opName):
789 (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchExchangeT1::rm):
790 (ARMv7DOpcodeBranchT2):
791 (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchT2::immediate11):
792 (ARMv7DOpcodeCompareImmediateT1):
793 (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareImmediateT1::rn):
794 (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareImmediateT1::immediate8):
795 (ARMv7DOpcodeCompareRegisterT1):
796 (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareRegisterT1::rn):
797 (ARMv7DOpcodeCompareRegisterT2):
798 (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareRegisterT2::rn):
799 (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareRegisterT2::rm):
800 (ARMv7DOpcodeDataProcessingRegisterT1):
801 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegisterT1::opName):
802 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegisterT1::op):
803 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegisterT1::rm):
804 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegisterT1::rdn):
805 (ARMv7DOpcodeGeneratePCRelativeAddress):
806 (JSC::ARMv7Disassembler::ARMv7DOpcodeGeneratePCRelativeAddress::rd):
807 (JSC::ARMv7Disassembler::ARMv7DOpcodeGeneratePCRelativeAddress::immediate8):
808 (ARMv7DOpcodeLoadFromLiteralPool):
809 (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadFromLiteralPool::rt):
810 (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadFromLiteralPool::immediate8):
811 (ARMv7DOpcodeLoadStoreRegisterImmediate):
812 (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::opName):
813 (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::op):
814 (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::immediate5):
815 (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::rn):
816 (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::rt):
817 (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::scale):
818 (ARMv7DOpcodeLoadStoreRegisterImmediateWordAndByte):
819 (ARMv7DOpcodeLoadStoreRegisterImmediateHalfWord):
820 (ARMv7DOpcodeLoadStoreRegisterOffsetT1):
821 (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterOffsetT1::opName):
822 (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterOffsetT1::opB):
823 (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterOffsetT1::rm):
824 (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterOffsetT1::rn):
825 (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterOffsetT1::rt):
826 (ARMv7DOpcodeLoadStoreRegisterSPRelative):
827 (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterSPRelative::opName):
828 (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterSPRelative::op):
829 (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterSPRelative::rt):
830 (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterSPRelative::immediate8):
831 (ARMv7DOpcodeLogicalImmediateT1):
832 (JSC::ARMv7Disassembler::ARMv7DOpcodeLogicalImmediateT1::opName):
833 (JSC::ARMv7Disassembler::ARMv7DOpcodeLogicalImmediateT1::op):
834 (JSC::ARMv7Disassembler::ARMv7DOpcodeLogicalImmediateT1::immediate5):
835 (ARMv7DOpcodeMiscAddSubSP):
836 (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscAddSubSP::opName):
837 (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscAddSubSP::op):
838 (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscAddSubSP::immediate7):
839 (ARMv7DOpcodeMiscByteHalfwordOps):
840 (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscByteHalfwordOps::opName):
841 (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscByteHalfwordOps::op):
842 (ARMv7DOpcodeMiscBreakpointT1):
843 (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscBreakpointT1::immediate8):
844 (ARMv7DOpcodeMiscCompareAndBranch):
845 (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscCompareAndBranch::opName):
846 (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscCompareAndBranch::op):
847 (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscCompareAndBranch::immediate6):
848 (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscCompareAndBranch::rn):
849 (ARMv7DOpcodeMiscHint16):
850 (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscHint16::opName):
851 (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscHint16::opA):
852 (ARMv7DOpcodeMiscIfThenT1):
853 (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscIfThenT1::firstCondition):
854 (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscIfThenT1::mask):
855 (ARMv7DOpcodeMiscPushPop):
856 (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscPushPop::opName):
857 (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscPushPop::op):
858 (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscPushPop::registerMask):
859 (ARMv7DOpcodeMoveImmediateT1):
860 (JSC::ARMv7Disassembler::ARMv7DOpcodeMoveImmediateT1::rd):
861 (JSC::ARMv7Disassembler::ARMv7DOpcodeMoveImmediateT1::immediate8):
862 (ARMv7DOpcodeMoveRegisterT1):
863 (JSC::ARMv7Disassembler::ARMv7DOpcodeMoveRegisterT1::rd):
864 (JSC::ARMv7Disassembler::ARMv7DOpcodeMoveRegisterT1::rm):
866 (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::OpcodeGroup::OpcodeGroup):
867 (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::OpcodeGroup::setNext):
868 (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::OpcodeGroup::next):
869 (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::OpcodeGroup::matches):
870 (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::OpcodeGroup::format):
871 (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::rd):
872 (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::rm):
873 (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::rn):
874 (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::rt):
875 (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::opcodeGroupNumber):
876 (ARMv7DOpcodeBranchRelative):
877 (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchRelative::sBit):
878 (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchRelative::j1):
879 (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchRelative::j2):
880 (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchRelative::immediate11):
881 (ARMv7DOpcodeConditionalBranchT3):
882 (JSC::ARMv7Disassembler::ARMv7DOpcodeConditionalBranchT3::offset):
883 (JSC::ARMv7Disassembler::ARMv7DOpcodeConditionalBranchT3::condition):
884 (JSC::ARMv7Disassembler::ARMv7DOpcodeConditionalBranchT3::immediate6):
885 (ARMv7DOpcodeBranchOrBranchLink):
886 (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchOrBranchLink::offset):
887 (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchOrBranchLink::immediate10):
888 (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchOrBranchLink::isBL):
889 (ARMv7DOpcodeDataProcessingLogicalAndRithmetic):
890 (ARMv7DOpcodeDataProcessingModifiedImmediate):
891 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingModifiedImmediate::opName):
892 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingModifiedImmediate::op):
893 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingModifiedImmediate::sBit):
894 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingModifiedImmediate::immediate12):
895 (ARMv7DOpcodeDataProcessingShiftedReg):
896 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::opName):
897 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::sBit):
898 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::op):
899 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::immediate5):
900 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::type):
901 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::tbBit):
902 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::tBit):
903 (ARMv7DOpcodeDataProcessingReg):
904 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingReg::op1):
905 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingReg::op2):
906 (ARMv7DOpcodeDataProcessingRegShift):
907 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegShift::opName):
908 (ARMv7DOpcodeDataProcessingRegExtend):
909 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegExtend::opExtendName):
910 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegExtend::opExtendAndAddName):
911 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegExtend::rotate):
912 (ARMv7DOpcodeDataProcessingRegParallel):
913 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegParallel::opName):
914 (ARMv7DOpcodeDataProcessingRegMisc):
915 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegMisc::opName):
916 (ARMv7DOpcodeHint32):
917 (JSC::ARMv7Disassembler::ARMv7DOpcodeHint32::opName):
918 (JSC::ARMv7Disassembler::ARMv7DOpcodeHint32::isDebugHint):
919 (JSC::ARMv7Disassembler::ARMv7DOpcodeHint32::debugOption):
920 (JSC::ARMv7Disassembler::ARMv7DOpcodeHint32::op):
921 (ARMv7DOpcodeFPTransfer):
922 (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::opH):
923 (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::opL):
924 (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::rt):
925 (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::opC):
926 (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::opB):
927 (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::vd):
928 (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::vn):
929 (ARMv7DOpcodeDataLoad):
930 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataLoad::opName):
931 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataLoad::op):
932 (ARMv7DOpcodeLoadRegister):
933 (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadRegister::immediate2):
934 (ARMv7DOpcodeLoadSignedImmediate):
935 (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadSignedImmediate::pBit):
936 (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadSignedImmediate::uBit):
937 (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadSignedImmediate::wBit):
938 (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadSignedImmediate::immediate8):
939 (ARMv7DOpcodeLoadUnsignedImmediate):
940 (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadUnsignedImmediate::immediate12):
941 (ARMv7DOpcodeLongMultipleDivide):
942 (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::opName):
943 (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::smlalOpName):
944 (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::smlaldOpName):
945 (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::smlsldOpName):
946 (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::rdLo):
947 (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::rdHi):
948 (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::op1):
949 (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::op2):
950 (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::nBit):
951 (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::mBit):
952 (ARMv7DOpcodeDataPushPopSingle):
953 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataPushPopSingle::opName):
954 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataPushPopSingle::op):
955 (ARMv7DOpcodeDataStoreSingle):
956 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataStoreSingle::opName):
957 (JSC::ARMv7Disassembler::ARMv7DOpcodeDataStoreSingle::op):
958 (ARMv7DOpcodeStoreSingleImmediate12):
959 (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate12::immediate12):
960 (ARMv7DOpcodeStoreSingleImmediate8):
961 (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate8::pBit):
962 (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate8::uBit):
963 (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate8::wBit):
964 (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate8::immediate8):
965 (ARMv7DOpcodeStoreSingleRegister):
966 (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleRegister::immediate2):
967 (ARMv7DOpcodeUnmodifiedImmediate):
968 (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::opName):
969 (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::op):
970 (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::shBit):
971 (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::bitNumOrSatImmediate):
972 (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::immediate5):
973 (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::immediate12):
974 (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::immediate16):
975 (ARMv7DOpcodeVMOVDoublePrecision):
976 (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVDoublePrecision::op):
977 (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVDoublePrecision::rt2):
978 (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVDoublePrecision::rt):
979 (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVDoublePrecision::vm):
980 (ARMv7DOpcodeVMOVSinglePrecision):
981 (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVSinglePrecision::op):
982 (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVSinglePrecision::rt2):
983 (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVSinglePrecision::rt):
984 (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVSinglePrecision::vm):
986 (JSC::ARMv7Disassembler::ARMv7DOpcodeVMSR::opL):
987 (JSC::ARMv7Disassembler::ARMv7DOpcodeVMSR::rt):
988 * disassembler/ARMv7Disassembler.cpp: Added.
989 (JSC::tryToDisassemble):
991 2013-04-29 David Kilzer <ddkilzer@apple.com>
993 <rdar://problem/13443266> Make sure that CSS shaders are not enabled when we ship Innsbruck
995 Reviewed by Joseph Pecoraro.
997 * Configurations/FeatureDefines.xcconfig: Turn off
998 ENABLE_CSS_SHADERS on iOS.
1000 2013-04-26 Benjamin Poulain <bpoulain@apple.com>
1002 Use frintp instead of calling ceil() on ARMv8
1004 Reviewed by Filip Pizlo.
1006 Like floor(), it is about two times faster than calling the C function.
1008 * assembler/MacroAssemblerARM64.h:
1009 (JSC::MacroAssemblerARM64::ceilDouble):
1010 (MacroAssemblerARM64):
1011 * jit/ThunkGenerators.cpp:
1012 (JSC::ceilThunkGenerator):
1014 2013-04-25 Mark Hahnenberg <mhahnenberg@apple.com>
1016 Support OS-version-specific install paths for JavaScriptCore.framework
1017 <rdar://problem/13696872>
1019 Reviewed by David Kilzer.
1021 * API/JSBase.cpp: Added special symbols that tell the linker where to find JSC on older systems.
1023 2013-04-25 Benjamin Poulain <bpoulain@apple.com>
1025 Use frintm instead of calling floor() on ARMv8
1027 Reviewed by Filip Pizlo.
1029 We can do floor() in one instruction on ARMv8. Add floorDouble() to the
1030 MacroAssembler and use that instead of invoking the C function floor().
1032 * assembler/MacroAssemblerARM64.h:
1033 (JSC::MacroAssemblerARM64::floorDouble):
1034 (MacroAssemblerARM64):
1035 * jit/ThunkGenerators.cpp:
1036 (JSC::floorThunkGenerator):
1038 2013-04-25 Benjamin Poulain <bpoulain@apple.com>
1040 Special thunks for math functions should work on ARMv8
1042 Reviewed by Filip Pizlo.
1044 * jit/ThunkGenerators.cpp:
1045 Add a ARMv8 thunks for math functions similar to Filip's optimization
1048 2013-04-25 Michael Saboff <msaboff@apple.com>
1050 <rdar://problem/13716112> PEP Web: N41/11A344: MobileSafari crashed at JSC::speculationFromValue when running Alexa test.
1052 Merged ToT WebKit r149128.
1054 2013-04-25 Michael Saboff <msaboff@apple.com>
1056 32 Bit: Crash due to RegExpTest nodes not setting result type to Boolean
1057 https://bugs.webkit.org/show_bug.cgi?id=115188
1059 Reviewed by Geoff Garen.
1061 Changed the RegExpTest node to set the AbstractValue to boolean, since that
1064 * dfg/DFGAbstractState.cpp:
1065 (JSC::DFG::AbstractState::executeEffects):
1067 2013-04-24 Filip Pizlo <fpizlo@apple.com>
1069 Merge r149082. Nice speedup on Kraken with ARMv7.
1071 2013-04-24 Filip Pizlo <fpizlo@apple.com>
1073 Special thunks for math functions should work on ARMv7
1074 https://bugs.webkit.org/show_bug.cgi?id=115144
1076 Reviewed by Gavin Barraclough and Oliver Hunt.
1078 The only hard bit here was ensuring that we implemented the very special
1079 "cheap C call" convention on ARMv7.
1081 * assembler/AbstractMacroAssembler.h:
1086 * jit/SpecializedThunkJIT.h:
1087 (SpecializedThunkJIT):
1088 (JSC::SpecializedThunkJIT::callDoubleToDoublePreservingReturn):
1089 * jit/ThunkGenerators.cpp:
1090 (JSC::floorThunkGenerator):
1091 (JSC::ceilThunkGenerator):
1092 (JSC::roundThunkGenerator):
1093 (JSC::expThunkGenerator):
1094 (JSC::logThunkGenerator):
1096 2013-04-08 David Farler <dfarler@apple.com>
1098 <rdar://problem/13598231> jsc codesign is failing on engineering
1099 builds and on some buildbots
1101 Reviewed by NOBODY (OOPS!).
1103 For the simulator, the tail end of the invocation is ending up
1104 as "... --entitlements jsc", because there are no entitlements
1107 For the device, we have to use --force to protect incremental
1108 builds. If jsc isn't rebuilt and copied, it'll already be signed
1109 and codesign will return non-zero even though nothing is wrong.
1111 * JavaScriptCore.xcodeproj/project.pbxproj:
1112 - Add a check for $CODE_SIGNING_ALLOWED &&
1113 &AD_HOC_CODE_SIGNING_ALLOWED around the resigning block.
1114 - Add --force to the codesign invocation to protect second-round
1116 - Use one invocation of codesign with ${CODE_SIGN_IDENTITY:=-}
1117 instead of an if statement.
1119 2013-04-07 David Farler <dfarler@apple.com>
1121 <rdar://problem/10387627> MAP_JIT Entitlements set inconsistently for jsc command-line binaries
1123 Reviewed by NOBODY (OOPS!).
1125 * JavaScriptCore.xcodeproj/project.pbxproj:
1126 If the configuration is Production or the action is "install",
1127 the install path for jsc will be set to the framework path and
1130 For other configurations and actions, the jsc binary is placed
1131 in the build products directory and is also signed.
1133 However, when copying that binary into the framework, the code
1134 signature is lost. We can resign the binary with the same
1135 entitlements and identity (parameterized for safety here, but
1136 ad-hoc in practice).
1138 2013-03-19 Joseph Pecoraro <pecoraro@apple.com>
1140 <rdar://problem/8939634> Sub-TLF: Add JS APIs to trigger AirPlay from web pages, for HTML5 <video>
1142 Add ENABLE(IOS_AIRPLAY) guard for iOS airplay feature enhancements.
1144 Reviewed by David Kilzer.
1146 * Configurations/FeatureDefines.xcconfig:
1148 2013-03-30 David Kilzer <ddkilzer@apple.com>
1150 <rdar://problem/13541888> Innsbruck11A321: checkForBugs: realpath() failed on /BuildRoot/…/PrivateFrameworks/JavaScriptCore.framework/JavaScriptCore
1152 Reviewed by Mark Hahnenberg.
1154 * JavaScriptCore.xcodeproj/project.pbxproj:
1155 (Add symlink from public to private framework): Create relative
1156 symlink instead of absolute symlink.
1158 2013-03-29 Mark Hahnenberg <mhahnenberg@apple.com>
1160 <rdar://problem/13351449> Objective-C API: Move JSC framework to public frameworks directory on Innsbruck
1162 Reviewed by NOBODY (OOPS!).
1164 Change JavaScriptCore to be installed into the public Frameworks directory. Also add a symlink between the
1165 new and old location in case other projects link against JSC's absolute path.
1167 * Configurations/Base.xcconfig:
1168 * JavaScriptCore.xcodeproj/project.pbxproj:
1170 2013-03-22 Andy Estes <aestes@apple.com>
1172 <rdar://problem/13469374> Enable cache partitioning on iOS WebKit
1174 Re-enable the feature after I rolled it out in r1197821.
1176 * Configurations/FeatureDefines.xcconfig:
1178 2013-03-22 Andy Estes <aestes@apple.com>
1180 <rdar://problem/13469374> Enable cache partitioning on iOS WebKit
1182 Patch by Jeffrey Pfau.
1183 Rubber-stamped by David Kilzer.
1185 * Configurations/FeatureDefines.xcconfig:
1187 2013-03-20 Yongjun Zhang <yongjun_zhang@apple.com>
1189 <rdar://problem/13406788> Crash in JSC::CodeBlock::handlerForBytecodeOffset loading nba.com with merge #7
1191 Merged ToT WebKit r146255.
1193 2013-03-19 Oliver Hunt <oliver@apple.com>
1195 RELEASE_ASSERT fires in exception handler lookup
1199 Temporarily switch this RELEASE_ASSERT into a regular ASSERT
1200 as currently this is producing fairly bad crashiness.
1202 * bytecode/CodeBlock.cpp:
1203 (JSC::CodeBlock::handlerForBytecodeOffset):
1205 2013-03-16 Pratik Solanki <psolanki@apple.com>
1207 <rdar://problem/13425917> ImageBufferData::getData taking 14x (36ms -> 535ms) more time on apple.com webpage
1209 Reviewed by Joseph Pecoraro.
1211 Turn off ENABLE_HIGH_DPI_CANVAS on iOS. It got enabled by mistake in merge #4 <rdar://problem/12511066>.
1213 * Configurations/FeatureDefines.xcconfig:
1215 2013-03-14 Mark Hahnenberg <mhahnenberg@apple.com>
1217 Merge of ToT WebKit r145842 for <rdar://problem/13422001>.
1219 2013-03-14 Mark Hahnenberg <mhahnenberg@apple.com>
1221 Objective-C API: Nested dictionaries are not converted properly in the Objective-C binding
1222 https://bugs.webkit.org/show_bug.cgi?id=112377
1224 Reviewed by Oliver Hunt.
1226 Accidental reassignment of the root task in the container conversion logic was causing the last
1227 array or dictionary processed to be returned in the case of nested containers.
1230 (containerValueToObject):
1231 * API/tests/testapi.mm:
1233 2013-03-11 Michael Saboff <msaboff@apple.com>
1235 Merge of ToT WebKit r145417.
1237 2013-03-11 Michael Saboff <msaboff@apple.com>
1239 Crash beneath operationCreateInlinedArguments running fast/js/dfg-create-inlined-arguments-in-closure-inline.html (32-bit only)
1240 https://bugs.webkit.org/show_bug.cgi?id=112067
1242 Reviewed by Geoffrey Garen.
1244 We weren't setting the tag in SetCallee. Therefore set it to CellTag.
1246 * dfg/DFGSpeculativeJIT32_64.cpp:
1247 (JSC::DFG::SpeculativeJIT::compile):
1249 2013-03-07 Michael Saboff <msaboff@apple.com>
1251 Merge ToT WebKit r145150.
1253 2013-03-07 Michael Saboff <msaboff@apple.com>
1255 Crash when updating predictions below JSC::arrayProtoFuncForEach on tuaw.com article
1256 https://bugs.webkit.org/show_bug.cgi?id=111777
1258 Reviewed by Filip Pizlo.
1260 Moved register allocations to be above any generated control flow so that any
1261 resulting spill would be visible to all subsequently generated code.
1263 * dfg/DFGSpeculativeJIT32_64.cpp:
1264 (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
1265 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
1266 (JSC::DFG::SpeculativeJIT::compile):
1267 * dfg/DFGSpeculativeJIT64.cpp:
1268 (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
1269 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
1270 (JSC::DFG::SpeculativeJIT::compile):
1272 2013-03-06 Michael Saboff <msaboff@apple.com>
1274 <rdar://problem/13319989> GPRInfo.debugName for CPU(ARM) is wrong (and might be wrong for CPU(ARM64) as well)
1276 Reviewed by David Kilzer.
1278 Restored THUMB2 to what is in open source and cleaned up ARM64 for both toIndex() and debugName(). Added
1279 static_cast's to ARM64 code.
1282 (JSC::DFG::GPRInfo::toIndex):
1283 (JSC::DFG::GPRInfo::debugName):
1285 2013-03-06 Mark Hahnenberg <mhahnenberg@apple.com>
1287 Merge ToT WebKit r143637 and follow-up build fixes r143750, r144545, r144546, and r144662.
1289 2013-02-20 Mark Hahnenberg <mhahnenberg@apple.com>
1291 Objective-C API: Need a way to use the Objective-C JavaScript API with WebKit
1292 https://bugs.webkit.org/show_bug.cgi?id=106059
1294 Reviewed by Geoffrey Garen.
1296 * API/JSBase.h: Renamed enable flag for API.
1297 * API/JSBlockAdaptor.h: Using new flag.
1298 * API/JSBlockAdaptor.mm: Ditto.
1299 * API/JSContext.h: Add convenience C API conversion function for JSGlobalContextRef.
1301 (-[JSContext JSGlobalContextRef]): Implementation of C API convenience function.
1302 (-[JSContext initWithVirtualMachine:]): We don't use the m_apiData field any more.
1303 (-[JSContext initWithGlobalContextRef:]): init method for allocating new JSContexts given a JSGlobalContextRef.
1304 (-[JSContext dealloc]): No more m_apiData.
1305 (-[JSContext wrapperForObjCObject:]): Renamed wrapperForObject.
1306 (-[JSContext wrapperForJSObject:]): Fetches or allocates the JSValue for the specified JSValueRef in this JSContext.
1307 (+[JSContext contextWithGlobalContextRef:]): Helper function to grab the lightweight JSContext wrapper for a given
1308 JSGlobalContextRef from the global wrapper cache or allocate a new one if there isn't already one.
1309 * API/JSContextInternal.h: New flag, new method declaration for initWithGlobalContextRef.
1310 * API/JSExport.h: New flag.
1311 * API/JSValue.h: New flag and new C API convenience method.
1313 (-[JSValue JSValueRef]): Implementation of the C API convenience method.
1314 (objectToValueWithoutCopy):
1315 (+[JSValue valueWithValue:inContext:]): We now ask the JSContext for an Objective-C JSValue wrapper, which it can cache
1316 in its internal JSWrapperMap.
1317 * API/JSValueInternal.h:
1318 * API/JSVirtualMachine.h:
1319 * API/JSVirtualMachine.mm: Added global cache that maps JSContextGroupRef -> JSVirtualMachine lightweight wrappers.
1322 (+[JSVMWrapperCache addWrapper:forJSContextGroupRef:]):
1323 (+[JSVMWrapperCache wrapperForJSContextGroupRef:]):
1324 (-[JSVirtualMachine init]):
1325 (-[JSVirtualMachine initWithContextGroupRef:]):
1326 (-[JSVirtualMachine dealloc]):
1327 (+[JSVirtualMachine virtualMachineWithContextGroupRef:]):
1328 (-[JSVirtualMachine contextForGlobalContextRef:]):
1329 (-[JSVirtualMachine addContext:forGlobalContextRef:]):
1330 * API/JSVirtualMachineInternal.h:
1331 * API/JSWrapperMap.h:
1332 * API/JSWrapperMap.mm:
1333 (-[JSObjCClassInfo allocateConstructorAndPrototypeWithSuperClassInfo:]): We use the JSObjectSetPrototype C API call because
1334 setting the __proto__ property causes all sorts of bad things to happen behind the scenes, which can cause crashes based on
1335 when it gets called.
1336 (-[JSWrapperMap initWithContext:]):
1337 (-[JSWrapperMap jsWrapperForObject:]):
1338 (-[JSWrapperMap objcWrapperForJSValueRef:]):
1340 2013-03-01 Dan Bernstein <mitz@apple.com>
1342 Removed unused legacy build configurations
1344 Reviewed by Enrica Casucci.
1346 * JavaScriptCore.xcodeproj/project.pbxproj:
1348 2013-03-01 David Kilzer <ddkilzer@apple.com>
1350 BUILD FIX: testapi should link to Foundation, not CoreFoundation
1352 Merge ToT WebKit r144521.
1354 2013-03-01 David Kilzer <ddkilzer@apple.com>
1356 BUILD FIX: testapi should link to Foundation, not CoreFoundation
1358 * JavaScriptCore.xcodeproj/project.pbxproj: Change testapi to
1359 link to Foundation.framework instead of CoreFoundation.framework
1360 since it uses NS types.
1362 2013-03-01 Michael Saboff <msaboff@apple.com>
1364 Merged ToT WebKit r143667
1366 2013-02-21 Filip Pizlo <fpizlo@apple.com>
1368 Object allocation profiling will refuse to create objects with more than JSFinalObject::maxInlineCapacity() inline slots, but JSFunction::allocationProfile() asserts that the number of inline slots is always what it asked for
1369 https://bugs.webkit.org/show_bug.cgi?id=110519
1370 <rdar://problem/13218566>
1372 Reviewed by Geoffrey Garen.
1374 * runtime/JSFunction.h:
1375 (JSC::JSFunction::allocationProfile):
1377 2013-03-01 Mark Hahnenberg <mhahnenberg@apple.com>
1379 Fix the JavaScriptCoreEmbedded build
1381 Reviewed by David Kilzer.
1383 * API/ObjCCallbackFunction.mm: Include JSCJSValueInlines.h, which has some symbols that weren't making it
1386 2013-02-28 Mark Hahnenberg <mhahnenberg@apple.com>
1388 <rdar://problem/13227154> Objective-C API should work on Innsbruck
1390 Reviewed by David Kilzer.
1392 * API/JSBase.h: Added the inlined version of PLATFORM(IOS) and PLATFORM(IOS_SIMULATOR) to the
1393 JS_OBJC_API_ENABLED macro.
1394 * API/JSContext.h: Made the JSContext class available on 7.0.
1395 * API/JSValue.h: Ditto for JSValue. Also added import for CoreGraphics since some of the JSValue
1396 API uses CoreGraphics types.
1397 * API/JSValue.mm: Added some casting to fix some compiler warnings about double narrowing to float.
1398 (-[JSValue toPoint]):
1399 (-[JSValue toSize]):
1400 * API/JSVirtualMachine.h: Made JSVirtualMachine available on 7.0.
1401 * API/tests/testapi.mm: Changed a test that was failing due to overflow of 32-bit NSUInteger on armv7.
1403 2013-02-27 Pratik Solanki <psolanki@apple.com>
1405 Merged ToT WebKit r143759, r143765, r143768.
1407 2013-02-22 Geoffrey Garen <ggaren@apple.com>
1411 Fix the 32-bit build by using the right data type in more places.
1413 * runtime/CodeCache.h:
1416 2013-02-22 Geoffrey Garen <ggaren@apple.com>
1420 Fix the 32-bit build by using the right data type.
1422 * runtime/CodeCache.h:
1423 (JSC::CodeCacheMap::find):
1425 2013-02-21 Geoffrey Garen <ggaren@apple.com>
1427 Code cache size should adapt to workload
1428 https://bugs.webkit.org/show_bug.cgi?id=110560
1430 Reviewed by Antti Koivisto.
1432 (*) 5% PLT arithmetic mean speedup
1433 (*) 10% PLT geometric mean speedup
1434 (*) 3.4X microbenchmark speedup
1435 (*) Reduces initial cache capacity by 16X
1437 * runtime/CodeCache.cpp:
1438 (JSC::CodeCache::CodeCache): Updated for interface change.
1440 * runtime/CodeCache.h:
1441 (JSC::SourceCodeValue::SourceCodeValue):
1442 (SourceCodeValue): Turned the cache value into a struct so it can track its age.
1445 (JSC::CodeCacheMap::CodeCacheMap):
1446 (JSC::CodeCacheMap::find):
1447 (JSC::CodeCacheMap::set):
1448 (JSC::CodeCacheMap::clear):
1449 (JSC::CodeCacheMap::pruneIfNeeded):
1450 (CodeCache): Grow and shrink in response to usage.
1452 2013-02-27 Eric Carlson <eric.carlson@apple.com>
1454 <rdar://problem/13305536> Define ENABLE_VIDEO_TRACK again
1456 Reviewed by Dean Jackson.
1458 * Configurations/FeatureDefines.xcconfig: Define ENABLE_VIDEO_TRACK again.
1460 2013-02-21 Andy Estes <aestes@apple.com>
1462 Fix the ARMV7S build.
1464 * dfg/DFGSpeculativeJIT.cpp:
1465 (JSC::DFG::SpeculativeJIT::compileSoftModulo):
1466 (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForARMv7s):
1468 2013-02-21 Michael Saboff <msaboff@apple.com>
1470 <rdar://problem/13102630> 25-30% regression in V8 RayTrace test with JIT disabled, 11A192 to 11A193
1472 Merge ToT WebKit r143677
1474 2013-02-21 Michael Saboff <msaboff@apple.com>
1476 25-30% regression in V8 RayTrace test in 32 bit builds with JIT disabled
1477 https://bugs.webkit.org/show_bug.cgi?id=110539
1479 Reviewed by Filip Pizlo.
1481 Change the scale used to lookup pointers in JSGlobalObject::m_specialPointers to be 4 bytes for
1482 the 32 bit version of the interpreter.
1484 * llint/LowLevelInterpreter32_64.asm:
1486 2013-02-14 David Kilzer <ddkilzer@apple.com>
1488 <rdar://problem/13208373> Set GCC_WARN_64_TO_32_BIT_CONVERSION=NO for 64-bit archs on all WebKit projects (except ANGLE)
1490 Merge ToT WebKit r142903.
1492 2013-02-14 David Kilzer <ddkilzer@apple.com>
1494 [Mac] Clean up WARNING_CFLAGS
1495 <http://webkit.org/b/109747>
1496 <rdar://problem/13208373>
1498 Reviewed by Mark Rowe.
1500 * Configurations/Base.xcconfig: Use
1501 GCC_WARN_64_TO_32_BIT_CONVERSION to enable and disable
1502 -Wshorten-64-to-32 rather than WARNING_CFLAGS.
1504 2013-02-12 Michael Saboff <msaboff@apple.com>
1506 <rdar://problem/13195432> ARM64: Expand use of temp register cache for store{32,64} immediate
1508 Reviewed by Filip Pizlo.
1510 Added store32 and store64 of immediate operand to paths that try the temporary register cache.
1511 Also added code in tryMoveUsingCacheRegisterContents() to try using mov immediate pseudo before
1512 trying move multiple.
1514 This change is neutral on the normal benchmarks.
1516 * assembler/MacroAssemblerARM64.h:
1517 (JSC::MacroAssemblerARM64::store64):
1518 (JSC::MacroAssemblerARM64::store32):
1519 (JSC::MacroAssemblerARM64::tryMoveUsingCacheRegisterContents):
1520 (JSC::MacroAssemblerARM64::moveToCachedReg):
1522 2013-02-12 Michael Saboff <msaboff@apple.com>
1524 <rdar://problem/13195431> ARM64: Use tst <reg>, #imm where possible
1526 Reviewed by Gavin Barraclough.
1528 Try to see is a tst immediate will work before loading a temporary register and testing against it.
1530 * assembler/MacroAssemblerARM64.h:
1531 (JSC::MacroAssemblerARM64::branchTest32):
1532 (JSC::MacroAssemblerARM64::branchTest64):
1533 * disassembler/ARM64/A64DOpcode.cpp:
1534 (JSC::ARM64Disassembler::A64DOpcodeLogicalImmediate::format): Fixed spelling of "tst" pseudo.
1536 2013-02-12 Michael Saboff <msaboff@apple.com>
1538 <rdar://problem/13195430> ARM64: Use mov <reg>, #imm where possible instead of move wide
1540 Reviewed by Gavin Barraclough.
1542 Add check to see if we can use mov immediate pseudo in moveInternal. If possible, it will
1543 only produce one instruction.
1545 * assembler/MacroAssemblerARM64.h:
1546 (JSC::MacroAssemblerARM64::moveInternal):
1547 * disassembler/ARM64/A64DOpcode.h:
1548 (JSC::ARM64Disassembler::A64DOpcodeLogicalImmediate::nBit): Fixed disassembler bug for logical immediates.
1550 2013-02-08 Joseph Pecoraro <pecoraro@apple.com>
1552 <rdar://problem/9489229> Implement Page Visibility API (60576) (html5test.com)
1554 Reviewed by Ian Henderson.
1556 * Configurations/FeatureDefines.xcconfig:
1558 2013-02-06 Joseph Pecoraro <pecoraro@apple.com>
1560 <rdar://problem/13028628> Disable FULLSCREEN_API on iOS
1562 Merge OpenSource r141477.
1564 2013-01-31 Joseph Pecoraro <pecoraro@apple.com>
1566 Disable ENABLE_FULLSCREEN_API on iOS
1567 https://bugs.webkit.org/show_bug.cgi?id=108250
1569 Reviewed by Benjamin Poulain.
1571 * Configurations/FeatureDefines.xcconfig:
1573 2013-02-08 David Kilzer <ddkilzer@apple.com>
1575 <rdar://problem/13147108> PEP Web: REGRESSION: MobileSafari crashed in JSC::Interpreter::execute at loading www.thechive.com when running Alexa test.
1577 Merge ToT WebKit r141168.
1579 2013-01-29 Oliver Hunt <oliver@apple.com>
1581 REGRESSION (r140594): RELEASE_ASSERT_NOT_REACHED in JSC::Interpreter::execute
1582 https://bugs.webkit.org/show_bug.cgi?id=108097
1584 Reviewed by Geoffrey Garen.
1586 LiteralParser was accepting a bogus 'var a.b = c' statement
1588 * runtime/LiteralParser.cpp:
1589 (JSC::::tryJSONPParse):
1591 2013-02-07 Michael Saboff <msaboff@apple.com>
1593 <rdar://problem/12540077> ARM64 inline cache patching should be able to deal with negative offsets
1595 Reviewed by Filip Pizlo.
1597 Changed {load,store}{32,64}WithAddressOffsetPatch() to use a signed extended 32 bit index register
1598 instead of the full 64 bit register. Made repatchInt32() tolerate existing movn instructions in Debug
1599 builds. Reverted back to the default MacroAssembler version of isPtrAlignedAddressOffset().
1601 This patch is neutral on sunspider, v8v7, js-regress and kraken.
1603 * assembler/ARM64Assembler.h:
1604 (JSC::ARM64Assembler::repatchInt32):
1605 * assembler/MacroAssembler.h:
1607 (JSC::MacroAssembler::isPtrAlignedAddressOffset):
1608 * assembler/MacroAssemblerARM64.h:
1609 (MacroAssemblerARM64):
1610 (JSC::MacroAssemblerARM64::load64WithAddressOffsetPatch):
1611 (JSC::MacroAssemblerARM64::load32WithAddressOffsetPatch):
1612 (JSC::MacroAssemblerARM64::store64WithAddressOffsetPatch):
1613 (JSC::MacroAssemblerARM64::store32WithAddressOffsetPatch):
1615 2013-02-05 Michael Saboff <msaboff@apple.com>
1617 <rdar://problem/13144376> PEP Web: REGRESSION: MobileSafari crashed at JSC::call when loading www.gap.com.
1619 Merged r141951: <http://trac.webkit.org/changeset/141951> from open source.
1621 2013-02-05 Michael Saboff <msaboff@apple.com>
1623 Crash at JSC::call when loading www.gap.com with JSVALUE32_64 Enabled
1624 https://bugs.webkit.org/show_bug.cgi?id=108991
1626 Reviewed by Oliver Hunt.
1628 Changed the restoration from calleeGPR to nonArgGPR0 because the restoration of the return location
1629 may step on calleeGPR is it happen to be nonArgGPR2.
1631 * dfg/DFGRepatch.cpp:
1632 (JSC::DFG::dfgLinkClosureCall):
1634 2013-02-04 David Kilzer <ddkilzer@apple.com>
1636 <rdar://problem/12204959> Innsbruck11A161: JavaScriptCore_Sim-1104 fails to installhdrs: 'Availability.h' file not found
1638 Reviewed by Joseph Pecoraro.
1640 Revert r1147142 (using scrub-ifdefs.pl to remove PLATFORM(IOS)
1641 macros from private header files) and instead use a solution
1642 that defines the "WTF_PLATFORM_IOS" macro in JSBase.h in the
1643 absence of the <wtf/Platform.h> header, and switches to using a
1644 check for WTF_PLATFORM_IOS in JSBasePrivate.h.
1646 This also merges ToT WebKit r141786.
1648 * API/JSBase.h: If WTF_PLATFORM_IOS has not been defined,
1649 include TargetConditionals.h and define WTF_PLATFORM_IOS if
1650 we're building for iOS or iOS Simulator.
1651 * API/JSBasePrivate.h: Switch from PLATFORM(IOS) to checking
1653 * API/tests/testapi.c: Remove include of config.h header which
1654 worked around the use of the PLATFORM(IOS) macro in
1656 * JavaScriptCore.xcodeproj/project.pbxproj:
1657 - Remove "Scrub Installed Headers" build phase. (Accidentally
1658 removed in r1177684 with Merge #4.)
1659 - Add PrivateHeaders/JSBasePrivate.h to "Check for Inappropriate
1660 Macros in External Headers" build phase script (merge ToT
1662 * scrub-ifdefs.pl: Remove.
1664 2013-02-04 Michael Saboff <msaboff@apple.com>
1666 <rdar://problem/13091387> Port ARM64 integer division DFG enhancements back to ARMv7s
1668 Although developed first on iOS, I landed this in OpenSource so this change is effectively
1669 a merge back to iOS. Since puzzlebox is ~1 week behind OpenSource, this version doesn't
1670 have the Node& to Node* changes.
1672 2013-02-04 Michael Saboff <msaboff@apple.com>
1674 For ARMv7s use integer divide instruction for divide and modulo when possible
1675 https://bugs.webkit.org/show_bug.cgi?id=108840
1677 Reviewed in person by Filip Pizlo.
1679 Added ARMv7s integer divide path for ArithDiv and ArithMod where operands and results are integer.
1680 This is patterned after the similar code for X86. Also added modulo power of 2 optimization
1681 that uses logical and. Added sdiv and udiv to the ARMv7 disassembler. Put all the changes
1682 behind #if CPU(APPLE_ARMV7S).
1684 * assembler/ARMv7Assembler.h:
1686 (JSC::ARMv7Assembler::sdiv):
1687 (JSC::ARMv7Assembler::udiv):
1689 (JSC::DFG::isARMv7s):
1690 * dfg/DFGFixupPhase.cpp:
1691 (JSC::DFG::FixupPhase::fixupNode):
1692 * dfg/DFGSpeculativeJIT.cpp:
1693 (JSC::DFG::SpeculativeJIT::compileSoftModulo):
1694 (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForARMv7s):
1695 * dfg/DFGSpeculativeJIT.h:
1697 * dfg/DFGSpeculativeJIT32_64.cpp:
1698 (JSC::DFG::SpeculativeJIT::compile):
1700 2013-02-01 Michael Saboff <msaboff@apple.com>
1702 <rdar://problem/13137591> ARM64: Cache the contents of macro assembler temp register values to use prior contents
1704 Reviewed by Filip Pizlo.
1706 Added CachedTempRegister class to the abstract macro assembler to store the contents and state
1707 of a temp register. Refactored the access and use of temporary registers in A64 macro assembler.
1708 When we want to put an immediate value in a register with wide move instructions, or we want to
1709 load/store using the address in a temporary register, we consult the cache to see if we have a
1710 valid value that we can use all or part. In the case of a load / store, we first try an offset
1711 to the existing value and then emit one or two movk to change the half word(s) to get the address
1712 we need. For simple uses where we put a temporary value for immediate use, e.g. add immediate,
1713 there isn't any change in functionality. The contents of the cache is invalidated for any label.
1715 Also fixed the canEncodePImmOffset() which had reverse logic to enable use of ldr/str with
1716 scaled positive offsets.
1718 This changes is performance neutral on sunspider, a 2.7% speed up on JS-regress and a
1719 1.9% speed up on V8. V8 sped up due to a 8% speed up in raytrace. Code improvement
1720 details are in the radar.
1722 * assembler/ARM64Assembler.h:
1723 (JSC::ARM64Assembler::canEncodePImmOffset):
1724 * assembler/AbstractMacroAssembler.h:
1725 (JSC::AbstractMacroAssembler::Label::Label):
1726 (JSC::AbstractMacroAssembler::Jump::link):
1727 (CachedTempRegister):
1728 (JSC::AbstractMacroAssembler::CachedTempRegister::CachedTempRegister):
1729 (JSC::AbstractMacroAssembler::CachedTempRegister::registerIDInvalidate):
1730 (JSC::AbstractMacroAssembler::CachedTempRegister::registerIDNoInvalidate):
1731 (JSC::AbstractMacroAssembler::CachedTempRegister::value):
1732 (JSC::AbstractMacroAssembler::CachedTempRegister::setValue):
1733 (JSC::AbstractMacroAssembler::CachedTempRegister::invalidate):
1734 (AbstractMacroAssembler):
1735 (JSC::AbstractMacroAssembler::invalidateAllTempRegisters):
1736 (JSC::AbstractMacroAssembler::isTempRegisterValid):
1737 (JSC::AbstractMacroAssembler::clearTempRegisterValid):
1738 (JSC::AbstractMacroAssembler::setTempRegisterValid):
1739 * assembler/MacroAssemblerARM64.h:
1740 (MacroAssemblerARM64):
1741 (JSC::MacroAssemblerARM64::MacroAssemblerARM64):
1742 (JSC::MacroAssemblerARM64::add32):
1743 (JSC::MacroAssemblerARM64::add64):
1744 (JSC::MacroAssemblerARM64::and32):
1745 (JSC::MacroAssemblerARM64::and64):
1746 (JSC::MacroAssemblerARM64::mul32):
1747 (JSC::MacroAssemblerARM64::or32):
1748 (JSC::MacroAssemblerARM64::or64):
1749 (JSC::MacroAssemblerARM64::sub32):
1750 (JSC::MacroAssemblerARM64::sub64):
1751 (JSC::MacroAssemblerARM64::xor32):
1752 (JSC::MacroAssemblerARM64::xor64):
1753 (JSC::MacroAssemblerARM64::load64):
1754 (JSC::MacroAssemblerARM64::load64WithAddressOffsetPatch):
1755 (JSC::MacroAssemblerARM64::load32):
1756 (JSC::MacroAssemblerARM64::load32WithAddressOffsetPatch):
1757 (JSC::MacroAssemblerARM64::load16):
1758 (JSC::MacroAssemblerARM64::load16Signed):
1759 (JSC::MacroAssemblerARM64::load8):
1760 (JSC::MacroAssemblerARM64::load8Signed):
1761 (JSC::MacroAssemblerARM64::store64):
1762 (JSC::MacroAssemblerARM64::store64WithAddressOffsetPatch):
1763 (JSC::MacroAssemblerARM64::store32):
1764 (JSC::MacroAssemblerARM64::store32WithAddressOffsetPatch):
1765 (JSC::MacroAssemblerARM64::store16):
1766 (JSC::MacroAssemblerARM64::store8):
1767 (JSC::MacroAssemblerARM64::branchConvertDoubleToInt32):
1768 (JSC::MacroAssemblerARM64::branchTruncateDoubleToInt32):
1769 (JSC::MacroAssemblerARM64::convertInt32ToDouble):
1770 (JSC::MacroAssemblerARM64::loadDouble):
1771 (JSC::MacroAssemblerARM64::loadFloat):
1772 (JSC::MacroAssemblerARM64::storeDouble):
1773 (JSC::MacroAssemblerARM64::storeFloat):
1774 (JSC::MacroAssemblerARM64::pushToSave):
1775 (JSC::MacroAssemblerARM64::swap):
1776 (JSC::MacroAssemblerARM64::branch32):
1777 (JSC::MacroAssemblerARM64::branch64):
1778 (JSC::MacroAssemblerARM64::branch8):
1779 (JSC::MacroAssemblerARM64::branchTest32):
1780 (JSC::MacroAssemblerARM64::branchTest64):
1781 (JSC::MacroAssemblerARM64::branchTest8):
1782 (JSC::MacroAssemblerARM64::branchAdd32):
1783 (JSC::MacroAssemblerARM64::branchAdd64):
1784 (JSC::MacroAssemblerARM64::branchMul32):
1785 (JSC::MacroAssemblerARM64::branchSub32):
1786 (JSC::MacroAssemblerARM64::branchSub64):
1787 (JSC::MacroAssemblerARM64::call):
1788 (JSC::MacroAssemblerARM64::jump):
1789 (JSC::MacroAssemblerARM64::tailRecursiveCall):
1790 (JSC::MacroAssemblerARM64::compare32):
1791 (JSC::MacroAssemblerARM64::compare64):
1792 (JSC::MacroAssemblerARM64::compare8):
1793 (JSC::MacroAssemblerARM64::test32):
1794 (JSC::MacroAssemblerARM64::test8):
1795 (JSC::MacroAssemblerARM64::test64):
1796 (JSC::MacroAssemblerARM64::branchPtrWithPatch):
1797 (JSC::MacroAssemblerARM64::storePtrWithPatch):
1798 (JSC::MacroAssemblerARM64::getCachedDataTempRegisterIDAndInvalidate):
1799 (JSC::MacroAssemblerARM64::getCachedMemoryTempRegisterIDAndInvalidate):
1800 (JSC::MacroAssemblerARM64::isInIntRange):
1801 (JSC::MacroAssemblerARM64::load):
1802 (JSC::MacroAssemblerARM64::store):
1803 (JSC::MacroAssemblerARM64::tryMoveUsingCacheRegisterContents):
1804 (JSC::MacroAssemblerARM64::moveToCachedReg):
1806 2013-02-02 David Kilzer <ddkilzer@apple.com>
1808 Upstream iOS FeatureDefines
1810 Merge ToT WebKit r141699.
1812 * Configurations/FeatureDefines.xcconfig:
1813 - Move iOS features near the top of the file.
1814 - Define FEATURE_DEFINES_iphoneos and
1815 FEATURE_DEFINES_iphonesimulator.
1816 - Do not set ENABLE_PDFKIT_PLUGIN on iOS.
1818 2013-02-02 David Kilzer <ddkilzer@apple.com>
1820 Upstream iOS FeatureDefines
1821 <http://webkit.org/b/108753>
1823 Reviewed by Anders Carlsson.
1825 * Configurations/FeatureDefines.xcconfig:
1826 - ENABLE_DEVICE_ORIENTATION: Add iOS configurations.
1827 - ENABLE_PLUGIN_PROXY_FOR_VIDEO: Ditto.
1828 - FEATURE_DEFINES: Add ENABLE_PLUGIN_PROXY_FOR_VIDEO. Add
1829 PLATFORM_NAME variant to reduce future merge conflicts.
1831 2013-01-30 Pratik Solanki <psolanki@apple.com>
1833 <rdar://problem/12927168> iOS WebKit merge #5: stabilizing merge branch to ToT r140978 (starts Wed, Jan 17)
1835 Merge up to OpenSource WebKit r140978.
1837 2013-01-29 Pratik Solanki <psolanki@apple.com>
1839 Merge ToT WebKit r141189.
1841 2013-01-29 Filip Pizlo <fpizlo@apple.com>
1843 offlineasm BaseIndex handling is broken on ARM due to MIPS changes
1844 https://bugs.webkit.org/show_bug.cgi?id=108261
1846 Reviewed by Oliver Hunt.
1848 Backends shouldn't override each other's methods. That's not cool.
1850 * offlineasm/mips.rb:
1852 2013-01-29 Filip Pizlo <fpizlo@apple.com>
1854 It should be possible to run "hello world" on JSC command-line on ARM64
1856 Reviewed by Geoffrey Garen.
1858 arm64.rb was using the destination register where it meant to use the base in the code generation for lea.
1860 * offlineasm/arm64.rb:
1862 2013-01-29 Filip Pizlo <fpizlo@apple.com>
1864 Unreviewed, fix the build.
1866 Xcode forgot about some files, Profiler was renamed, assertions made the compiler sad, and
1867 some code got moved and deleted during the merge.
1869 * JavaScriptCore.xcodeproj/project.pbxproj:
1870 * jit/JITArithmetic.cpp:
1871 (JSC::JIT::emitSlow_op_mod):
1874 * jit/ThunkGenerators.cpp:
1875 (JSC::nativeForGenerator):
1877 2013-01-29 Pratik Solanki <psolanki@apple.com>
1879 Merge ToT WebKit r141189.
1881 2013-01-29 Filip Pizlo <fpizlo@apple.com>
1883 offlineasm BaseIndex handling is broken on ARM due to MIPS changes
1884 https://bugs.webkit.org/show_bug.cgi?id=108261
1886 Reviewed by Oliver Hunt.
1888 Backends shouldn't override each other's methods. That's not cool.
1890 * offlineasm/mips.rb:
1892 2013-01-29 Filip Pizlo <fpizlo@apple.com>
1894 It should be possible to run "hello world" on JSC command-line on ARM64
1896 Reviewed by Geoffrey Garen.
1898 arm64.rb was using the destination register where it meant to use the base in the code generation for lea.
1900 * offlineasm/arm64.rb:
1902 2013-01-29 Filip Pizlo <fpizlo@apple.com>
1904 Unreviewed, fix the build.
1906 Xcode forgot about some files, Profiler was renamed, assertions made the compiler sad, and
1907 some code got moved and deleted during the merge.
1909 * JavaScriptCore.xcodeproj/project.pbxproj:
1910 * jit/JITArithmetic.cpp:
1911 (JSC::JIT::emitSlow_op_mod):
1914 * jit/ThunkGenerators.cpp:
1915 (JSC::nativeForGenerator):
1917 2013-01-28 Michael Saboff <msaboff@apple.com>
1919 <rdar://problem/13099146> Merge WebKit r136927 to Puzzlebox
1921 Merged WebKit r136927 to bring puzzle box closer to open source.
1923 2012-12-06 Filip Pizlo <fpizlo@apple.com>
1925 Incorrect inequality for checking whether a statement is within bounds of a handler
1926 https://bugs.webkit.org/show_bug.cgi?id=104313
1927 <rdar://problem/12808934>
1929 Reviewed by Geoffrey Garen.
1931 The most relevant change is in handlerForBytecodeOffset(), which fixes the inequality
1932 used for checking whether a handler is pertinent to the current instruction. '<' is
1933 correct, but '<=' isn't, since the 'end' is not inclusive.
1935 Also found, and addressed, a benign goof in how the finally inliner works: sometimes
1936 we will have end > start. This falls out naturally from how the inliner works and how
1937 we pop scopes in the bytecompiler, but it's sufficiently surprising that, to avoid any
1938 future confusion, I added a comment and some code to prune those handlers out. Because
1939 of how the handler resolution works, these handlers would have been skipped anyway.
1941 Also made various fixes to debugging code, which was necessary for tracking this down.
1943 * bytecode/CodeBlock.cpp:
1944 (JSC::CodeBlock::dumpBytecode):
1945 (JSC::CodeBlock::handlerForBytecodeOffset):
1946 * bytecompiler/BytecodeGenerator.cpp:
1947 (JSC::BytecodeGenerator::generate):
1948 * bytecompiler/Label.h:
1950 * interpreter/Interpreter.cpp:
1951 (JSC::Interpreter::throwException):
1952 * llint/LLIntExceptions.cpp:
1953 (JSC::LLInt::interpreterThrowInCaller):
1954 (JSC::LLInt::returnToThrow):
1955 (JSC::LLInt::callToThrow):
1956 * llint/LLIntSlowPaths.cpp:
1957 (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1958 (JSC::LLInt::handleHostCall):
1960 2013-01-28 Michael Saboff <msaboff@apple.com>
1962 <rdar://problem/13097368> UPSTREAM: Merge formatting of registers names in DFGFPRInfo.h to match webkit
1964 Reviewed by David Kilzer.
1966 Changed the formatting of the register names to be 4 per line to match open source.
1969 (JSC::DFG::FPRInfo::debugName):
1971 2013-01-28 Michael Saboff <msaboff@apple.com>
1973 <rdar://problem/13096905> Remove extraneous nop() from assembler/ARMAssembler.h
1975 Reviewed by David Kilzer.
1977 Removed second definition of nop() that won't even compile.
1979 * assembler/ARMAssembler.h:
1980 (JSC::ARMAssembler::nop):
1982 2013-01-27 David Kilzer <ddkilzer@apple.com>
1984 Make BytecodeGenerator.h match ToT WebKit
1986 No actual code changes; just reformatting to match ToT WebKit.
1988 * bytecompiler/BytecodeGenerator.h:
1989 (JSC): Add blank line.
1991 2013-01-24 Michael Saboff <msaboff@apple.com>
1993 <rdar://problem/12976134> Faster code for modulo in cases of simple numbers
1995 Reviewed by Filip Pizlo.
1997 Added ARM64 path to perform integer modulo using bitwise-and for constant power of 2 and
1998 integer division followed by multiplication to find remainder for other cases.
2000 This is 1.5% win on SunSpider, neutral on V8, 10.5% win on kraken and a 38% win on js-regress.
2002 * dfg/DFGSpeculativeJIT.cpp:
2003 (JSC::DFG::SpeculativeJIT::compileSoftModulo):
2005 2013-01-18 Michael Saboff <msaboff@apple.com>
2007 <rdar://problem/13046790> Merge r140221 from https://bugs.webkit.org/show_bug.cgi?id=107340
2009 Merged ToT WebKit r139949.
2011 2013-01-18 Michael Saboff <msaboff@apple.com>
2013 Change set r140201 broke editing/selection/move-by-word-visually-multi-line.html
2014 https://bugs.webkit.org/show_bug.cgi?id=107340
2016 Reviewed by Filip Pizlo.
2018 Due to the change landed in r140201, more nodes might end up
2019 generating Int32ToDouble nodes. Therefore, changed the JSVALUE64
2020 constant path of compileInt32ToDouble() to use the more
2021 restrictive isInt32Constant() check on the input. This check was
2022 the same as the existing ASSERT() so the ASSERT was eliminated.
2024 * dfg/DFGSpeculativeJIT.cpp:
2025 (JSC::DFG::SpeculativeJIT::compileInt32ToDouble):
2027 2013-01-18 Michael Saboff <msaboff@apple.com>
2029 Unreviewed fix eliminating overzealous ASSERT(). This ASSERT was never added to OpenSource.
2031 * assembler/LinkBuffer.cpp:
2032 (JSC::LinkBuffer::copyCompactAndLinkCode):
2034 2013-01-18 Michael Saboff <msaboff@apple.com>
2036 Unreviewed build fix for building JSC with DFG_ENABLE_DEBUG_VERBOSE and
2037 DFG_ENABLE_DEBUG_PROPAGATION_VERBOSE enabled in DFGCommon.h. These changes came from
2038 cherry picking individual file changes landed in open source.
2040 * bytecode/CodeBlock.cpp:
2041 (JSC::valueToSourceString):
2042 (JSC::CodeBlock::finalizeUnconditionally):
2043 * bytecode/ValueProfile.h:
2044 (JSC::ValueProfileBase::dump):
2045 * bytecode/ValueRecovery.h:
2046 (JSC::ValueRecovery::dump):
2047 * dfg/DFGAbstractValue.h:
2048 (JSC::DFG::AbstractValue::dump):
2049 * dfg/DFGArgumentsSimplificationPhase.cpp:
2050 (JSC::DFG::ArgumentsSimplificationPhase::run):
2051 * dfg/DFGFixupPhase.cpp:
2052 (JSC::DFG::FixupPhase::fixupNode):
2054 (JSC::DFG::Graph::dump):
2055 * dfg/DFGPredictionPropagationPhase.cpp:
2056 (JSC::DFG::PredictionPropagationPhase::propagate):
2057 * dfg/DFGStructureCheckHoistingPhase.cpp:
2058 (JSC::DFG::StructureCheckHoistingPhase::run):
2059 * interpreter/Interpreter.cpp:
2060 (JSC::Interpreter::dumpRegisters):
2063 * llint/LLIntSlowPaths.cpp:
2064 (JSC::LLInt::llint_trace_value):
2065 * runtime/IndexingType.cpp:
2066 (JSC::dumpIndexingType):
2067 * runtime/IndexingType.h:
2068 * runtime/JSValue.cpp:
2069 (JSC::JSValue::dump):
2070 * runtime/JSValue.h:
2073 2013-01-17 Pratik Solanki <psolanki@apple.com>
2075 Delete MMAP_FLAGS define since it is not used anywhere.
2077 Rubber-stamped by Dan Bernstein.
2079 * jit/ExecutableAllocatorFixedVMPool.cpp:
2081 2013-01-17 Michael Saboff <msaboff@apple.com>
2083 <rdar://problem/12645632> Crash at DFG::SpeculativeJIT::convertLastOSRExitToForward() playing a video @ m.youtube.com
2085 Reviewed by Filip Pizlo.
2087 Change the logic so that we insert an Int32ToDouble node when the existing edge is not SpecDouble.
2089 * dfg/DFGFixupPhase.cpp:
2090 (JSC::DFG::FixupPhase::fixDoubleEdge):
2092 2013-01-17 Michael Saboff <msaboff@apple.com>
2094 <rdar://problem/12645632> Crash at DFG::SpeculativeJIT::convertLastOSRExitToForward() playing a video @ m.youtube.com
2096 Reviewed by Filip Pizlo.
2098 Split out the Int32ToDouble node insertion from fixDoubleEdge() and used it directly when we're fixing up
2099 an ArithDiv node with integer inputs and output for platforms that don't have integer division.
2100 This is needed since we could fail the shouldSpeculateInteger() check in fixDoubleEdge() and end up
2101 not creating the Int32ToDouble node(s) for the inputs. Every time we re-enter the fixup phase, we'll go through
2102 the same "have int operands, expect int result" check in ArithDiv processing and add another DoubleToInt32
2103 node after us. The code we generate is bad both before and after the actual FP division.
2105 Since we are checking that our inputs should be ints, we can just insert the Int32ToDouble node without
2106 any further checks. This restores the idempotent guarentee that fixDoubleEdge() is built upon.
2107 ArithDiv is the only node type that has this issue at the current time.
2109 * dfg/DFGFixupPhase.cpp:
2110 (JSC::DFG::FixupPhase::fixupNode):
2111 (JSC::DFG::FixupPhase::fixDoubleEdge):
2113 (JSC::DFG::FixupPhase::injectInt32ToDoubleNode):
2115 2013-01-17 Mark Hahnenberg <mhahnenberg@apple.com>
2117 <rdar://problem/13009810> MobileSafari is crashing on cnn.com at JavaScriptCore: JSC::JSObject::visitChildren
2119 Merged ToT WebKit r139949.
2121 2013-01-16 Filip Pizlo <fpizlo@apple.com>
2123 DFG 32_64 backend doesn't check for hasArrayStorage() in NewArrayWithSize
2124 https://bugs.webkit.org/show_bug.cgi?id=107081
2126 Reviewed by Michael Saboff.
2128 This bug led to the 32_64 backend emitting contiguous allocation code to allocate
2129 ArrayStorage arrays. This then led to all manner of heap corruption, since
2130 subsequent array accesses would be accessing the contiguous array "as if" it was
2131 an arraystorage array.
2133 * dfg/DFGSpeculativeJIT32_64.cpp:
2134 (JSC::DFG::SpeculativeJIT::compile):
2136 2013-01-15 Yongjun Zhang <yongjun_zhang@apple.com>
2138 <rdar://problem/13020391> PEP Web: WebKit sometimes leak big chunk of memory (>512KB) after loading nytimes.com.
2140 Merged ToT WebKit r136773.
2142 2013-12-05 Oliver Hunt <oliver@apple.com>
2144 Empty parse cache when receiving a low memory warning
2145 https://bugs.webkit.org/show_bug.cgi?id=104161
2147 Reviewed by Filip Pizlo.
2149 This adds a function to the globaldata to empty all code related data
2150 structures (code in the heap and the code cache).
2151 It also adds a function to allow the CodeCache to actually be cleared
2154 * runtime/CodeCache.h:
2156 (JSC::CacheMap::clear):
2157 (JSC::CodeCache::clear):
2159 * runtime/JSGlobalData.cpp:
2160 (JSC::JSGlobalData::discardAllCode):
2162 * runtime/JSGlobalData.h:
2166 2013-01-15 David Kilzer <ddkilzer@apple.com>
2168 <rdar://problem/13015824> Remove IOS_PPT code
2170 Reviewed by Simon Fraser.
2172 * Configurations/FeatureDefines.xcconfig: Remove IOS_PPT setting.
2174 2013-01-13 David Kilzer <ddkilzer@apple.com>
2176 [Mac] Add Build Phase to Check Headers for Inappropriate Macros (Platform.h macros)
2177 https://bugs.webkit.org/show_bug.cgi?id=104279
2179 Merge ToT WebKit r138064.
2181 Needed as part of: <rdar://problem/12204959> Innsbruck11A161: JavaScriptCore_Sim-1104 fails to installhdrs: 'Availability.h' file not found
2183 2012-12-18 Joseph Pecoraro <pecoraro@apple.com>
2185 [Mac] Add Build Phase to Check Headers for Inappropriate Macros (Platform.h macros)
2186 https://bugs.webkit.org/show_bug.cgi?id=104279
2188 Reviewed by David Kilzer.
2190 Add a build phase to check the public JavaScriptCore headers for
2191 inappropriate macros.
2193 * JavaScriptCore.xcodeproj/project.pbxproj:
2195 2013-01-14 Mark Hahnenberg <mhahnenberg@apple.com>
2197 Merge r138067 from open source to fix <rdar://problem/13009810>
2199 2012-12-18 Mark Hahnenberg <mhahnenberg@apple.com>
2201 Restrictions on oversize CopiedBlock allocations should be relaxed
2202 https://bugs.webkit.org/show_bug.cgi?id=105339
2204 Reviewed by Filip Pizlo.
2206 Currently the DFG has a single branch in the inline allocation path for property/array storage where
2207 it checks to see if the number of bytes requested will fit in the current block. This does not match
2208 what the C++ allocation path does; it checks if the requested number of bytes is oversize, and then
2209 if it's not, it tries to fit it in the current block. The garbage collector assumes that ALL allocations
2210 that are greater than 16KB are in oversize blocks. Therefore, this mismatch can lead to crashes when
2211 the collector tries to perform some operation on a CopiedBlock.
2213 To avoid adding an extra branch to the inline allocation path in the JIT, we should make it so that
2214 oversize blocks are allocated on the same alignment boundaries so that there is a single mask to find
2215 the block header of any CopiedBlock (rather than two, one for normal and one for oversize blocks), and
2216 we should figure out if a block is oversize by some other method than just whatever the JSObject says
2217 it is. One way we could record this info Region of the block, since we allocate a one-off Region for
2220 * heap/BlockAllocator.h:
2221 (JSC::Region::isCustomSize):
2223 (JSC::Region::createCustomSize):
2224 (JSC::Region::Region):
2225 (JSC::BlockAllocator::deallocateCustomSize):
2226 * heap/CopiedBlock.h:
2228 (JSC::CopiedBlock::isOversize):
2230 * heap/CopiedSpace.cpp:
2231 (JSC::CopiedSpace::tryAllocateOversize):
2232 (JSC::CopiedSpace::tryReallocate):
2233 (JSC::CopiedSpace::tryReallocateOversize):
2234 * heap/CopiedSpace.h:
2236 * heap/CopiedSpaceInlines.h:
2237 (JSC::CopiedSpace::contains):
2238 (JSC::CopiedSpace::tryAllocate):
2240 * heap/CopyVisitor.h:
2242 * heap/CopyVisitorInlines.h:
2243 (JSC::CopyVisitor::checkIfShouldCopy):
2244 (JSC::CopyVisitor::didCopy):
2245 * heap/SlotVisitorInlines.h:
2246 (JSC::SlotVisitor::copyLater):
2247 * runtime/JSObject.cpp:
2248 (JSC::JSObject::copyButterfly):
2250 2013-01-14 Mark Hahnenberg <mhahnenberg@apple.com>
2252 Merge r137961 from open source for <rdar://problem/13009810>
2254 2012-12-17 Mark Hahnenberg <mhahnenberg@apple.com>
2256 Butterfly::growArrayRight shouldn't be called on null Butterfly objects
2257 https://bugs.webkit.org/show_bug.cgi?id=105221
2259 Reviewed by Filip Pizlo.
2261 Currently we depend upon the fact that Butterfly::growArrayRight works with null Butterfly
2262 objects purely by coincidence. We should add a new static function that null checks the old
2263 Butterfly object and creates a new one if it's null, or calls growArrayRight if it isn't for
2264 use in the couple of places in JSObject that expect such behavior to work.
2266 * runtime/Butterfly.h:
2268 * runtime/ButterflyInlines.h:
2269 (JSC::Butterfly::createOrGrowArrayRight):
2271 * runtime/JSObject.cpp:
2272 (JSC::JSObject::createInitialIndexedStorage):
2273 (JSC::JSObject::createArrayStorage):
2275 2013-01-11 Michael Saboff <msaboff@apple.com>
2277 <rdar://problem/12976133> Investigate using integer divide and multiply to compute a remainder
2279 Reviewed by Phil Pizlo.
2281 Changed ArithDiv processing for ARM64 to be very much like X86. The ARM64 sdiv instruction doesn't trap,
2282 so we don't need to have the two pre-division checks that the X86 code has (divide by zero and -2^31-1 / -1).
2283 The sdiv instruction handles the divide by 0 directly by returning a 0 quotient and the other case is handled
2284 by an overflow check with the multiply.
2286 This is a 3.68x win for SunSpider math-spectral-norm and a 3% improvement for string-tagcloud. Overall
2287 this is a 3.4% win on SunSpider.
2290 (JSC::DFG::isARM64):
2291 * dfg/DFGFixupPhase.cpp:
2292 (JSC::DFG::FixupPhase::fixupNode):
2293 * dfg/DFGSpeculativeJIT.cpp:
2294 (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForARM64):
2295 * dfg/DFGSpeculativeJIT.h:
2297 * dfg/DFGSpeculativeJIT32_64.cpp:
2298 (JSC::DFG::SpeculativeJIT::compile):
2299 * dfg/DFGSpeculativeJIT64.cpp:
2300 (JSC::DFG::SpeculativeJIT::compile):
2302 2013-01-09 Michael Saboff <msaboff@apple.com>
2304 <rdar://problem/12976132> Patchable branches should be one branch instead of two
2306 Reviewed by Phil Pizlo.
2308 Changed the processing of patchable conditional branches from always being a conditional branch
2309 (b.<cc>, cb[n]z and tb[n]z) around an unconditional branch to being the conditional branch
2310 followed by a nop when the offset of the conditional branch is sufficient to reach the destination.
2311 Where relinkJumpOrCall only had to patch the unconditional branch, it now checks to see if the
2312 instruction to patch is a nop. If so, we know we planted the nop as part of a patchable conditional
2313 branch, therefore try linking directly using the offset space provided in the conditional branch and
2314 follow it with a nop. If there aren't enough offset bit to get to the destination, fall back to a
2315 branch around a branch.
2317 This change is performance neutral on SunSpider and V8.
2319 * assembler/ARM64Assembler.h:
2320 (JSC::ARM64Assembler::hint):
2321 (JSC::ARM64Assembler::nop):
2322 (JSC::ARM64Assembler::linkJump):
2323 (JSC::ARM64Assembler::relinkJump):
2324 (JSC::ARM64Assembler::relinkCall):
2325 (JSC::ARM64Assembler::link):
2327 (JSC::ARM64Assembler::linkJumpOrCall):
2328 (JSC::ARM64Assembler::linkCompareAndBranch):
2329 (JSC::ARM64Assembler::linkConditionalBranch):
2330 (JSC::ARM64Assembler::linkTestAndBranch):
2331 (JSC::ARM64Assembler::relinkJumpOrCall):
2332 (JSC::ARM64Assembler::disassembleNop):
2333 (JSC::ARM64Assembler::disassembleCompareAndBranchImmediate):
2334 (JSC::ARM64Assembler::disassembleConditionalBranchImmediate):
2335 (JSC::ARM64Assembler::disassembleTestAndBranchImmediate):
2336 (JSC::ARM64Assembler::hintPseudo):
2337 (JSC::ARM64Assembler::nopPseudo):
2338 * assembler/MacroAssemblerARM64.h:
2339 (JSC::MacroAssemblerARM64::makeBranch):
2340 (JSC::MacroAssemblerARM64::makeCompareAndBranch):
2341 (JSC::MacroAssemblerARM64::makeTestBitAndBranch):
2343 2013-01-09 David Kilzer <ddkilzer@apple.com>
2345 Remove unused .call files
2347 Reviewed by Joseph Pecoraro.
2349 * .call: Removed with apologies to Ken Kocienda.
2351 2013-01-04 Michael Saboff <msaboff@apple.com>
2353 <rdar://problem/12954053> Merge #4: Crash in JIT code @ cnn.com iPhone site
2355 Reviewed by Phil Pizlo.
2357 Change the way reverting a BranchPtrWithPatch is done when it has been replaced with a
2358 jump. We cannot rely on the existing instructions and must create from scratch.
2359 This is limited to the wide moves needed to fill the temp register with the restored
2360 pointer value. Added a new common setPointer() method to ARM64Assembler that writes
2361 out the instructions and flushes the I-cache. Both the existing linkPointer and new
2362 setPointer() use this common method.
2364 * assembler/ARM64Assembler.h:
2365 (JSC::ARM64Assembler::repatchPointer):
2367 (JSC::ARM64Assembler::setPointer):
2368 (JSC::ARM64Assembler::linkPointer):
2369 * assembler/MacroAssemblerARM64.h:
2370 (JSC::MacroAssemblerARM64::reemitInitialMoveWithPatch):
2371 (JSC::MacroAssemblerARM64::revertJumpReplacementToBranchPtrWithPatch):
2373 2013-01-04 Michael Saboff <msaboff@apple.com>
2375 <rdar://problem/12954053> Merge #4: Crash in JIT code @ cnn.com iPhone site
2377 Reviewed by Phil Pizlo.
2379 Improper merge of the patchableBranch pass through methods for ARM64. Added patchableBranchTest32()
2380 as a patchable method for ARM64.
2382 * assembler/MacroAssembler.h:
2383 (JSC::MacroAssembler::patchableBranchTest32):
2386 2013-01-02 Michael Saboff <msaboff@apple.com>
2388 <rdar://problem/12927415> iOS WebKit merge #4: Arm64 Root crashes immediately running JavaScript
2390 Rubber-stamped by Phil Pizlo.
2392 The label returned from one of branchPtrWithPatch() methods is the address of the first move wide
2393 instruction. Therefore we don't need to offset the address in startOfBranchPtrWithPatchOnRegister().
2395 * assembler/MacroAssemblerARM64.h:
2396 (JSC::MacroAssemblerARM64::startOfBranchPtrWithPatchOnRegister):
2398 2013-01-03 Michael Saboff <msaboff@apple.com>
2400 <rdar://problem/12953903> 11A243: JavaScriptCore fails to compile in debug ARM64 config
2402 Reviewed by Phil Pizlo.
2404 Use casts when comparing FPRReg with integers. This change for ARM code is similar to r1176464.
2407 (JSC::DFG::FPRInfo::toIndex):
2408 (JSC::DFG::FPRInfo::debugName):
2410 2013-01-03 Michael Saboff <msaboff@apple.com>
2412 <rdar://problem/12954264> ARM64 Disassembler doesn't handle variable shift / rotate instructions correctly
2414 Reviewed by Phil Pizlo.
2416 Fixed the generation of opNameIndex() to extract bits 0, 1 and 3 from the "opcode" field which are bits
2417 10, 11 and 13 from the instruction.
2419 * disassembler/ARM64/A64DOpcode.h:
2420 (JSC::ARM64Disassembler::A64DOpcodeDataProcessing2Source::opNameIndex):
2422 2013-01-02 Pratik Solanki <psolanki@apple.com>
2424 <rdar://problem/12945902> 11A242: JavaScriptCore fails to compile in debug config
2426 Reviewed by Dan Bernstein.
2428 Use casts when comparing GPRReg/FPRReg with integers. This change for ARM code is similar to
2429 r132752 made in opensource to fix the same compiler error.
2432 (JSC::DFG::FPRInfo::debugName):
2434 (JSC::DFG::GPRInfo::toIndex):
2435 (JSC::DFG::GPRInfo::debugName):
2437 2012-12-21 Michael Saboff <msaboff@apple.com>
2439 <rdar://problem/12922052> ARM64: BranchTestNN() where the immediate has only one bit set should use the tbz instruction
2441 Reviewed by Phil Pizlo.
2443 Check for a single bit immediate and if so, use it with the test bit and branch instruction.
2445 Made a common hasOneBitSet() in wtf/MathExtras.h. Made isPowerOf2() in PropertyMapHashTable.h
2446 a wrapper function for readability.
2448 * assembler/MacroAssemblerARM64.h:
2449 (JSC::MacroAssemblerARM64::branchTest32):
2450 (JSC::MacroAssemblerARM64::branchTest64):
2451 * runtime/PropertyMapHashTable.h:
2454 2012-12-20 Michael Saboff <msaboff@apple.com>
2456 <rdar://problem/12922051> ARM64: StoreXX(TrustedImm) where the immediate is 0 should use the ZR register
2458 Reviewed by Phil Pizlo.
2460 Use the zr register for stores when the immediate is 0.
2462 No measured performance change running SunSpider.
2464 * assembler/MacroAssemblerARM64.h:
2465 (JSC::MacroAssemblerARM64::store64):
2466 (JSC::MacroAssemblerARM64::store32):
2467 (JSC::MacroAssemblerARM64::store8):
2469 2012-12-20 Michael Saboff <msaboff@apple.com>
2471 Changes made to match the changes while back merging the "unusedPointer" part of r12913496.
2473 Rubber stamped by Phil Pizlo.
2475 Changed the name of emptyPointer to unusedPointer. Follow-on changes as a result of the
2476 name change. OpenSource changes landed in r138308: <http://trac.webkit.org/changeset/138308>.
2478 * JavaScriptCore.xcodeproj/project.pbxproj:
2479 * bytecode/MethodCallLinkInfo.cpp:
2480 (JSC::MethodCallLinkInfo::reset):
2481 * dfg/DFGRepatch.cpp:
2482 (JSC::DFG::dfgResetGetByID):
2483 (JSC::DFG::dfgResetPutByID):
2484 * dfg/DFGSpeculativeJIT32_64.cpp:
2485 (JSC::DFG::SpeculativeJIT::cachedGetById):
2486 (JSC::DFG::SpeculativeJIT::cachedPutById):
2487 * dfg/DFGSpeculativeJIT64.cpp:
2488 (JSC::DFG::SpeculativeJIT::cachedGetById):
2489 (JSC::DFG::SpeculativeJIT::cachedPutById):
2490 * jit/EmptyPointer.h: Removed.
2492 * jit/JITPropertyAccess.cpp:
2493 (JSC::JIT::resetPatchGetById):
2494 (JSC::JIT::resetPatchPutById):
2495 * jit/JITPropertyAccess32_64.cpp:
2496 (JSC::JIT::resetPatchGetById):
2497 (JSC::JIT::resetPatchPutById):
2498 * jit/JITWriteBarrier.h:
2499 (JSC::JITWriteBarrierBase::clearToUnusedPointer):
2500 (JSC::JITWriteBarrierBase::get):
2501 * jit/UnusedPointer.h: Copied from Source/JavaScriptCore/jit/EmptyPointer.h.
2503 2012-12-19 Michael Saboff <msaboff@apple.com>
2505 Unreviewed build fix.
2507 Adding updated project file inadvertently left off from prior checkin.
2509 * JavaScriptCore.xcodeproj/project.pbxproj:
2511 2012-12-19 Michael Saboff <msaboff@apple.com>
2513 <rdar://problem/12913496> ARM64: Use only 48 bits for patchable pointers in JIT'ed code
2515 Reviewed by Gavin Barraclough.
2517 Changed pointer code in the JIT and macro assembler to only manipulate the lower 48 bits.
2518 Changed "empty pointer" logic from using -1 to using a constant (0xd1e7beef) and put that
2519 constant into the new header file jit/EmptyPointer.h.
2521 Changed occurances that use -1 to now use emptyPointer.
2523 Performance impact of this change is +.6% on SunSpider, neutral on V8 and +.3% on Kraken.
2525 * assembler/ARM64Assembler.h:
2526 (JSC::ARM64Assembler::readPointer):
2527 (JSC::ARM64Assembler::readCallTarget):
2528 (JSC::ARM64Assembler::linkPointer):
2529 * assembler/MacroAssemblerARM64.h:
2530 (MacroAssemblerARM64):
2531 (JSC::MacroAssemblerARM64::moveWithFixedWidth):
2532 * bytecode/MethodCallLinkInfo.cpp:
2533 (JSC::MethodCallLinkInfo::reset):
2534 * dfg/DFGRepatch.cpp:
2535 (JSC::DFG::dfgResetGetByID):
2536 (JSC::DFG::dfgResetPutByID):
2537 * dfg/DFGSpeculativeJIT32_64.cpp:
2538 (JSC::DFG::SpeculativeJIT::cachedGetById):
2539 (JSC::DFG::SpeculativeJIT::cachedPutById):
2540 * dfg/DFGSpeculativeJIT64.cpp:
2541 (JSC::DFG::SpeculativeJIT::cachedGetById):
2542 (JSC::DFG::SpeculativeJIT::cachedPutById):
2543 * jit/EmptyPointer.h: Added.
2545 * jit/JITPropertyAccess.cpp:
2546 (JSC::JIT::resetPatchGetById):
2547 (JSC::JIT::resetPatchPutById):
2548 * jit/JITPropertyAccess32_64.cpp:
2549 (JSC::JIT::resetPatchGetById):
2550 (JSC::JIT::resetPatchPutById):
2551 * jit/JITWriteBarrier.h:
2552 (JSC::JITWriteBarrierBase::clearToEmptyPointer):
2553 (JSC::JITWriteBarrierBase::get):
2555 2012-12-19 Michael Saboff <msaboff@apple.com>
2557 <rdar://problem/12910064> ARM64: Operations with an AbsoluteAddress source and destination should reuse address in temp register
2559 Reviewed by Oliver Hunt.
2561 When memoryTempRegister hasn't been reused, we store directly to memoryTempRegister.
2563 * assembler/MacroAssemblerARM64.h:
2564 (JSC::MacroAssemblerARM64::add32):
2565 (JSC::MacroAssemblerARM64::add64):
2566 (JSC::MacroAssemblerARM64::or32):
2567 (JSC::MacroAssemblerARM64::sub32):
2568 (JSC::MacroAssemblerARM64::branchAdd32):
2570 2012-12-18 Michael Saboff <msaboff@apple.com>
2572 <rdar://problem/12903309> ARM64: Further optimizations for test/compare and branch with branch compaction
2574 Reviewed by Phil Pizlo.
2576 Added support for CompareAndBranch (cbz/cbnz) instructions. Made makeTestBitAndBranch() generally usable.
2577 Added code to compact both CompareAndBranch and TestBitAndBranch instructions. Cleaned up the ARM64
2578 specific branch compaction code, specifically the ASSERTS in linkJumpConditionDirect() and eliminated
2579 the now unused disassembleConditionalBranchImmediate() as we are never pointing at a b.<cond> instruction
2580 when we write one out with the linked address.
2582 * assembler/ARM64Assembler.h:
2583 (JSC::ARM64Assembler::LinkRecord::LinkRecord):
2584 (JSC::ARM64Assembler::LinkRecord::is64Bit):
2585 (JSC::ARM64Assembler::LinkRecord::bitNumber):
2586 (JSC::ARM64Assembler::LinkRecord::compareRegister):
2588 (JSC::ARM64Assembler::linkJump):
2590 (JSC::ARM64Assembler::canCompact):
2591 (JSC::ARM64Assembler::computeJumpType):
2592 (JSC::ARM64Assembler::link):
2593 (JSC::ARM64Assembler::linkJumpCompareAndBranch):
2594 (JSC::ARM64Assembler::linkJumpConditionDirect):
2595 (JSC::ARM64Assembler::linkJumpCompareAndBranchDirect):
2596 (JSC::ARM64Assembler::linkJumpTestBitDirect):
2597 (JSC::ARM64Assembler::compareAndBranchImmediate):
2598 * assembler/AbstractMacroAssembler.h:
2600 (JSC::AbstractMacroAssembler::Jump::Jump):
2601 (JSC::AbstractMacroAssembler::Jump::link):
2602 (JSC::AbstractMacroAssembler::Jump::linkTo):
2603 * assembler/MacroAssemblerARM64.h:
2604 (JSC::MacroAssemblerARM64::branchConvertDoubleToInt32):
2605 (JSC::MacroAssemblerARM64::branchTest32):
2606 (JSC::MacroAssemblerARM64::branchTest64):
2607 (MacroAssemblerARM64):
2608 (JSC::MacroAssemblerARM64::makeCompareAndBranch):
2609 (JSC::MacroAssemblerARM64::makeTestBitAndBranch):
2611 2012-12-18 Michael Saboff <msaboff@apple.com>
2613 <rdar://problem/12903449> ARM64: Indexed Load and Store operations should used the scaled index ldr/str instructions when possible
2615 Reviewed by Oliver Hunt.
2617 Added path to use the scaled indexed load and store instructions for naturally indexed ops where the
2620 * assembler/MacroAssemblerARM64.h:
2621 (JSC::MacroAssemblerARM64::load64):
2622 (JSC::MacroAssemblerARM64::load32):
2623 (JSC::MacroAssemblerARM64::load16):
2624 (JSC::MacroAssemblerARM64::load16Signed):
2625 (JSC::MacroAssemblerARM64::load8):
2626 (JSC::MacroAssemblerARM64::load8Signed):
2627 (JSC::MacroAssemblerARM64::store64):
2628 (JSC::MacroAssemblerARM64::store32):
2629 (JSC::MacroAssemblerARM64::store16):
2630 (JSC::MacroAssemblerARM64::store8):
2631 (JSC::MacroAssemblerARM64::loadDouble):
2632 (JSC::MacroAssemblerARM64::loadFloat):
2633 (JSC::MacroAssemblerARM64::storeDouble):
2634 (JSC::MacroAssemblerARM64::storeFloat):
2636 2012-12-18 Michael Saboff <msaboff@apple.com>
2638 Merge of OpenSource WebKit r137976 & r138032
2640 2012-12-17 Michael Saboff <msaboff@apple.com>
2642 DFG: Refactor DFGCorrectableJumpPoint to reduce size of OSRExit data
2643 https://bugs.webkit.org/show_bug.cgi?id=105237
2645 Reviewed by Filip Pizlo.
2647 Replaced DFGCorrectableJumpPoint with OSRExitCompilationInfo which is used and kept alive only while we are
2648 compiling in the DFG. Moved the patchable branch offset directly into OSRExit.
2651 * GNUmakefile.list.am:
2652 * JavaScriptCore.xcodeproj/project.pbxproj:
2654 * assembler/AbstractMacroAssembler.h:
2655 * dfg/DFGCorrectableJumpPoint.cpp: Removed.
2656 * dfg/DFGCorrectableJumpPoint.h: Removed.
2657 * dfg/DFGJITCompiler.cpp:
2658 (JSC::DFG::JITCompiler::linkOSRExits):
2659 (JSC::DFG::JITCompiler::link):
2660 * dfg/DFGJITCompiler.h:
2661 (JSC::DFG::JITCompiler::appendExitJump):
2663 * dfg/DFGOSRExit.cpp:
2664 (JSC::DFG::OSRExit::OSRExit):
2665 (JSC::DFG::OSRExit::setPatchableCodeOffset):
2666 (JSC::DFG::OSRExit::getPatchableCodeOffsetAsJump):
2667 (JSC::DFG::OSRExit::codeLocationForRepatch):
2668 (JSC::DFG::OSRExit::correctJump):
2671 * dfg/DFGOSRExitCompilationInfo.h: Added.
2672 (OSRExitCompilationInfo):
2673 (JSC::DFG::OSRExitCompilationInfo::OSRExitCompilationInfo):
2674 (JSC::DFG::OSRExitCompilationInfo::failureJump):
2675 * dfg/DFGOSRExitCompiler.cpp:
2676 * dfg/DFGSpeculativeJIT.cpp:
2677 (JSC::DFG::SpeculativeJIT::speculationCheck):
2678 (JSC::DFG::SpeculativeJIT::speculationWatchpoint):
2680 2012-12-18 Michael Saboff <msaboff@apple.com>
2682 [Qt] Fix the ARMv7 build after r137976
2683 https://bugs.webkit.org/show_bug.cgi?id=105270
2685 Reviewed by Csaba Osztrogonác.
2687 Add default value for Jump parameter to fix build.
2689 * assembler/AbstractMacroAssembler.h:
2690 (JSC::AbstractMacroAssembler::Jump::Jump):
2692 2012-12-14 Michael Saboff <msaboff@apple.com>
2694 <rdar://problem/12883938> ARM64 DFG: SoftModulo will OSR exit with overflow when the result is 0
2696 Reviewed by Geoffrey Garen.
2698 Changed the generated code in branchConvertDoubleToInt32() to conditionally check for a negative value
2699 before checking for 0 and only take the failure path for negative 0.0. Since branchConvertDoubleToInt32()
2700 is used for more than just modulo, only made the modulo case generate the added check.
2701 Added the parameter to all of the macro assemblers, but the parameter is only used in the ARM64 version
2704 To support this patch, added the new test bit and branch (for the tbz/tbnz instruction) jump type to the
2705 ARM64 macro assembler. As other branches we initially generate a tb[n]z instruction with inverted
2706 condition around an unconditional branch. The branch around a branch is usually compacted during the
2707 link phase. The compacting of tb[n]z will be done in a subsequent patch.
2709 This change is worth >3.5% on SunSpider to to 10-20% gains on 3d-raytrace, crypto-aes and string-validate-input
2710 with lesser gains on other tests.
2712 This patch will be back ported to OpenSource.
2714 * assembler/ARM64Assembler.h:
2715 (JSC::ARM64Assembler::computeJumpType):
2716 (JSC::ARM64Assembler::link):
2717 (JSC::ARM64Assembler::linkJumpTestBit):
2719 * assembler/AbstractMacroAssembler.h:
2720 * assembler/MacroAssemblerARM.h:
2721 (JSC::MacroAssemblerARM::branchConvertDoubleToInt32):
2722 * assembler/MacroAssemblerARM64.h:
2723 (JSC::MacroAssemblerARM64::branchConvertDoubleToInt32):
2724 (JSC::MacroAssemblerARM64::makeTestBitAndBranch):
2725 (MacroAssemblerARM64):
2726 * assembler/MacroAssemblerARMv7.h:
2727 (JSC::MacroAssemblerARMv7::branchConvertDoubleToInt32):
2728 * assembler/MacroAssemblerMIPS.h:
2729 (JSC::MacroAssemblerMIPS::branchConvertDoubleToInt32):
2730 * assembler/MacroAssemblerSH4.h:
2731 (JSC::MacroAssemblerSH4::branchConvertDoubleToInt32):
2732 * assembler/MacroAssemblerX86Common.h:
2733 (JSC::MacroAssemblerX86Common::branchConvertDoubleToInt32):
2734 * dfg/DFGSpeculativeJIT.cpp:
2735 (JSC::DFG::SpeculativeJIT::compileSoftModulo):
2737 2012-12-13 Michael Saboff <msaboff@apple.com>
2739 <rdar://problem/12869956> SWB: JavaScriptCore-1136 failed to build with clang-426.2.3: -Wshift-op-parentheses
2741 Rubber stamped by Jessie Berlin.
2743 Added parens to quiet the newly added -Wshift-op-parentheses warning.
2745 * disassembler/ARM64/A64DOpcode.cpp:
2746 (JSC::ARM64Disassembler::rotateRight):
2748 2012-12-12 Michael Saboff <msaboff@apple.com>
2750 <rdar://problem/12870469> ARM64 Add Data Processing 3 Source and FP Data Processing 1 Source instruction groups to disassembler
2752 Reviewed by Phil Pizlo.
2754 Added support for the two missin instruction groups.
2756 * disassembler/ARM64/A64DOpcode.cpp:
2757 (ARM64Disassembler):
2758 (JSC::ARM64Disassembler::A64DOpcodeBitfield::format):
2759 (JSC::ARM64Disassembler::A64DOpcodeDataProcessing3Source::format):
2760 (JSC::ARM64Disassembler::A64DOpcodeFloatingPointDataProcessing1Source::format):
2761 * disassembler/ARM64/A64DOpcode.h:
2762 (A64DOpcodeDataProcessing3Source):
2763 (JSC::ARM64Disassembler::A64DOpcodeDataProcessing3Source::opName):
2764 (JSC::ARM64Disassembler::A64DOpcodeDataProcessing3Source::ra):
2765 (JSC::ARM64Disassembler::A64DOpcodeDataProcessing3Source::op54):
2766 (JSC::ARM64Disassembler::A64DOpcodeDataProcessing3Source::op31):
2767 (JSC::ARM64Disassembler::A64DOpcodeDataProcessing3Source::op0):
2768 (JSC::ARM64Disassembler::A64DOpcodeDataProcessing3Source::opNum):
2769 (ARM64Disassembler):
2770 (A64DOpcodeFloatingPointDataProcessing1Source):
2771 (JSC::ARM64Disassembler::A64DOpcodeFloatingPointDataProcessing1Source::opName):
2772 (JSC::ARM64Disassembler::A64DOpcodeFloatingPointDataProcessing1Source::opNum):
2774 2012-12-12 Michael Saboff <msaboff@apple.com>
2776 <rdar://problem/12858410> ARM64 SunSpider crypto-md5 test is 40x slower compared to ARMv7
2778 Reviewed by Gavin Barraclough.
2780 Fix a problem in the add32/sub32 with an address case where we materialize the address into
2781 the temporary register memoryTempRegister. The problem is that the store uses memoryTempRegister
2782 where the result of the add/sub is sitting. We were writing out the lower 32 bits of the address
2783 into the memory at the address.
2785 * assembler/MacroAssemblerARM64.h:
2786 (JSC::MacroAssemblerARM64::add32):
2787 (JSC::MacroAssemblerARM64::add64):
2788 (JSC::MacroAssemblerARM64::sub32):
2789 (JSC::MacroAssemblerARM64::branchAdd32):
2791 2012-12-11 Michael Saboff <msaboff@apple.com>
2793 <rdar://problem/12856193> Add option so that JSC will crash if it can't allocate executable memory for the JITs
2795 Reviewed by Phil Pizlo.
2797 Added new option "crashIfCantAllocateJITMemory". If this option is true, we crash when checking
2798 the executable allocator. The default is false, but jsc sets it to true. Coded this so that
2799 is useJIT and useRegExpJIT are both false, we don't crash since we aren't using any JITs.
2803 * runtime/JSGlobalData.cpp:
2804 (JSC::enableAssembler):
2805 * runtime/Options.h:
2806 (JSC)::Options::crashIfCantAllocateJITMemory
2808 2012-12-10 Michael Saboff <msaboff@apple.com>
2810 <rdar://problem/12821654> ARM64 Should compact compare then branch around branch when possible
2812 Reviewed by Phil Pizlo.
2814 Added branch compaction to ARM64 in a similar way as was done for ARMv7. We convert code like.
2816 cmp xM, xN cmp xM, xN
2817 FROM b.!cond continue TO b.cond labelIfCond
2820 Abstracted the compaction code in LinkBuffer::linkCode by instruction size to new helper
2821 LinkBuffer::copyCompactAndLinkCode(). Added JumpType, JumpLinkType and LinkRecord to ARM64Assembler.
2822 Added ARM64 versions of the helper methods needed by copyCompactAndLink.
2824 Abstracted out the jump type date used in DFG::CorrectableJumpPoint to be part of the MacroAssembler
2825 instead of the two assemblers that do compaction.
2827 * assembler/ARM64Assembler.h:
2829 (JSC::ARM64Assembler::LinkRecord::LinkRecord):
2830 (JSC::ARM64Assembler::LinkRecord::operator=):
2831 (JSC::ARM64Assembler::LinkRecord::from):
2832 (JSC::ARM64Assembler::LinkRecord::setFrom):
2833 (JSC::ARM64Assembler::LinkRecord::to):
2834 (JSC::ARM64Assembler::LinkRecord::type):
2835 (JSC::ARM64Assembler::LinkRecord::linkType):
2836 (JSC::ARM64Assembler::LinkRecord::setLinkType):
2837 (JSC::ARM64Assembler::LinkRecord::condition):
2838 (JSC::ARM64Assembler::unlinkedCode):
2839 (JSC::ARM64Assembler::linkJump):
2841 (JSC::ARM64Assembler::jumpSizeDelta):
2842 (JSC::ARM64Assembler::linkRecordSourceComparator):
2843 (JSC::ARM64Assembler::canCompact):
2844 (JSC::ARM64Assembler::computeJumpType):
2845 (JSC::ARM64Assembler::recordLinkOffsets):
2846 (JSC::ARM64Assembler::jumpsToLink):
2847 (JSC::ARM64Assembler::link):
2848 (JSC::ARM64Assembler::linkJumpNoCondition):
2849 (JSC::ARM64Assembler::linkJumpConditionDirect):
2850 (JSC::ARM64Assembler::linkJumpCondition):
2851 (JSC::ARM64Assembler::disassembleConditionalBranchImmediate):
2852 (JSC::ARM64Assembler::compareAndBranchImmediate):
2853 (JSC::ARM64Assembler::conditionalBranchImmediate):
2854 * assembler/AbstractMacroAssembler.h:
2856 (JSC::AbstractMacroAssembler::Jump::Jump):
2857 (JSC::AbstractMacroAssembler::Jump::link):
2858 (JSC::AbstractMacroAssembler::Jump::linkTo):
2859 * assembler/LinkBuffer.cpp:
2860 (JSC::LinkBuffer::copyCompactAndLinkCode):
2861 (JSC::LinkBuffer::linkCode):
2862 * assembler/LinkBuffer.h:
2864 * assembler/MacroAssembler.h:
2866 * assembler/MacroAssemblerARM64.h:
2867 (JSC::MacroAssemblerARM64::MacroAssemblerARM64):
2868 (MacroAssemblerARM64):
2869 (JSC::MacroAssemblerARM64::jumpsToLink):
2870 (JSC::MacroAssemblerARM64::unlinkedCode):
2871 (JSC::MacroAssemblerARM64::canCompact):
2872 (JSC::MacroAssemblerARM64::computeJumpType):
2873 (JSC::MacroAssemblerARM64::recordLinkOffsets):
2874 (JSC::MacroAssemblerARM64::jumpSizeDelta):
2875 (JSC::MacroAssemblerARM64::link):
2876 (JSC::MacroAssemblerARM64::executableOffsetFor):
2877 (JSC::MacroAssemblerARM64::branchTest32):
2878 (JSC::MacroAssemblerARM64::jump):
2879 (JSC::MacroAssemblerARM64::patchableBranchPtr):
2880 (JSC::MacroAssemblerARM64::patchableBranchTest32):
2881 (JSC::MacroAssemblerARM64::patchableBranch32):
2882 (JSC::MacroAssemblerARM64::patchableBranchPtrWithPatch):
2883 (JSC::MacroAssemblerARM64::patchableJump):
2884 (JSC::MacroAssemblerARM64::makeBranch):
2885 * assembler/MacroAssemblerARMv7.h:
2886 (MacroAssemblerARMv7):
2887 * dfg/DFGCorrectableJumpPoint.h:
2888 (JSC::DFG::CorrectableJumpPoint::CorrectableJumpPoint):
2889 (JSC::DFG::CorrectableJumpPoint::switchToLateJump):
2890 (JSC::DFG::CorrectableJumpPoint::correctInitialJump):
2891 (JSC::DFG::CorrectableJumpPoint::getJump):
2892 (CorrectableJumpPoint):
2894 2012-12-10 Michael Saboff <msaboff@apple.com>
2896 Merge OpenSource WebKit r132991 to fix <rdar://problem/12831284>
2898 2012-10-30 Yuqiang Xian <yuqiang.xian@intel.com>
2900 glsl-function-atan.html WebGL conformance test fails after https://bugs.webkit.org/show_bug.cgi?id=99154
2901 https://bugs.webkit.org/show_bug.cgi?id=100789
2903 Reviewed by Filip Pizlo.
2905 We accidently missed a bitwise double to int64 conversion.
2907 * dfg/DFGSpeculativeJIT.h:
2908 (JSC::DFG::SpeculativeJIT::silentFill):
2910 2012-12-10 Michael Saboff <msaboff@apple.com>
2912 <rdar://problem/12821760> ARM64 disassembler should cover the instructions the various JSC JIT's generate
2914 Reviewed by Phil Pizlo.
2916 Added decoding for CompareAndBranch, Data processing 2 sources, FP compare, FP processing 2 source,
2917 FP fixed point conversion, FP integer conversion and TestAndBranch instruction groups.
2918 Cleaned up some remaining changes to the printing code that weren't made before the original patch
2921 * disassembler/ARM64/A64DOpcode.cpp:
2922 (ARM64Disassembler):
2923 (JSC::ARM64Disassembler::A64DOpcode::appendRegisterName):
2924 (JSC::ARM64Disassembler::A64DOpcodeCompareAndBranchImmediate::format):
2925 (JSC::ARM64Disassembler::A64DOpcodeConditionalBranchImmediate::format):
2926 (JSC::ARM64Disassembler::A64DOpcodeDataProcessing2Source::format):
2927 (JSC::ARM64Disassembler::A64DOpcodeFloatingPointCompare::format):
2928 (JSC::ARM64Disassembler::A64DOpcodeFloatingPointDataProcessing2Source::format):
2929 (JSC::ARM64Disassembler::A64DOpcodeFloatingFixedPointConversions::format):
2930 (JSC::ARM64Disassembler::A64DOpcodeFloatingPointIntegerConversions::format):
2931 (JSC::ARM64Disassembler::A64DOpcodeHint::format):
2932 (JSC::ARM64Disassembler::A64DOpcodeTestAndBranchImmediate::format):
2933 * disassembler/ARM64/A64DOpcode.h:
2934 (A64DOpcodeCompareAndBranchImmediate):
2935 (JSC::ARM64Disassembler::A64DOpcodeCompareAndBranchImmediate::opBit):
2936 (JSC::ARM64Disassembler::A64DOpcodeCompareAndBranchImmediate::immediate19):
2937 (ARM64Disassembler):
2938 (A64DOpcodeDataProcessing2Source):
2939 (JSC::ARM64Disassembler::A64DOpcodeDataProcessing2Source::opName):
2940 (JSC::ARM64Disassembler::A64DOpcodeDataProcessing2Source::sBit):
2941 (JSC::ARM64Disassembler::A64DOpcodeDataProcessing2Source::opCode):
2942 (JSC::ARM64Disassembler::A64DOpcodeDataProcessing2Source::opNameIndex):
2943 (A64DOpcodeFloatingPointOps):
2944 (JSC::ARM64Disassembler::A64DOpcodeFloatingPointOps::mBit):
2945 (JSC::ARM64Disassembler::A64DOpcodeFloatingPointOps::sBit):
2946 (JSC::ARM64Disassembler::A64DOpcodeFloatingPointOps::type):
2947 (A64DOpcodeFloatingPointCompare):
2948 (JSC::ARM64Disassembler::A64DOpcodeFloatingPointCompare::opName):
2949 (JSC::ARM64Disassembler::A64DOpcodeFloatingPointCompare::op):
2950 (JSC::ARM64Disassembler::A64DOpcodeFloatingPointCompare::opCode2):
2951 (JSC::ARM64Disassembler::A64DOpcodeFloatingPointCompare::opNum):
2952 (A64DOpcodeFloatingPointDataProcessing2Source):
2953 (JSC::ARM64Disassembler::A64DOpcodeFloatingPointDataProcessing2Source::opName):
2954 (JSC::ARM64Disassembler::A64DOpcodeFloatingPointDataProcessing2Source::opNum):
2955 (A64DOpcodeFloatingFixedPointConversions):
2956 (JSC::ARM64Disassembler::A64DOpcodeFloatingFixedPointConversions::opName):
2957 (JSC::ARM64Disassembler::A64DOpcodeFloatingFixedPointConversions::rmode):
2958 (JSC::ARM64Disassembler::A64DOpcodeFloatingFixedPointConversions::opcode):
2959 (JSC::ARM64Disassembler::A64DOpcodeFloatingFixedPointConversions::scale):
2960 (JSC::ARM64Disassembler::A64DOpcodeFloatingFixedPointConversions::opNum):
2961 (A64DOpcodeFloatingPointIntegerConversions):
2962 (JSC::ARM64Disassembler::A64DOpcodeFloatingPointIntegerConversions::opName):
2963 (JSC::ARM64Disassembler::A64DOpcodeFloatingPointIntegerConversions::rmode):
2964 (JSC::ARM64Disassembler::A64DOpcodeFloatingPointIntegerConversions::opcode):
2965 (JSC::ARM64Disassembler::A64DOpcodeFloatingPointIntegerConversions::opNum):
2966 (A64DOpcodeTestAndBranchImmediate):
2967 (JSC::ARM64Disassembler::A64DOpcodeTestAndBranchImmediate::bitNumber):
2968 (JSC::ARM64Disassembler::A64DOpcodeTestAndBranchImmediate::opBit):
2969 (JSC::ARM64Disassembler::A64DOpcodeTestAndBranchImmediate::immediate14):
2971 2012-12-04 Benjamin Poulain <bpoulain@apple.com>
2973 Merge OpenSource WebKit r132752 to fix the build with newer SDKs.
2975 2012-10-28 Filip Pizlo <fpizlo@apple.com>
2977 Unreviewed, make always-true enum-to-int comparisons use casts.
2980 (JSC::DFG::FPRInfo::debugName):
2982 (JSC::DFG::JSValueSource::tagGPR):
2983 (JSC::DFG::GPRInfo::toIndex):
2984 (JSC::DFG::GPRInfo::debugName):
2985 * runtime/JSTypeInfo.h:
2986 (JSC::TypeInfo::TypeInfo):
2988 2012-12-03 Michael Saboff <msaboff@apple.com>
2990 <rdar://problem/12801153> JSC should have an ARM64 disassembler
2992 Reviewed by Phil Pizlo.
2994 Framework for a new ARM 64 disassembler with decoding for almost all integer instruction the
2995 current JIT's emit. The disassembler is structured as a base opcode class A64DOpcode with
2996 sub-classes for each instruction group. There is a public format method that does the bulk of
2997 the disassebly work. Instructions are "dispatched" to the right subclass via an array of linked
2998 lists in the inner class OpcodeGroup. The array is indexed using bits 24..28 of the instruction.
2999 OpcodeGroup has a mask and a pattern that it applies to the instruction to determine that it
3000 matches a particular group. OpcodeGroup uses a static method to reinterpret_cast the Opcode
3001 object to the right base class for the instruction group for formatting. The cast eliminates
3002 the need of allocating an object for each decoded instruction. Unknown instructions are
3003 formatted as " .long 12345678".
3005 The disassembler does not currently cover FP operations or what appear to be currently unused
3006 opcodes. FP operations and soon to be used instructions like compare and branch and test and branch
3007 will be added in a subsequent patch.
3009 * JavaScriptCore.xcodeproj/project.pbxproj:
3010 * disassembler/ARM64: Added.
3011 * disassembler/ARM64/A64DOpcode.cpp: Added.
3012 (ARM64Disassembler):
3013 (JSC::ARM64Disassembler::A64DOpcode::format):
3014 (JSC::ARM64Disassembler::A64DOpcode::appendRegisterName):
3015 (JSC::ARM64Disassembler::A64DOpcode::appendFPRegisterName):
3016 (JSC::ARM64Disassembler::A64DOpcodeAddSubtractImmediate::format):
3017 (JSC::ARM64Disassembler::A64DOpcodeAddSubtractExtendedRegister::format):
3018 (JSC::ARM64Disassembler::A64DOpcodeAddSubtractShiftedRegister::format):
3019 (JSC::ARM64Disassembler::A64DOpcodeBitfield::format):
3020 (JSC::ARM64Disassembler::A64DOpcodeConditionalBranchImmediate::format):
3021 (JSC::ARM64Disassembler::A64DOpcodeConditionalSelect::format):
3022 (JSC::ARM64Disassembler::A64OpcodeExceptionGeneration::format):
3023 (JSC::ARM64Disassembler::A64DOpcodeExtract::format):
3024 (JSC::ARM64Disassembler::A64DOpcodeHint::format):
3025 (JSC::ARM64Disassembler::A64DOpcodeLoadStoreImmediate::format):
3026 (JSC::ARM64Disassembler::A64DOpcodeLoadStoreRegisterOffset::format):
3027 (JSC::ARM64Disassembler::A64DOpcodeLoadStoreUnsignedImmediate::format):
3028 (JSC::ARM64Disassembler::A64DOpcodeLogicalShiftedRegister::format):
3029 (JSC::ARM64Disassembler::highestBitSet):
3030 (JSC::ARM64Disassembler::rotateRight):
3031 (JSC::ARM64Disassembler::replicate):
3032 (JSC::ARM64Disassembler::A64DOpcodeLogicalImmediate::format):
3033 (JSC::ARM64Disassembler::A64DOpcodeMoveWide::format):
3034 (JSC::ARM64Disassembler::A64DOpcodeUnconditionalBranchImmediate::format):
3035 (JSC::ARM64Disassembler::A64DOpcodeUnconditionalBranchRegister::format):
3036 (OpcodeGroupInitializer):
3037 (JSC::ARM64Disassembler::A64DOpcode::init):
3038 (JSC::ARM64Disassembler::A64DOpcode::disassemble):
3039 * disassembler/ARM64/A64DOpcode.h: Added.
3040 (ARM64Disassembler):
3043 (JSC::ARM64Disassembler::A64DOpcode::OpcodeGroup::OpcodeGroup):
3044 (JSC::ARM64Disassembler::A64DOpcode::OpcodeGroup::setNext):
3045 (JSC::ARM64Disassembler::A64DOpcode::OpcodeGroup::next):
3046 (JSC::ARM64Disassembler::A64DOpcode::OpcodeGroup::matches):
3047 (JSC::ARM64Disassembler::A64DOpcode::OpcodeGroup::format):
3048 (JSC::ARM64Disassembler::A64DOpcode::A64DOpcode):
3049 (JSC::ARM64Disassembler::A64DOpcode::conditionName):
3050 (JSC::ARM64Disassembler::A64DOpcode::shiftName):
3051 (JSC::ARM64Disassembler::A64DOpcode::optionName):
3052 (JSC::ARM64Disassembler::A64DOpcode::FPRegisterPrefix):
3053 (JSC::ARM64Disassembler::A64DOpcode::opcodeGroupNumber):
3054 (JSC::ARM64Disassembler::A64DOpcode::is64Bit):
3055 (JSC::ARM64Disassembler::A64DOpcode::size):
3056 (JSC::ARM64Disassembler::A64DOpcode::option):
3057 (JSC::ARM64Disassembler::A64DOpcode::rd):
3058 (JSC::ARM64Disassembler::A64DOpcode::rt):
3059 (JSC::ARM64Disassembler::A64DOpcode::rn):
3060 (JSC::ARM64Disassembler::A64DOpcode::rm):
3061 (JSC::ARM64Disassembler::A64DOpcode::appendInstructionName):
3062 (JSC::ARM64Disassembler::A64DOpcode::appendSPOrRegisterName):
3063 (JSC::ARM64Disassembler::A64DOpcode::appendZROrRegisterName):
3064 (JSC::ARM64Disassembler::A64DOpcode::appendSeparator):
3065 (JSC::ARM64Disassembler::A64DOpcode::appendCharacter):
3066 (JSC::ARM64Disassembler::A64DOpcode::appendString):
3067 (JSC::ARM64Disassembler::A64DOpcode::appendShiftType):
3068 (JSC::ARM64Disassembler::A64DOpcode::appendSignedImmediate):
3069 (JSC::ARM64Disassembler::A64DOpcode::appendUnsignedImmediate):
3070 (JSC::ARM64Disassembler::A64DOpcode::appendUnsignedImmediate64):
3071 (JSC::ARM64Disassembler::A64DOpcode::appendPCRelativeOffset):
3072 (JSC::ARM64Disassembler::A64DOpcode::appendShiftAmount):
3073 (A64DOpcodeAddSubtract):
3074 (JSC::ARM64Disassembler::A64DOpcodeAddSubtract::opName):
3075 (JSC::ARM64Disassembler::A64DOpcodeAddSubtract::cmpName):
3076 (JSC::ARM64Disassembler::A64DOpcodeAddSubtract::isCMP):
3077 (JSC::ARM64Disassembler::A64DOpcodeAddSubtract::op):
3078 (JSC::ARM64Disassembler::A64DOpcodeAddSubtract::sBit):
3079 (JSC::ARM64Disassembler::A64DOpcodeAddSubtract::opAndS):
3080 (A64DOpcodeAddSubtractImmediate):
3081 (JSC::ARM64Disassembler::A64DOpcodeAddSubtractImmediate::isMovSP):
3082 (JSC::ARM64Disassembler::A64DOpcodeAddSubtractImmediate::shift):
3083 (JSC::ARM64Disassembler::A64DOpcodeAddSubtractImmediate::immed12):
3084 (A64DOpcodeAddSubtractExtendedRegister):
3085 (JSC::ARM64Disassembler::A64DOpcodeAddSubtractExtendedRegister::immediate3):
3086 (A64DOpcodeAddSubtractShiftedRegister):
3087 (JSC::ARM64Disassembler::A64DOpcodeAddSubtractShiftedRegister::isNeg):
3088 (JSC::ARM64Disassembler::A64DOpcodeAddSubtractShiftedRegister::negName):
3089 (JSC::ARM64Disassembler::A64DOpcodeAddSubtractShiftedRegister::shift):
3090 (JSC::ARM64Disassembler::A64DOpcodeAddSubtractShiftedRegister::immediate6):
3091 (A64DOpcodeBitfield):
3092 (JSC::ARM64Disassembler::A64DOpcodeBitfield::opName):
3093 (JSC::ARM64Disassembler::A64DOpcodeBitfield::extendPseudoOpNames):
3094 (JSC::ARM64Disassembler::A64DOpcodeBitfield::insertOpNames):
3095 (JSC::ARM64Disassembler::A64DOpcodeBitfield::extractOpNames):
3096 (JSC::ARM64Disassembler::A64DOpcodeBitfield::opc):
3097 (JSC::ARM64Disassembler::A64DOpcodeBitfield::nBit):
3098 (JSC::ARM64Disassembler::A64DOpcodeBitfield::immediateR):
3099 (JSC::ARM64Disassembler::A64DOpcodeBitfield::immediateS):
3100 (A64DOpcodeConditionalBranchImmediate):
3101 (JSC::ARM64Disassembler::A64DOpcodeConditionalBranchImmediate::condition):
3102 (JSC::ARM64Disassembler::A64DOpcodeConditionalBranchImmediate::immediate19):
3103 (A64DOpcodeConditionalSelect):
3104 (JSC::ARM64Disassembler::A64DOpcodeConditionalSelect::opName):
3105 (JSC::ARM64Disassembler::A64DOpcodeConditionalSelect::opNum):
3106 (JSC::ARM64Disassembler::A64DOpcodeConditionalSelect::op):
3107 (JSC::ARM64Disassembler::A64DOpcodeConditionalSelect::sBit):
3108 (JSC::ARM64Disassembler::A64DOpcodeConditionalSelect::condition):
3109 (JSC::ARM64Disassembler::A64DOpcodeConditionalSelect::op2):
3110 (A64OpcodeExceptionGeneration):
3111 (JSC::ARM64Disassembler::A64OpcodeExceptionGeneration::opc):
3112 (JSC::ARM64Disassembler::A64OpcodeExceptionGeneration::op2):
3113 (JSC::ARM64Disassembler::A64OpcodeExceptionGeneration::ll):
3114 (JSC::ARM64Disassembler::A64OpcodeExceptionGeneration::immediate16):
3115 (A64DOpcodeExtract):
3116 (JSC::ARM64Disassembler::A64DOpcodeExtract::op21):
3117 (JSC::ARM64Disassembler::A64DOpcodeExtract::nBit):
3118 (JSC::ARM64Disassembler::A64DOpcodeExtract::o0Bit):
3119 (JSC::ARM64Disassembler::A64DOpcodeExtract::immediateS):
3121 (JSC::ARM64Disassembler::A64DOpcodeHint::opName):
3122 (JSC::ARM64Disassembler::A64DOpcodeHint::immediate7):
3123 (A64DOpcodeLoadStore):
3124 (JSC::ARM64Disassembler::A64DOpcodeLoadStore::opName):
3125 (JSC::ARM64Disassembler::A64DOpcodeLoadStore::size):
3126 (JSC::ARM64Disassembler::A64DOpcodeLoadStore::vBit):
3127 (JSC::ARM64Disassembler::A64DOpcodeLoadStore::opc):
3128 (JSC::ARM64Disassembler::A64DOpcodeLoadStore::opNumber):
3129 (JSC::ARM64Disassembler::A64DOpcodeLoadStore::is64BitRT):
3130 (A64DOpcodeLoadStoreImmediate):
3131 (JSC::ARM64Disassembler::A64DOpcodeLoadStoreImmediate::unprivilegedOpName):
3132 (JSC::ARM64Disassembler::A64DOpcodeLoadStoreImmediate::unscaledOpName):
3133 (JSC::ARM64Disassembler::A64DOpcodeLoadStoreImmediate::type):
3134 (JSC::ARM64Disassembler::A64DOpcodeLoadStoreImmediate::immediate9):
3135 (A64DOpcodeLoadStoreRegisterOffset):
3136 (JSC::ARM64Disassembler::A64DOpcodeLoadStoreRegisterOffset::option):
3137 (JSC::ARM64Disassembler::A64DOpcodeLoadStoreRegisterOffset::sBit):
3138 (A64DOpcodeLoadStoreUnsignedImmediate):
3139 (JSC::ARM64Disassembler::A64DOpcodeLoadStoreUnsignedImmediate::immediate12):
3140 (A64DOpcodeLogical):
3141 (JSC::ARM64Disassembler::A64DOpcodeLogical::opName):
3142 (JSC::ARM64Disassembler::A64DOpcodeLogical::opc):
3143 (JSC::ARM64Disassembler::A64DOpcodeLogical::nBit):
3144 (A64DOpcodeLogicalImmediate):
3145 (JSC::ARM64Disassembler::A64DOpcodeLogicalImmediate::isTst):
3146 (JSC::ARM64Disassembler::A64DOpcodeLogicalImmediate::isMov):
3147 (JSC::ARM64Disassembler::A64DOpcodeLogicalImmediate::opNumber):
3148 (JSC::ARM64Disassembler::A64DOpcodeLogicalImmediate::shift):
3149 (JSC::ARM64Disassembler::A64DOpcodeLogicalImmediate::immediateR):
3150 (JSC::ARM64Disassembler::A64DOpcodeLogicalImmediate::immediateS):
3151 (A64DOpcodeLogicalShiftedRegister):
3152 (JSC::ARM64Disassembler::A64DOpcodeLogicalShiftedRegister::isTst):
3153 (JSC::ARM64Disassembler::A64DOpcodeLogicalShiftedRegister::isMov):
3154 (JSC::ARM64Disassembler::A64DOpcodeLogicalShiftedRegister::opNumber):
3155 (JSC::ARM64Disassembler::A64DOpcodeLogicalShiftedRegister::shift):
3156 (JSC::ARM64Disassembler::A64DOpcodeLogicalShiftedRegister::immediate6):
3157 (A64DOpcodeMoveWide):
3158 (JSC::ARM64Disassembler::A64DOpcodeMoveWide::opc):
3159 (JSC::ARM64Disassembler::A64DOpcodeMoveWide::hw):
3160 (JSC::ARM64Disassembler::A64DOpcodeMoveWide::immediate16):
3161 (A64DOpcodeUnconditionalBranchImmediate):
3162 (JSC::ARM64Disassembler::A64DOpcodeUnconditionalBranchImmediate::op):
3163 (JSC::ARM64Disassembler::A64DOpcodeUnconditionalBranchImmediate::immediate26):
3164 (A64DOpcodeUnconditionalBranchRegister):
3165 (JSC::ARM64Disassembler::A64DOpcodeUnconditionalBranchRegister::opc):
3166 * disassembler/ARM64Disassembler.cpp: Added.
3167 (JSC::tryToDisassemble):
3169 2012-12-03 Michael Saboff <msaboff@apple.com>
3171 <rdar://problem/12801180> ARM64 Macro Assembler doesn't generate optimum wide move instruction for mostly negative values
3173 Reviewed by Phil Pizlo.
3175 Since the compiler implicitly casts a uint16_t to an int before '~' operator, I changed the check for
3176 0xffff from if (~x) to if (x == 0xffff). Found and fixed a minor ASSERT() error found during debugging.
3178 * assembler/MacroAssemblerARM64.h:
3179 (JSC::MacroAssemblerARM64::moveInternal):
3181 2012-11-28 Michael Saboff <msaboff@apple.com>
3183 <rdar://problem/12531894> Crash in HeapTimer::didStartVMShutdown exiting AppleTV movie trailer
3185 Reviewed by Oliver Hunt.
3187 Added check before use without #ifdef IOS for all uses of m_activityCallback and Heap::activityCallback().
3188 Created Heap::synchronizeActivityCallback() so a null m_activityCallback doesn't leak out of a Heap object.
3189 Called cancel() directly in DefaultGCActivityCallback::doWork() since we know it is outselves and we don't
3190 need to get the activity callback from our heap.
3193 (JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock):
3195 (JSC::Heap::didAbandon):
3196 (JSC::Heap::collect):
3197 (JSC::Heap::setGarbageCollectionTimerEnabled):
3198 (JSC::Heap::synchronizeActivityCallback):
3199 (JSC::Heap::didAllocate):
3200 (JSC::Heap::didStartVMShutdown):
3202 (JSC::Heap::synchronizeActivityCallback):
3203 * runtime/GCActivityCallback.cpp:
3204 (JSC::DefaultGCActivityCallback::doWork):
3206 2012-11-27 Michael Saboff <msaboff@apple.com>
3208 Cherry-pick merge of r132546 for <rdar://problem/12636065>.
3210 2012-10-25 Filip Pizlo <fpizlo@apple.com>
3212 REGRESSION (r131793-r131826): Crash going to wikifonia.org
3213 https://bugs.webkit.org/show_bug.cgi?id=100281
3215 Reviewed by Oliver Hunt.
3217 Restore something that got lost in the resolve refactoring: the ability to give up on life if
3218 we see a resolve of 'arguments'.
3220 * runtime/JSScope.cpp:
3221 (JSC::JSScope::resolveContainingScopeInternal):
3223 2012-11-09 Michael Saboff <msaboff@apple.com>
3225 <rdar://problem/12665471> ARM64 ExtendType enum has types in the wrong order
3227 Reviewed by Gavin Barraclough.
3229 Corrected the order of ARM64Assembler::ExtendType to match instruction reference. The UTX? should appear before
3232 * assembler/ARM64Assembler.h:
3233 ARM64Assembler::ExtendType:
3235 2012-11-09 Michael Saboff <msaboff@apple.com>
3237 <rdar://problem/12640867> Crash in JSC::Interpreter::execute() running SunSpider
3239 Reviewed by Gavin Barraclough.
3241 This is a speculative fix as I can't reproduce this in ToT. In the JavaScriptCore delivered with 11A207, it
3242 appears that x19 is not being saved by ctiTrampoline and is subsequently being clobbered. This change
3243 adds x19 and x20 as calle save registers per the current ABI documents.
3245 * assembler/ARM64Assembler.h:
3247 (JSC::JITThunks::JITThunks):
3251 2012-11-07 Joseph Pecoraro <pecoraro@apple.com>
3253 <rdar://problem/12640110> CRASH: ARM64 OSRExitCompiler::compileExit -> JSC::MacroAssemblerARM64::push after merging up to r132276
3255 Patch by Filip Pizlo.
3257 Use the supported push/pop for ARM64.
3259 * dfg/DFGOSRExitCompiler32_64.cpp:
3260 (JSC::DFG::OSRExitCompiler::compileExit):
3261 * dfg/DFGOSRExitCompiler64.cpp:
3262 (JSC::DFG::OSRExitCompiler::compileExit):
3264 2012-11-02 Joseph Pecoraro <pecoraro@apple.com>
3266 <rdar://problem/12630041> JavaScriptCore fails to compile for ARM64 after merging up to r132276
3268 Reviewed by Geoff Garen and Filip Pizlo.
3270 Update ARM64 after some OpenSource changes when merging up to r132276.
3273 - RegisterFile -> JSStack
3275 r131426, r131858, r131860:
3276 - x32 MacroAssembler refactoring from opPtr to op64 for 64bit
3277 - x32 follow up changes and build fix for 64bit refactoring
3279 * assembler/AbstractMacroAssembler.h:
3282 Include generic 64bit code in CPU(ARM64).
3284 * assembler/MacroAssembler.h:
3286 * assembler/MacroAssemblerARM64.h:
3287 (JSC::MacroAssemblerARM64::add64):
3288 (JSC::MacroAssemblerARM64::and64):
3289 (JSC::MacroAssemblerARM64::neg64):
3290 (JSC::MacroAssemblerARM64::or64):
3291 (JSC::MacroAssemblerARM64::rotateRight64):
3292 (JSC::MacroAssemblerARM64::sub64):
3293 (MacroAssemblerARM64):
3294 (JSC::MacroAssemblerARM64::load64):
3295 (JSC::MacroAssemblerARM64::load64WithAddressOffsetPatch):
3296 (JSC::MacroAssemblerARM64::load64WithCompactAddressOffsetPatch):
3297 (JSC::MacroAssemblerARM64::store64):
3298 (JSC::MacroAssemblerARM64::store64WithAddressOffsetPatch):
3299 (JSC::MacroAssemblerARM64::moveDoubleTo64):
3300 (JSC::MacroAssemblerARM64::move64ToDouble):
3301 (JSC::MacroAssemblerARM64::popToRestore):
3302 (JSC::MacroAssemblerARM64::pushToSave):
3303 (JSC::MacroAssemblerARM64::branch64):
3304 (JSC::MacroAssemblerARM64::branchTest64):
3305 (JSC::MacroAssemblerARM64::branchAdd64):
3306 (JSC::MacroAssemblerARM64::branchSub64):
3307 (JSC::MacroAssemblerARM64::call):
3308 (JSC::MacroAssemblerARM64::jump):
3309 (JSC::MacroAssemblerARM64::compare64):
3310 (JSC::MacroAssemblerARM64::test64):
3311 (JSC::MacroAssemblerARM64::branchPtrWithPatch):
3312 (JSC::MacroAssemblerARM64::storePtrWithPatch):
3313 Rename fooPtr to foo64 where appropriate.
3315 (JSC::MacroAssemblerARM64::move):
3316 Added move for TrustedImm64.
3318 (JSC::MacroAssemblerARM64::xor64):
3319 Simple xor implementation, provided by Gavin!
3321 * dfg/DFGCCallHelpers.h:
3325 * jit/JITOpcodes.cpp:
3326 (JSC::JIT::privateCompileCTINativeCall):
3328 (JSC::JITThunks::JITThunks):
3331 Handle RegisterFile -> JSStack renames.
3333 2012-11-08 Michael Saboff <msaboff@apple.com>
3335 <rdar://problem/12640555> 11A207/N51: Crash under RegExpObject::match() when loading nytimes.com
3337 Reviewed by Gavin Barraclough.
3339 The ABI doesn't define the behavior for the upper bits of a value that takes less than 64 bits.
3340 Therefore, we zero extend both the count and length registers to assure that these unsigned values
3341 don't have garbage upper bits. Made the change for X86_64 as it could happen there as well although
3342 there isn't any known problem.
3345 (JSC::Yarr::YarrGenerator::generateEnter):
3347 2012-10-26 Benjamin Poulain <bpoulain@apple.com>
3349 Merge OpenSource WebKit r130418.
3351 2012-10-04 Benjamin Poulain <bpoulain@apple.com>
3353 Use copyLCharsFromUCharSource() for IdentifierLCharFromUCharTranslator translation
3354 https://bugs.webkit.org/show_bug.cgi?id=98335
3356 Reviewed by Michael Saboff.
3358 Michael Saboff added an optimized version of UChar->LChar conversion in r125846.
3359 Use this function in JSC::Identifier.
3361 * runtime/Identifier.cpp:
3362 (JSC::IdentifierLCharFromUCharTranslator::translate):
3364 2012-11-02 Michael Saboff <msaboff@apple.com>
3366 <rdar://problem/12624771> ARM64 Macro Assembler Logical with immediate instructions should use native immediate instructions
3368 Reviewed by Oliver Hunt.
3370 Changed and, or and xor for 32 bit and 64 bit to use LogicalImmediate. We create a LogicalImmediate and if
3371 we can encode the immediate, we generate the immediate version of the instruction, otherwise we fallback to the
3372 "put immediate into temp register" form.
3374 * assembler/MacroAssemblerARM64.h:
3375 (JSC::MacroAssemblerARM64::and32):
3376 (JSC::MacroAssemblerARM64::andPtr):
3377 (JSC::MacroAssemblerARM64::or32):
3378 (JSC::MacroAssemblerARM64::orPtr):
3379 (JSC::MacroAssemblerARM64::xor32):
3380 (JSC::MacroAssemblerARM64::xorPtr):
3382 2012-10-30 Eric Carlson <eric.carlson@apple.com>
3384 <rdar://problem/12593706> Support text tracks for in-line video playback
3386 Reviewed by NOBODY (OOPS!).
3388 * Configurations/FeatureDefines.xcconfig: Define ENABLE_VIDEO_TRACK.
3390 2012-10-29 Jer Noble <jer.noble@apple.com>
3392 <rdar://problem/8978236> Sub-TLF: Support fullscreen API on iOS
3394 Reviewed by Ian Henderson.
3396 Enable WebKit Full Screen API by setting ENABLE_FULLSCREEN_API.
3398 * Configurations/FeatureDefines.xcconfig:
3400 2012-10-30 Michael Saboff <msaboff@apple.com>
3402 <rdar://problem/12593651> Improve ARM64 Macro Assembler generation of wide moves
3404 Reviewed by Phil Pizlo.
3406 Created a new templated helper moveInternal() that can move a 32 or 64 bit literal value into a destination
3407 register using the move wide instructions. This method figures out the minimum number of half words that need to be
3408 loaded by looking for half words that are all zeros or all ones. Based on that check we choose a movz path or movn
3409 path. The first half word that is filled also fills the whole register and subsequent half words ore filled using
3410 the movk instruction.
3412 * assembler/MacroAssemblerARM64.h:
3413 (JSC::MacroAssemblerARM64::move): Changed to use new helper.
3414 (JSC::MacroAssemblerARM64::moveInternal): New helper.
3416 2012-10-24 Michael Saboff <msaboff@apple.com>
3418 <rdar://problem/12566747> ARM64 Macro Assembler: Add support for using immediate ops for all add() and sub() methods
3420 Reviewed by Phil Pizlo.
3422 Added code to use 12 bit immediate add, cmp and sub to add, sub and branch instructions
3425 * assembler/ARM64Assembler.h:
3426 (JSC::isUInt12): Overloaded to take intptr_t.
3428 * assembler/MacroAssemblerARM64.h:
3429 (JSC::MacroAssemblerARM64::addPtr):
3430 (JSC::MacroAssemblerARM64::sub32):
3431 (JSC::MacroAssemblerARM64::subPtr):
3432 (JSC::MacroAssemblerARM64::branch32):
3433 (JSC::MacroAssemblerARM64::branchPtr):
3434 (JSC::MacroAssemblerARM64::branchAdd32):
3435 (JSC::MacroAssemblerARM64::branchAddPtr):
3436 (JSC::MacroAssemblerARM64::branchSub32):
3437 (JSC::MacroAssemblerARM64::branchSubPtr):
3439 2012-10-24 Michael Saboff <msaboff@apple.com>
3441 <rdar://problem/12561633> ARM64 Macro Assembler doesn't use load and store imeediate instructions
3443 Reviewed by Gavin Barraclough.
3445 To the ARM64 assembler, added helpers to determine if we can use the unsigned scaled and
3446 signed unscaled offsets.
3448 To the ARM64 macro assembler, added templated load and store methods for general registers for
3449 both unsigned scaled and signed unscaled offsets to work with all data sizes supported by the
3450 architecture. Added tryLoadWithOffset and tryStoreWithOffset that will generate the approriate
3451 load or store instruction and return true if one of the two offset types can be used.
3452 Otherwise we fall back to the current method that uses a temp register to calculate the memory address.
3454 * assembler/ARM64Assembler.h:
3456 (JSC::ARM64Assembler::canEncodePImmOffset):
3457 (JSC::ARM64Assembler::canEncodeSImmOffset):
3459 * assembler/MacroAssemblerARM64.h:
3460 Added call to try using an offset load instruction
3461 (JSC::MacroAssemblerARM64::loadPtr):
3462 (JSC::MacroAssemblerARM64::load32):
3463 (JSC::MacroAssemblerARM64::load16):
3464 (JSC::MacroAssemblerARM64::load8):
3465 (JSC::MacroAssemblerARM64::loadDouble):
3467 Added call to try using an offset store instruction
3468 (JSC::MacroAssemblerARM64::storePtr):
3469 (JSC::MacroAssemblerARM64::store32):
3470 (JSC::MacroAssemblerARM64::storeDouble):
3472 Added templated load and store methods for unsigned scaled and signed scaled offsets
3473 (JSC::MacroAssemblerARM64::loadUnsignedImmediate):
3474 (JSC::MacroAssemblerARM64::loadUnscaledImmediate):
3475 (JSC::MacroAssemblerARM64::storeUnsignedImmediate):
3476 (JSC::MacroAssemblerARM64::storeUnscaledImmediate):
3478 New try to load/store with an offset instruction methods
3479 (JSC::MacroAssemblerARM64::tryLoadWithOffset):
3480 (JSC::MacroAssemblerARM64::tryStoreWithOffset):
3482 2012-10-24 Michael Saboff <msaboff@apple.com>
3484 <rdar://problem/12561632> ARM64 Assembler doesn't constrain negative immediates when generating instructions
3486 Reviewed by Gavin Barraclough.
3488 Masked all signed immediate valuesbefore shifting when creating instructions.
3490 * assembler/ARM64Assembler.h:
3491 (JSC::ARM64Assembler::addSubtractExtendedRegister):
3492 (JSC::ARM64Assembler::addSubtractImmediate):
3493 (JSC::ARM64Assembler::addSubtractShiftedRegister):
3494 (JSC::ARM64Assembler::conditionalCompareImmediate):
3495 (JSC::ARM64Assembler::floatingPointImmediate):
3496 (JSC::ARM64Assembler::loadRegisterLiteral):
3497 (JSC::ARM64Assembler::loadStoreRegisterPostIndex):
3498 (JSC::ARM64Assembler::loadStoreRegisterUnscaledImmediate):
3499 (JSC::ARM64Assembler::loadStoreRegisterUnsignedImmediate):
3500 (JSC::ARM64Assembler::logicalShiftedRegister):
3501 (JSC::ARM64Assembler::testAndBranchImmediate):
3503 2012-10-19 Filip Pizlo <fpizlo@apple.com>
3505 <rdar://problem/12511832> N51: Safari crashes in llint_slow_path_put_by_id while loading apple.com
3507 Reviewed by Michale Saboff.
3509 On ARMv7, we know that any offset that we can store into a ptrdiff_t is an offset that we
3510 can patch into a non-compact offset load or store, since ptrdiff_t is 32-bit and the
3511 non-compact offsets are 32-bit. But on ARM64, the non-compact offsets are 32-bit unsigned,
3512 and ptrdiff_t is 64-bit signed. Hence, we can end up manufacturing an offset that cannot be
3515 The correct fix is to have the patching machinery defend itself against offsets it knows to
3518 But the specific reason we were crashing here was because we had a small negative offset.
3519 This change makes even those small negative offsets take slow path. That's somewhat
3520 unfortunate. In the future, the right fix will be to have non-compact offsets be 32-bit
3521 signed rather than 32-bit unsigned. I'll leave that for a future patch.
3522 See <rdar://problem/12540077>.
3524 * assembler/MacroAssembler.h:
3526 (JSC::MacroAssembler::isPtrAlignedAddressOffset):
3527 * assembler/MacroAssemblerARM64.h:
3528 (JSC::MacroAssemblerARM64::isPtrAlignedAddressOffset):
3529 (MacroAssemblerARM64):
3530 * dfg/DFGRepatch.cpp:
3531 (JSC::DFG::tryCachePutByID):
3533 (JSC::JITThunks::tryCachePutByID):
3535 2012-10-19 Filip Pizlo <fpizlo@apple.com>
3537 <rdar://problem/12538954> N51: MacroAssembler::push and ::pop are incompatible with the stack conventions of ARM64
3539 Reviewed by Michael Saboff.
3541 I've fixed this by forcing a distinction between push() used for setting up the stack
3542 (which is only used on x86 and will now CRASH() on ARM64) and push() used for doing a
3543 quick-and-dirty register spill. The latter is now called pushToSave()/popToRestore(),
3544 and does 16 byte alignment on-the-fly. This wastes stack space, but we probably don't
3545 care since it's on the slow paths anyway.
3547 * assembler/ARM64Assembler.h:
3548 (JSC::ARM64Assembler::loadStoreRegisterPreIndex):
3549 * assembler/MacroAssembler.h:
3551 (JSC::MacroAssembler::pushToSave):
3552 (JSC::MacroAssembler::popToRestore):
3553 * assembler/MacroAssemblerARM64.h:
3554 (MacroAssemblerARM64):
3555 (JSC::MacroAssemblerARM64::popToRestore):
3556 (JSC::MacroAssemblerARM64::pushToSave):
3557 (JSC::MacroAssemblerARM64::pushToSAve):
3558 * dfg/DFGRepatch.cpp:
3559 (JSC::DFG::emitRestoreScratch):
3560 (JSC::DFG::generateProtoChainAccessStub):
3561 (JSC::DFG::tryCacheGetByID):
3562 (JSC::DFG::emitPutReplaceStub):
3563 * dfg/DFGScratchRegisterAllocator.h:
3564 (JSC::DFG::ScratchRegisterAllocator::preserveReusedRegistersByPushing):
3565 (JSC::DFG::ScratchRegisterAllocator::restoreReusedRegistersByPopping):
3566 * dfg/DFGThunks.cpp:
3567 (JSC::DFG::emitPointerValidation):
3569 2012-10-17 Gavin Barraclough <barraclough@apple.com>
3571 <rdar://problem/12511832> N51: Safari crashes in llint_slow_path_put_by_id while loading apple.com
3573 Reviewed by Sam Weinig.
3575 * llint/LowLevelInterpreter64.asm:
3578 2012-10-15 David Kilzer <ddkilzer@apple.com>
3580 <rdar://problem/12476025> build-webkit --development tries to build WKSI and DRT for x86_64, but only builds WebKit for i386
3582 Reviewed by David Carson.
3584 * Configurations/DebugRelease.xcconfig: Use
3585 ARCHS_STANDARD_32_64_BIT.
3587 2012-10-05 Filip Pizlo <fpizlo@apple.com>
3589 <rdar://problem/12442679> Assertion failure on ToT puzzlebox in JSArray::unshiftCount
3591 Reviewed by Mark Hahnenberg.
3593 Either because of a merge glitch or because I'm not a smart person, I put the assertion
3594 that should have been in shiftCount (i.e. that count <= length) in unshiftCount instead.
3595 So, if you tried to use unshift() to, say, initialize an array, which is a correct albeit
3596 silly thing to do, then you'd assert every time.
3598 * runtime/JSArray.cpp:
3599 (JSC::JSArray::shiftCount):
3600 (JSC::JSArray::unshiftCount):
3602 2012-10-02 Mark Hahnenberg <mhahnenberg@apple.com>
3604 <rdar://problem/12391706> REGRESSION: Crash beneath IncrementalSweeper::doSweep() when running PLT3
3606 Reviewed by Phil Pizlo.
3608 From the Radar: We need a "WebSafeIncrementalSweeper" to match "WebSafeGCActivityCallback" -- it ensures
3609 that callbacks only happen on the web thread, which in turn ensures that the web thread lock has been acquired.
3611 In JSC, I just exported a few additional symbols and added an explicit out-of-line destructor for IncrementalSweeper
3612 to allay any linker errors when inheriting from IncrementalSweeper in WebCore.
3615 (JSC::Heap::setIncrementalSweeper):
3619 * heap/IncrementalSweeper.cpp:
3620 (JSC::IncrementalSweeper::~IncrementalSweeper):
3622 * heap/IncrementalSweeper.h:
3623 (IncrementalSweeper):
3625 2012-10-01 Matt Lilek <mrl@apple.com>
3627 <rdar://problem/12268376> SWB: WTF/JSC/WebCore/WebKit build fixes to work with clang-424
3629 Merge OpenSource r123239, r123989, and r128234.
3631 Reviewed by Pratik Solanki.
3633 * parser/NodeConstructors.h:
3634 (JSC::ForInNode::ForInNode):
3637 * runtime/PropertyNameArray.h:
3638 (JSC::PropertyNameArray::PropertyNameArray):
3639 (PropertyNameArray):
3641 2012-10-01 Filip Pizlo <fpizlo@apple.com>
3643 Merge OpenSource WebKit r130102.
3645 2012-10-01 Filip Pizlo <fpizlo@apple.com>
3647 Address a FIXME in JSArray::sort
3648 https://bugs.webkit.org/show_bug.cgi?id=98080
3649 <rdar://problem/12407844>
3651 Reviewed by Oliver Hunt.
3653 Get rid of fast sorting of sparse maps. I don't know that it's broken but I do know that we don't
3654 have coverage for it. Then also address the FIXME in JSArray::sort regarding side-effecting
3657 * runtime/ArrayPrototype.cpp:
3658 (JSC::arrayProtoFuncSort):
3659 * runtime/JSArray.cpp:
3660 (JSC::JSArray::sortNumeric):
3661 (JSC::JSArray::sort):
3662 (JSC::JSArray::compactForSorting):
3663 * runtime/JSArray.h:
3665 * runtime/JSObject.h:
3666 (JSC::JSObject::hasSparseMap):
3669 2012-09-29 Gavin Barraclough <barraclough@apple.com>
3671 <rdar://problem/12402196> YARR JIT should keep stack aligned on ARM64
3673 Reviewed by Filip Pizlo.
3675 This is a better fix for <rdar://problem/12316828>
3677 * assembler/MacroAssemblerARM64.h:
3678 (MacroAssemblerARM64):
3679 (JSC::MacroAssemblerARM64::loadPtr):
3680 (JSC::MacroAssemblerARM64::loadPtrWithAddressOffsetPatch):
3681 (JSC::MacroAssemblerARM64::load32):
3682 (JSC::MacroAssemblerARM64::load32WithAddressOffsetPatch):
3683 (JSC::MacroAssemblerARM64::load16):
3684 (JSC::MacroAssemblerARM64::load8):
3685 (JSC::MacroAssemblerARM64::storePtr):
3686 (JSC::MacroAssemblerARM64::storePtrWithAddressOffsetPatch):
3687 (JSC::MacroAssemblerARM64::store32):
3688 (JSC::MacroAssemblerARM64::store32WithAddressOffsetPatch):
3689 (JSC::MacroAssemblerARM64::store16):
3690 (JSC::MacroAssemblerARM64::store8):
3691 (JSC::MacroAssemblerARM64::loadDouble):
3692 (JSC::MacroAssemblerARM64::loadFloat):
3693 (JSC::MacroAssemblerARM64::storeDouble):
3694 (JSC::MacroAssemblerARM64::storeFloat):
3695 (JSC::MacroAssemblerARM64::branchTest8):
3696 - Revert these changes, they were just working around the stack alignment issue.
3698 (JSC::Yarr::YarrGenerator::alignCallFrameSizeInBytes):
3699 (JSC::Yarr::YarrGenerator::initCallFrame):
3700 (JSC::Yarr::YarrGenerator::removeCallFrame):
3701 - Add code to keep the stack aligned.
3703 2012-09-29 Gavin Barraclough <barraclough@apple.com>
3705 <rdar://problem/12402175> DFG JIT on ARM64 accidentally disabled
3707 Reviewed by Filip Pizlo.
3711 - Added nonArgGPRs for ARM64.
3713 2012-09-28 Gavin Barraclough <barraclough@apple.com>
3715 <rdar://problem/12316828> Safari crashes in JSC::RegExpObject::match when going to www.apple.com on N51
3717 Reviewed by Oliver Hunt.
3719 Bizarre - something seems to have changed, causing base/index addresses with a base of sp to start failing.
3720 Will follow up with the architecture teams, for now, make sure we don't do that.
3722 * assembler/MacroAssemblerARM64.h:
3723 (MacroAssemblerARM64):
3724 (JSC::MacroAssemblerARM64::load):
3725 (JSC::MacroAssemblerARM64::loadh):
3726 (JSC::MacroAssemblerARM64::loadb):
3727 (JSC::MacroAssemblerARM64::store):
3728 (JSC::MacroAssemblerARM64::storeh):
3729 (JSC::MacroAssemblerARM64::storeb):
3730 - Added wrappers to base/index memory accesses, where the base is sp turn into an add.
3731 (JSC::MacroAssemblerARM64::loadPtr):
3732 (JSC::MacroAssemblerARM64::loadPtrWithAddressOffsetPatch):
3733 (JSC::MacroAssemblerARM64::load32):
3734 (JSC::MacroAssemblerARM64::load32WithAddressOffsetPatch):
3735 (JSC::MacroAssemblerARM64::load16):
3736 (JSC::MacroAssemblerARM64::load8):
3737 (JSC::MacroAssemblerARM64::storePtr):
3738 (JSC::MacroAssemblerARM64::storePtrWithAddressOffsetPatch):
3739 (JSC::MacroAssemblerARM64::store32):
3740 (JSC::MacroAssemblerARM64::store32WithAddressOffsetPatch):
3741 (JSC::MacroAssemblerARM64::store16):
3742 (JSC::MacroAssemblerARM64::store8):
3743 (JSC::MacroAssemblerARM64::loadDouble):
3744 (JSC::MacroAssemblerARM64::loadFloat):
3745 (JSC::MacroAssemblerARM64::storeDouble):
3746 (JSC::MacroAssemblerARM64::storeFloat):
3747 (JSC::MacroAssemblerARM64::branchTest8):
3748 - Changed to use new wrappers.
3750 2012-09-25 Filip Pizlo <fpizlo@apple.com>
3752 Merge Open Source WebKit r129577.
3754 2012-09-25 Filip Pizlo <fpizlo@apple.com>
3756 We shouldn't use the optimized versions of shift/unshift if the user is doing crazy things to the array
3757 https://bugs.webkit.org/show_bug.cgi?id=97603
3758 <rdar://problem/12370864>
3760 Reviewed by Gavin Barraclough.
3762 You changed the length behind our backs? No optimizations for you then!
3764 * runtime/ArrayPrototype.cpp:
3767 * runtime/JSArray.cpp:
3768 (JSC::JSArray::shiftCount):
3770 2012-09-19 Pratik Solanki <psolanki@apple.com>
3772 <rdar://problem/12329156> REGRESSION (Merge1): 56 jscore test failures after merge
3774 Reviewed by Ian Henderson.
3776 Make sure shouldInterruptScriptBeforeTimeout is the last field in the struct since we have
3777 initialization code that relies on the order.
3779 * runtime/JSGlobalObject.h:
3780 (GlobalObjectMethodTable):
3782 2012-09-18 Pratik Solanki <psolanki@apple.com>
3784 Part of <rdar://problem/12317875> JavaScriptCore fails to compile for ARM64 after merge to r122402
3786 Reviewed by Filip Pizlo.
3788 r119857 in open source changed SYMBOL_STRING_RELOCATION to LOCAL_REFERENCE. Do the same for
3791 * dfg/DFGOperations.cpp:
3795 2012-09-18 Pratik Solanki <psolanki@apple.com>
3797 <rdar://problem/12317875> JavaScriptCore fails to compile for ARM64 after merge to r122402
3799 Patch by Gavin Barraclough.
3800 Reviewed by Filip Pizlo.
3802 Implement ARM64 routines for assembler functionality added in opensource.
3804 * assembler/ARM64Assembler.h:
3805 (JSC::ARM64Assembler::ARM64Assembler):
3807 (JSC::ARM64Assembler::labelIgnoringWatchpoints):
3808 (JSC::ARM64Assembler::labelForWatchpoint):
3809 (JSC::ARM64Assembler::label):
3810 (JSC::ARM64Assembler::replaceWithJump):
3811 (JSC::ARM64Assembler::maxJumpReplacementSize):
3812 (JSC::ARM64Assembler::replaceWithLoad):
3813 (JSC::ARM64Assembler::replaceWithAddressComputation):
3814 (JSC::ARM64Assembler::disassembleXOrZrOrSp):
3815 (JSC::ARM64Assembler::disassembleAddSubtractImmediate):
3816 (JSC::ARM64Assembler::loadStoreRegisterUnscaledImmediate):
3817 * assembler/MacroAssemblerARM64.h:
3818 (JSC::MacroAssemblerARM64::convertibleLoadPtr):
3819 (MacroAssemblerARM64):
3820 (JSC::MacroAssemblerARM64::load8):
3821 (JSC::MacroAssemblerARM64::branchTest8):
3822 (JSC::MacroAssemblerARM64::replaceWithJump):
3823 (JSC::MacroAssemblerARM64::maxJumpReplacementSize):
3825 2012-09-14 Gavin Barraclough <barraclough@apple.com>
3827 <rdar://problem/12304546> DFG JIT for ARM64
3829 Reviewed by Filip Pizlo.
3831 * dfg/DFGAssemblyHelpers.h:
3833 (JSC::DFG::AssemblyHelpers::debugCall):
3834 - Calling conventions match a mix of ARMv7 & X86_64.
3835 * dfg/DFGCCallHelpers.h:
3837 - Calling conventions match a mix of ARMv7 & X86_64.
3839 (JSC::DFG::FPRInfo::debugName):
3842 (JSC::DFG::FPRInfo::toRegister):
3843 (JSC::DFG::FPRInfo::toIndex):
3844 - Add ARM64 register assignments.
3846 (JSC::DFG::GPRInfo::debugName):
3849 (JSC::DFG::GPRInfo::toRegister):
3850 (JSC::DFG::GPRInfo::toIndex):
3851 - Add ARM64 register assignments.
3852 * dfg/DFGOperations.cpp:
3853 - Added asm function wrappers.
3854 * dfg/DFGOperations.h:
3855 - DFGHandler implementation should be related to JSVALUE64, not X86_64.
3856 * dfg/DFGSpeculativeJIT64.cpp:
3857 (JSC::DFG::SpeculativeJIT::compile):
3858 - compileIntegerArithDivForX86 only exists on X86[_64].
3860 2012-09-14 Gavin Barraclough <barraclough@apple.com>
3862 <rdar://problem/12304570> Fix ARM64 assembler for DFG JIT
3864 Reviewed by Filip Pizlo.
3866 * assembler/ARM64Assembler.h:
3867 - Updated a comment to correctly document ABI.
3868 * assembler/MacroAssemblerARM64.h:
3869 (JSC::MacroAssemblerARM64::add32):
3870 (JSC::MacroAssemblerARM64::addPtr):
3871 (JSC::MacroAssemblerARM64::sub32):
3872 - Updated to match other memory ops, use memoryTempRegister for the memory
3873 operand rather than dataTempRegister.
3874 (JSC::MacroAssemblerARM64::supportsFloatingPoint):
3875 (JSC::MacroAssemblerARM64::supportsFloatingPointTruncate):
3876 (JSC::MacroAssemblerARM64::supportsFloatingPointSqrt):
3877 (JSC::MacroAssemblerARM64::supportsFloatingPointAbs):
3878 - Floating point supported is already complete, and appears to work!
3879 (JSC::MacroAssemblerARM64::branchAdd32):
3880 (JSC::MacroAssemblerARM64::branchNeg32):
3881 - Added - required fir DFG JIT.
3883 2012-09-13 Filip Pizlo <fpizlo@apple.com>
3885 <rdar://problem/12281506> LLInt for 64-bit ARM
3887 Reviewed by Gavin Barraclough.
3889 Adds an ARM64 backend to the offlineasm, and makes slight modifications to the LLInt
3890 so that it understands the nuances of ARM64 ABI.
3892 The backend is designed to share as much code as possible with ARMv7. Both backends
3893 use the same lowering microphases, which are designed for flexibility rather than
3894 speed (the LLInt is, afterall, fairly small, so offlineasm performance is currently
3897 Also made a couple slight changes elsehwere: getHostCallReturnValue, which is shared
3898 with the DFG, has been updated to support ARM64, and the bytecode generator now
3899 emits loop hints even with DFG disabled since it is actually shared between
3900 LLInt->JIT OSR and JIT->DFG OSR.
3902 * bytecompiler/BytecodeGenerator.cpp:
3903 (JSC::BytecodeGenerator::emitLoopHint):
3904 * dfg/DFGOperations.cpp:
3906 * llint/LLIntOfflineAsmConfig.h:
3907 * llint/LLIntSlowPaths.cpp:
3908 (JSC::LLInt::handleHostCall):
3909 * llint/LowLevelInterpreter.asm:
3910 * llint/LowLevelInterpreter64.asm:
3911 * offlineasm/arm64.rb: Added.
3912 * offlineasm/armv7.rb:
3913 * offlineasm/backends.rb:
3914 * offlineasm/risc.rb:
3915 * offlineasm/risc_arm64.rb: Added.
3916 * offlineasm/transform.rb:
3917 * offlineasm/x86.rb:
3919 2012-09-11 Gavin Barraclough <barraclough@apple.com>
3921 <rdar://problem/12248207> 11A165: safari crashing in JIT code when loading www.apple.com on N51
3923 Reviewed by Oliver Hunt.
3925 The JIT trampolines shouldn't fall through from one block of global code to another, in case the
3926 linker reorders them.
3929 - Copy ctiOpThrowNotCaught into the tail of ctiTrampoline, to avoid thefallthrough.
3931 2012-09-10 Filip Pizlo <fpizlo@apple.com>
3933 Towards <rdar://problem/10293804>: Merged ToT WebKit r128100
3935 2012-09-10 Filip Pizlo <fpizlo@apple.com>
3937 offlineasm has some impossible to implement, and unused, instructions
3938 https://bugs.webkit.org/show_bug.cgi?id=96310
3940 Reviewed by Mark Hahnenberg.
3942 * offlineasm/armv7.rb:
3943 * offlineasm/instructions.rb:
3944 * offlineasm/risc.rb:
3945 * offlineasm/x86.rb:
3947 2012-09-05 Filip Pizlo <fpizlo@apple.com>
3949 Towards <rdar://problem/10293804>: offlineasm RISC support should not be
3950 conflating 'p' (pointer) and 'i' (int32).
3952 Reviewed by Gavin Barraclough.
3954 Though this would have been safe on ARMv7, it's not safe on ARM64.
3956 * offlineasm/armv7.rb:
3957 * offlineasm/instructions.rb:
3958 * offlineasm/risc.rb:
3960 2012-09-05 Filip Pizlo <fpizlo@apple.com>
3962 Towards <rdar://problem/10293804>: refactor offlineasm to support a common
3963 infrastructure for RISC targets.
3965 Reviewed by Geoffrey Garen.
3967 This will allow roughly 1/2 of the ARM backend code to be shared between
3970 * offlineasm/armv7.rb:
3971 * offlineasm/instructions.rb:
3972 * offlineasm/risc.rb: Added.
3974 2012-08-29 Simon Fraser <simon.fraser@apple.com>
3976 Prerequisite for <rdar://problem/11507731> Support sticky layouts
3978 Merged ToT WebKit r123379.
3980 2012-07-23 Simon Fraser <simon.fraser@apple.com>
3982 Part 2 of: Implement sticky positioning
3983 https://bugs.webkit.org/show_bug.cgi?id=90046
3985 Reviewed by Ojan Vafai.
3987 Turn on ENABLE_CSS_STICKY_POSITION.
3989 * Configurations/FeatureDefines.xcconfig:
3991 2012-08-29 Simon Fraser <simon.fraser@apple.com>
3993 Prerequisite for <rdar://problem/11507731> Support sticky layouts
3995 Merged ToT WebKit r123350.
3997 2012-07-23 Simon Fraser <simon.fraser@apple.com>
3999 Part 1 of: Implement sticky positioning
4000 https://bugs.webkit.org/show_bug.cgi?id=90046
4002 Reviewed by Ojan Vafai.
4004 Add ENABLE_CSS_STICKY_POSITION, defaulting to off initially.
4006 Sort the ENABLE_CSS lines in the file. Make sure all the flags
4007 are in FEATURE_DEFINES.
4009 * Configurations/FeatureDefines.xcconfig:
4011 2012-08-30 Matt Lilek <mrl@apple.com>
4013 <rdar://problem/11960197> SWB: JavaScriptCore-1096 fails to build in Innsbruck with clang-422.2.3: -Wmismatched-tags
4015 Merge OpenSource r119429, r121986, r126475, r126476, r126481, r126511, and r126515.
4017 Not reviewed, build fixes.
4021 * heap/MachineStackMarker.cpp:
4022 (JSC::MachineThreads::MachineThreads):
4023 * heap/MachineStackMarker.h:
4025 * jit/JITStubCall.h:
4026 (JSC::JITStubCall::JITStubCall):
4028 * jit/SpecializedThunkJIT.h:
4029 (JSC::SpecializedThunkJIT::SpecializedThunkJIT):
4030 * jit/ThunkGenerators.cpp:
4031 (JSC::charCodeAtThunkGenerator):
4032 (JSC::charAtThunkGenerator):
4033 (JSC::fromCharCodeThunkGenerator):
4034 (JSC::sqrtThunkGenerator):
4035 (JSC::floorThunkGenerator):
4036 (JSC::ceilThunkGenerator):
4037 (JSC::roundThunkGenerator):
4038 (JSC::expThunkGenerator):
4039 (JSC::logThunkGenerator):
4040 (JSC::absThunkGenerator):
4041 (JSC::powThunkGenerator):
4042 * parser/ASTBuilder.h:
4043 (JSC::ASTBuilder::createAssignResolve):
4044 (JSC::ASTBuilder::createForLoop):
4045 (JSC::ASTBuilder::createForInLoop):
4046 (JSC::ASTBuilder::makeAssignNode):
4047 (JSC::ASTBuilder::makePrefixNode):
4048 (JSC::ASTBuilder::makePostfixNode):
4049 * parser/NodeConstructors.h:
4050 (JSC::PostfixErrorNode::PostfixErrorNode):
4051 (JSC::PrefixErrorNode::PrefixErrorNode):
4052 (JSC::AssignResolveNode::AssignResolveNode):
4053 (JSC::AssignErrorNode::AssignErrorNode):
4054 (JSC::ForNode::ForNode):
4055 (JSC::ForInNode::ForInNode):
4057 (FunctionCallResolveNode):
4060 (ReadModifyResolveNode):
4061 (AssignResolveNode):
4065 * parser/Parser.cpp:
4066 (JSC::::parseVarDeclarationList):
4067 (JSC::::parseForStatement):
4068 * parser/SyntaxChecker.h:
4069 (JSC::SyntaxChecker::createAssignResolve):
4070 (JSC::SyntaxChecker::createForLoop):
4072 2012-08-29 Gavin Barraclough <barraclough@apple.com>
4074 <rdar://problem/10293804> TLF: Nitro for 64-bit ARM
4076 Reviewed by Filip Pizlo.
4078 Implement baseline JIT for arm64.
4080 * jit/JITArithmetic.cpp:
4081 (JSC::JIT::emitSlow_op_mod):
4082 - Build fix - mark this function as NO_RETURN_DUE_TO_ASSERT.
4083 * jit/JITInlineMethods.h:
4084 (JSC::JIT::restoreArgumentReferenceForTrampoline):
4085 - Same implementation as armv7.
4086 * jit/JITOpcodes.cpp:
4087 (JSC::JIT::privateCompileCTINativeCall):
4088 - Implement native call argument setup for arm64.
4090 (JSC::JITThunks::JITThunks):
4091 - Implement asm JIT entry trampolines, stub wrapper.
4094 (JSC::JITStackFrame::returnAddressSlot):
4095 - arm64 stack frame.
4096 * jit/JSInterfaceJIT.h:
4098 - Added baseline JIT's static register mapping for arm64.
4100 2012-08-29 Gavin Barraclough <barraclough@apple.com>
4102 <rdar://problem/10293804> TLF: Nitro for 64-bit ARM
4104 Merge opensource r127066.
4106 2012-08-29 Gavin Barraclough <barraclough@apple.com>
4108 PutById uses DataLabel32, not DataLabelCompact
4109 https://bugs.webkit.org/show_bug.cgi?id=95245
4111 Reviewed by Geoff Garen.
4113 JIT::resetPatchPutById calls the the wrong thing on x86-64 – this is moot right now,
4114 since they currently both do the same thing, but if we were to ever make compact mean
4115 8-bit this could be a real problem. Also, relying on the object still being in eax
4116 on entry to the transition stub isn't very robust - added nonArgGPR1 to at least make
4119 * jit/JITPropertyAccess.cpp:
4120 (JSC::JIT::emitSlow_op_put_by_id):
4121 - copy regT0 to nonArgGPR1
4122 (JSC::JIT::privateCompilePutByIdTransition):
4123 - DataLabelCompact -> DataLabel32
4124 (JSC::JIT::resetPatchPutById):
4125 - reload regT0 from nonArgGPR1
4126 * jit/JSInterfaceJIT.h:
4130 2012-08-28 Gavin Barraclough <barraclough@apple.com>
4132 <rdar://problem/10293804> TLF: Nitro for 64-bit ARM
4134 Reviewed by Filip Pizlo.
4136 MacroAssemblerARM64 fixes.
4138 * assembler/MacroAssemblerARM64.h:
4139 (JSC::MacroAssemblerARM64::addPtr):
4140 - imm should be treated as signed.
4141 (JSC::MacroAssemblerARM64::addDouble):
4142 (JSC::MacroAssemblerARM64::divDouble):
4143 (JSC::MacroAssemblerARM64::mulDouble):
4144 (JSC::MacroAssemblerARM64::and32):
4145 (JSC::MacroAssemblerARM64::or32):
4146 (JSC::MacroAssemblerARM64::orPtr):
4147 (JSC::MacroAssemblerARM64::xor32):
4148 - 2-op form (src,dest) is equivalent to 3-op (dest,src,dest), not (src,dest,dest)
4149 (these are equivalent for comutative operations, but divide was producing the
4151 (JSC::MacroAssemblerARM64::xorPtr):
4152 - As above, and renamed from xor64 (oops!)
4153 (JSC::MacroAssemblerARM64::loadPtrWithCompactAddressOffsetPatch):
4154 (JSC::MacroAssemblerARM64::load32WithCompactAddressOffsetPatch):
4155 - don't ignore address.offset.
4156 (JSC::MacroAssemblerARM64::branch32):
4157 (JSC::MacroAssemblerARM64::branchPtr):
4158 (JSC::MacroAssemblerARM64::branch8):
4159 (JSC::MacroAssemblerARM64::branchTest32):
4160 (JSC::MacroAssemblerARM64::branchTestPtr):
4161 (JSC::MacroAssemblerARM64::branchMul32):
4162 - for branches comparing to memory, use memoryTempRegister for the memory address
4163 AND operand value, use dataTempRegister only for immediate operands.
4164 (JSC::MacroAssemblerARM64::comparePtr):
4165 - This was accidentally the load.
4166 (JSC::MacroAssemblerARM64::compare8):
4167 - Added missing compare.
4168 (JSC::MacroAssemblerARM64::testPtr):
4169 - Added missing test.
4170 (JSC::MacroAssemblerARM64::breakpoint):
4171 - This now works (fastsim was catching the brks).
4172 (JSC::MacroAssemblerARM64::readCallTarget):
4175 2012-08-28 Gavin Barraclough <barraclough@apple.com>
4177 <rdar://problem/10293804> TLF: Nitro for 64-bit ARM
4179 Reviewed by Filip Pizlo.
4181 Fix trivial bugs in encodeShiftAmount/encodePositiveImmediate/sxtw/uxtw/linkJumpOrCall,
4182 detailed descriptions below.
4184 Add some missing relink/repatch functionality.
4186 * assembler/ARM64Assembler.h:
4187 (JSC::ARM64Assembler::encodeShiftAmount):
4188 (JSC::ARM64Assembler::encodePositiveImmediate):
4189 - Return type should not be bool - results being saturated to 1-bit!
4190 (JSC::ARM64Assembler::sxtw):
4191 (JSC::ARM64Assembler::uxtw):
4192 - template argument to mnemonic should be 64, no DataSize_64.
4193 (JSC::ARM64Assembler::linkPointer):
4194 (JSC::ARM64Assembler::repatchPointer):
4195 (JSC::ARM64Assembler::repatchInt32):
4196 (JSC::ARM64Assembler::readPointer):
4197 (JSC::ARM64Assembler::readCallTarget):
4198 (JSC::ARM64Assembler::relinkJump):
4199 (JSC::ARM64Assembler::relinkCall):
4200 (JSC::ARM64Assembler::repatchCompact):
4201 - Added missing relink/repatch functionality.
4202 (JSC::ARM64Assembler::linkJumpOrCall):
4203 - linkJumpOrCall is ignoring 'link'; always producing a jump.
4204 (JSC::ARM64Assembler::checkMovk):
4205 (JSC::ARM64Assembler::disassembleLoadStoreRegisterUnsignedImmediate):
4206 - Internal helper functions, used by relink/repatch methods.
4208 2012-08-22 David Kilzer <ddkilzer@apple.com>
4210 <rdar://problem/12130658> JavaScriptCore should not use PLATFORM(IOS) for private headers that might be used externally
4212 Reviewed by Gavin Barraclough.
4214 * JavaScriptCore.xcodeproj/project.pbxproj: Add "Scrub Installed
4215 Headers" build phase script that only scrubs APIShims.h and
4216 JSBasePrivate.h, since neither of those were using any WTF
4217 macros prior to the fix for <rdar://problem/12129375> in
4218 puzzlebox svn r1146513.
4219 * scrub-ifdefs.pl: Added. Copied from
4220 Source/WebKit/mac/scrub-ifdefs.pl.
4222 2012-08-20 David Kilzer <ddkilzer@apple.com>
4224 <rdar://problem/12138735> Innsbruck: JavaScript GC threads leak mach ports, which can cause kernel memory exhaustion when repeatedly allocating and deallocating virtual machines
4226 Merge iOS r1146731 from Sundance branch to trunk.
4228 2012-08-20 Mark Hahnenberg <mhahnenberg@apple.com>
4230 <rdar://problem/12126411> JavaScript GC threads leak mach ports, which can cause kernel memory exhaustion when repeatedly allocating and deallocating virtual machines
4232 Reviewed by Gavin Barraclough.
4234 Used the SPI from <rdar://problem/12118189> to also disable the block freeing thread
4235 and to instead eagerly free blocks upon deallocation.
4237 * debugger/Debugger.cpp:
4238 * heap/BlockAllocator.cpp:
4239 (JSC::BlockAllocator::BlockAllocator):
4240 (JSC::BlockAllocator::~BlockAllocator):
4241 * heap/BlockAllocator.h:
4242 (JSC::BlockAllocator::deallocate):
4244 2012-08-18 David Kilzer <ddkilzer@apple.com>
4246 <rdar://problem/12129375> Innsbruck: Add SPI to disable allocation of GC timers (Heap timers leak CFRunLoops and CFRunLoopTimers, which can cause port exhaustion when repeatedly allocating and deallocating virtual machines)
4248 Merge iOS r1146509 from Sundance branch to trunk.
4250 * API/tests/testapi.c: Include config.h.
4252 2012-08-18 Mark Hahnenberg <mhahnenberg@apple.com>
4254 <rdar://problem/12118189> Heap timers leak CFRunLoops and CFRunLoopTimers, which can cause port exhaustion when repeatedly allocating and deallocating virtual machines
4256 Reviewed by Gavin Barraclough.
4258 Added SPI to allow AppleTV to disable allocation of GC timers, thereby reducing the number of
4262 (JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock):
4265 * API/JSBasePrivate.h:
4267 (JSC::Heap::didAbandon):
4268 (JSC::Heap::collect):
4269 (JSC::Heap::didAllocate):
4270 * runtime/GCActivityCallback.h:
4271 (GCActivityCallback):
4272 (JSC::DefaultGCActivityCallback::create):
4273 * runtime/GCActivityCallbackCF.cpp:
4275 * runtime/JSGlobalData.cpp:
4276 (JSC::enableAssembler):
4277 (JSC::JSGlobalData::~JSGlobalData):
4279 2012-08-15 Mark Hahnenberg <mhahnenberg@apple.com>
4281 Merge open source r121607
4283 2012-06-29 Mark Hahnenberg <mhahnenberg@apple.com>
4285 Remove warning about protected values when the Heap is being destroyed
4286 https://bugs.webkit.org/show_bug.cgi?id=90302
4288 Reviewed by Geoffrey Garen.
4290 Having to do book-keeping about whether values allocated from a certain
4291 VM are or are not protected makes the JSC API much more difficult to use
4292 correctly. Clients should be able to throw an entire VM away and not have
4293 to worry about unprotecting all of the values that they protected earlier.
4296 (JSC::Heap::lastChanceToFinalize):
4298 2012-07-25 Filip Pizlo <fpizlo@apple.com>
4300 <rdar://problem/11952210> REGRESSION (r114511): Some Google Docs spreadsheets cannot be scrolled and go blank when switching sheets
4302 Reviewed by Gavin Barraclough.
4304 * dfg/DFGByteCodeParser.cpp:
4305 (JSC::DFG::ByteCodeParser::parseBlock):
4307 2012-07-12 Benjamin Poulain <bpoulain@apple.com>
4309 <rdar://problem/11766228> Disable CSS3 Flexbox for Sundance
4311 * Configurations/FeatureDefines.xcconfig:
4313 2012-07-11 Filip Pizlo <fpizlo@apple.com>
4315 <rdar://problem/11854646> LLInt shouldn't rely on ordering of symbols
4317 Reviewed by Sam Weinig.
4319 The bug was caused by our "optimization" to have looping bytecodes drop
4320 down to jumping bytecodes. This optimization is wrong because the global
4321 LLInt labels may be moved around by the compiler (see Cameron's comment
4322 in the linked-to bug).
4324 With this change, the LLInt code no longer relies on the ordering of
4325 global labels. We still rely on ordering of local labels; but that's
4326 just a matter of basic compiler sanity - without it many other things
4329 * llint/LowLevelInterpreter.asm:
4330 * llint/LowLevelInterpreter32_64.asm:
4332 2012-07-11 Benjamin Poulain <bpoulain@apple.com>
4334 <rdar://problem/11850045> Simplify the copying of JSC ARMv7's LinkRecord (90930)
4335 Merge WebKit OpenSource r122347.
4337 2012-07-11 Benjamin Poulain <bpoulain@apple.com>
4339 Simplify the copying of JSC ARMv7's LinkRecord
4340 https://bugs.webkit.org/show_bug.cgi?id=90930
4342 Reviewed by Filip Pizlo.
4344 The class LinkRecord is used by value everywhere in ARMv7Assembler. The compiler uses
4345 memmove() to move the objects.
4347 The problem is memmove() is overkill for this object, moving the value can be done with
4348 3 load-store. This patch adds an operator= to the class doing more efficient copying.
4349 This reduces the link time by 19%.
4351 * assembler/ARMv7Assembler.h:
4352 (JSC::ARMv7Assembler::LinkRecord::LinkRecord):
4353 (JSC::ARMv7Assembler::LinkRecord::operator=):
4354 (JSC::ARMv7Assembler::LinkRecord::from):
4355 (JSC::ARMv7Assembler::LinkRecord::setFrom):
4356 (JSC::ARMv7Assembler::LinkRecord::to):
4357 (JSC::ARMv7Assembler::LinkRecord::type):
4358 (JSC::ARMv7Assembler::LinkRecord::linkType):
4359 (JSC::ARMv7Assembler::LinkRecord::setLinkType):
4360 (JSC::ARMv7Assembler::LinkRecord::condition):
4362 2012-07-10 Gavin Barraclough <barraclough@apple.com>
4364 <rdar://problem/11844717> javascript logging "scheduled GC timer for n seconds" while running scripter
4366 Reviewed by Oliver Hunt.
4368 * runtime/GCActivityCallbackCF.cpp:
4369 (JSC::scheduleTimer):
4370 - remove accidentally landed dataLog
4372 2012-07-07 Mark Hahnenberg <mhahnenberg@apple.com>
4374 <rdar://problem/11231897> NFX: Entering Netflix while a match song is playing caused an AppleTV crash
4378 2012-06-25 Mark Hahnenberg <mhahnenberg@apple.com>
4380 JSLock should be per-JSGlobalData
4381 https://bugs.webkit.org/show_bug.cgi?id=89123
4383 Reviewed by Geoffrey Garen.
4386 (APIEntryShimWithoutLock):
4387 (JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock): Added an extra parameter to the constructor to
4388 determine whether we should ref the JSGlobalData or not. We want to ref all the time except for in the
4389 HeapTimer class because timerDidFire could run after somebody has started to tear down that particular
4390 JSGlobalData, so we wouldn't want to resurrect the ref count of that JSGlobalData from 0 back to 1 after
4391 its destruction has begun.
4392 (JSC::APIEntryShimWithoutLock::~APIEntryShimWithoutLock):
4393 (JSC::APIEntryShim::APIEntryShim):
4395 (JSC::APIEntryShim::~APIEntryShim):
4396 (JSC::APIEntryShim::init): Factored out common initialization code for the various APIEntryShim constructors.
4397 Also moved the timeoutChecker stop and start here because we need to start after we've grabbed the API lock
4398 and before we've released it, which can only done in APIEntryShim.
4399 (JSC::APICallbackShim::~APICallbackShim): We no longer need to synchronize here.
4400 * API/JSContextRef.cpp:
4401 (JSGlobalContextCreate):
4402 (JSGlobalContextCreateInGroup):
4403 (JSGlobalContextRelease):
4404 (JSContextCreateBacktrace):
4405 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
4406 * heap/CopiedSpace.cpp:
4407 (JSC::CopiedSpace::tryAllocateSlowCase):
4409 (JSC::Heap::protect):
4410 (JSC::Heap::unprotect):
4411 (JSC::Heap::collect):
4412 (JSC::Heap::setActivityCallback):
4413 (JSC::Heap::activityCallback):
4414 (JSC::Heap::sweeper):
4415 * heap/Heap.h: Changed m_activityCallback and m_sweeper to be raw pointers rather than OwnPtrs because they
4416 are now responsible for their own lifetime. Also changed the order of declaration of the GCActivityCallback
4417 and the IncrementalSweeper to make sure they're the last things that get initialized during construction to
4418 prevent any issues with uninitialized memory in the JSGlobalData/Heap they might care about.
4420 * heap/HeapTimer.cpp: Refactored to allow for thread-safe operation and shutdown.
4421 (JSC::HeapTimer::~HeapTimer):
4422 (JSC::HeapTimer::invalidate):
4424 (JSC::HeapTimer::didStartVMShutdown): Called at the beginning of ~JSGlobalData. If we're on the same thread
4425 that the HeapTimer is running on, we kill the HeapTimer ourselves. If not, then we set some state in the
4426 HeapTimer and schedule it to fire immediately so that it can notice and kill itself.
4427 (JSC::HeapTimer::timerDidFire): We grab our mutex and check our JSGlobalData pointer. If it has been zero-ed
4428 out, then we know the VM has started to shutdown and we should kill ourselves. Otherwise, grab the APIEntryShim,
4429 but without ref-ing the JSGlobalData (we don't want to bring the JSGlobalData's ref-count from 0 to 1) in case
4430 we were interrupted between releasing our mutex and trying to grab the APILock.
4433 * heap/IncrementalSweeper.cpp:
4434 (JSC::IncrementalSweeper::doWork): We no longer need the API shim here since HeapTimer::timerDidFire handles
4436 (JSC::IncrementalSweeper::create):
4437 * heap/IncrementalSweeper.h:
4438 (IncrementalSweeper):
4439 * heap/MarkedAllocator.cpp:
4440 (JSC::MarkedAllocator::allocateSlowCase):
4441 * heap/WeakBlock.cpp:
4442 (JSC::WeakBlock::reap):
4445 (functionReleaseExecutableMemory):
4447 * runtime/Completion.cpp:
4450 * runtime/GCActivityCallback.h:
4451 (DefaultGCActivityCallback):
4452 (JSC::DefaultGCActivityCallback::create):
4453 * runtime/JSGlobalData.cpp:
4454 (JSC::JSGlobalData::JSGlobalData):
4455 (JSC::JSGlobalData::~JSGlobalData): Signals to the two HeapTimers (GCActivityCallback and IncrementalSweeper)
4456 that the VM has started shutting down. It then waits until the HeapTimer is done with whatever activity
4457 it needs to do before continuing with any further destruction. Also asserts that we do not currently hold the
4458 APILock because this could potentially cause deadlock when we try to signal to the HeapTimers using their mutexes.
4459 (JSC::JSGlobalData::sharedInstance): Protect the initialization for the shared instance with the GlobalJSLock.
4460 (JSC::JSGlobalData::sharedInstanceInternal):
4461 * runtime/JSGlobalData.h: Change to be ThreadSafeRefCounted so that we don't have to worry about refing and
4462 de-refing JSGlobalDatas on separate threads since we don't do it that often anyways.
4464 (JSC::JSGlobalData::apiLock):
4465 * runtime/JSGlobalObject.cpp:
4466 (JSC::JSGlobalObject::~JSGlobalObject):
4467 (JSC::JSGlobalObject::init):
4468 * runtime/JSLock.cpp:
4470 (JSC::GlobalJSLock::GlobalJSLock): For accessing the shared instance.
4471 (JSC::GlobalJSLock::~GlobalJSLock):
4472 (JSC::JSLockHolder::JSLockHolder): MutexLocker for JSLock. Also refs the JSGlobalData to keep it alive so that
4473 it can successfully unlock it later without it disappearing from underneath it.
4474 (JSC::JSLockHolder::~JSLockHolder):
4475 (JSC::JSLock::JSLock):
4476 (JSC::JSLock::~JSLock):
4477 (JSC::JSLock::lock): Uses the spin lock for guarding the lock count and owner thread fields. Uses the mutex for
4478 actually waiting for long periods.
4479 (JSC::JSLock::unlock):
4480 (JSC::JSLock::currentThreadIsHoldingLock):
4481 (JSC::JSLock::dropAllLocks):
4482 (JSC::JSLock::dropAllLocksUnconditionally):
4483 (JSC::JSLock::grabAllLocks):
4484 (JSC::JSLock::DropAllLocks::DropAllLocks):
4485 (JSC::JSLock::DropAllLocks::~DropAllLocks):
4492 * runtime/WeakGCMap.h:
4493 (JSC::WeakGCMap::set):
4497 2012-07-05 Mark Hahnenberg <mhahnenberg@apple.com>
4501 Caused a variety of issues, including deadlocks and animation performance degradation.
4503 2012-07-03 Mark Hahnenberg <mhahnenberg@apple.com>
4505 <rdar://problem/11231897> NFX: Entering Netflix while a match song is playing caused an AppleTV crash
4509 2012-06-25 Mark Hahnenberg <mhahnenberg@apple.com>
4511 JSLock should be per-JSGlobalData
4512 https://bugs.webkit.org/show_bug.cgi?id=89123
4514 Reviewed by Geoffrey Garen.
4517 (APIEntryShimWithoutLock):
4518 (JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock): Added an extra parameter to the constructor to
4519 determine whether we should ref the JSGlobalData or not. We want to ref all the time except for in the
4520 HeapTimer class because timerDidFire could run after somebody has started to tear down that particular
4521 JSGlobalData, so we wouldn't want to resurrect the ref count of that JSGlobalData from 0 back to 1 after
4522 its destruction has begun.
4523 (JSC::APIEntryShimWithoutLock::~APIEntryShimWithoutLock):
4524 (JSC::APIEntryShim::APIEntryShim):
4526 (JSC::APIEntryShim::~APIEntryShim):
4527 (JSC::APIEntryShim::init): Factored out common initialization code for the various APIEntryShim constructors.
4528 Also moved the timeoutChecker stop and start here because we need to start after we've grabbed the API lock
4529 and before we've released it, which can only done in APIEntryShim.
4530 (JSC::APICallbackShim::~APICallbackShim): We no longer need to synchronize here.
4531 * API/JSContextRef.cpp:
4532 (JSGlobalContextCreate):
4533 (JSGlobalContextCreateInGroup):
4534 (JSGlobalContextRelease):
4535 (JSContextCreateBacktrace):
4536 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
4537 * heap/CopiedSpace.cpp:
4538 (JSC::CopiedSpace::tryAllocateSlowCase):
4540 (JSC::Heap::protect):
4541 (JSC::Heap::unprotect):
4542 (JSC::Heap::collect):
4543 (JSC::Heap::setActivityCallback):
4544 (JSC::Heap::activityCallback):
4545 (JSC::Heap::sweeper):
4546 * heap/Heap.h: Changed m_activityCallback and m_sweeper to be raw pointers rather than OwnPtrs because they
4547 are now responsible for their own lifetime. Also changed the order of declaration of the GCActivityCallback
4548 and the IncrementalSweeper to make sure they're the last things that get initialized during construction to
4549 prevent any issues with uninitialized memory in the JSGlobalData/Heap they might care about.
4551 * heap/HeapTimer.cpp: Refactored to allow for thread-safe operation and shutdown.
4552 (JSC::HeapTimer::~HeapTimer):
4553 (JSC::HeapTimer::invalidate):
4555 (JSC::HeapTimer::didStartVMShutdown): Called at the beginning of ~JSGlobalData. If we're on the same thread
4556 that the HeapTimer is running on, we kill the HeapTimer ourselves. If not, then we set some state in the
4557 HeapTimer and schedule it to fire immediately so that it can notice and kill itself.
4558 (JSC::HeapTimer::timerDidFire): We grab our mutex and check our JSGlobalData pointer. If it has been zero-ed
4559 out, then we know the VM has started to shutdown and we should kill ourselves. Otherwise, grab the APIEntryShim,
4560 but without ref-ing the JSGlobalData (we don't want to bring the JSGlobalData's ref-count from 0 to 1) in case
4561 we were interrupted between releasing our mutex and trying to grab the APILock.
4564 * heap/IncrementalSweeper.cpp:
4565 (JSC::IncrementalSweeper::doWork): We no longer need the API shim here since HeapTimer::timerDidFire handles
4567 (JSC::IncrementalSweeper::create):
4568 * heap/IncrementalSweeper.h:
4569 (IncrementalSweeper):
4570 * heap/MarkedAllocator.cpp:
4571 (JSC::MarkedAllocator::allocateSlowCase):
4572 * heap/WeakBlock.cpp:
4573 (JSC::WeakBlock::reap):
4576 (functionReleaseExecutableMemory):
4578 * runtime/Completion.cpp:
4581 * runtime/GCActivityCallback.h:
4582 (DefaultGCActivityCallback):
4583 (JSC::DefaultGCActivityCallback::create):
4584 * runtime/JSGlobalData.cpp:
4585 (JSC::JSGlobalData::JSGlobalData):
4586 (JSC::JSGlobalData::~JSGlobalData): Signals to the two HeapTimers (GCActivityCallback and IncrementalSweeper)
4587 that the VM has started shutting down. It then waits until the HeapTimer is done with whatever activity
4588 it needs to do before continuing with any further destruction. Also asserts that we do not currently hold the
4589 APILock because this could potentially cause deadlock when we try to signal to the HeapTimers using their mutexes.
4590 (JSC::JSGlobalData::sharedInstance): Protect the initialization for the shared instance with the GlobalJSLock.
4591 (JSC::JSGlobalData::sharedInstanceInternal):
4592 * runtime/JSGlobalData.h: Change to be ThreadSafeRefCounted so that we don't have to worry about refing and
4593 de-refing JSGlobalDatas on separate threads since we don't do it that often anyways.
4595 (JSC::JSGlobalData::apiLock):
4596 * runtime/JSGlobalObject.cpp:
4597 (JSC::JSGlobalObject::~JSGlobalObject):
4598 (JSC::JSGlobalObject::init):
4599 * runtime/JSLock.cpp:
4601 (JSC::GlobalJSLock::GlobalJSLock): For accessing the shared instance.
4602 (JSC::GlobalJSLock::~GlobalJSLock):
4603 (JSC::JSLockHolder::JSLockHolder): MutexLocker for JSLock. Also refs the JSGlobalData to keep it alive so that
4604 it can successfully unlock it later without it disappearing from underneath it.
4605 (JSC::JSLockHolder::~JSLockHolder):
4606 (JSC::JSLock::JSLock):
4607 (JSC::JSLock::~JSLock):
4608 (JSC::JSLock::lock): Uses the spin lock for guarding the lock count and owner thread fields. Uses the mutex for
4609 actually waiting for long periods.
4610 (JSC::JSLock::unlock):
4611 (JSC::JSLock::currentThreadIsHoldingLock):
4612 (JSC::JSLock::dropAllLocks):
4613 (JSC::JSLock::dropAllLocksUnconditionally):
4614 (JSC::JSLock::grabAllLocks):
4615 (JSC::JSLock::DropAllLocks::DropAllLocks):
4616 (JSC::JSLock::DropAllLocks::~DropAllLocks):
4623 * runtime/WeakGCMap.h:
4624 (JSC::WeakGCMap::set):
4628 2012-06-28 Oliver Hunt <oliver@apple.com>
4630 <rdar://problem/11699761> REGRESSION: Web thread hangs beneath XHR ready state change handler @ *.blogspot.com (JIT only)
4634 2012-06-28 Oliver Hunt <oliver@apple.com>
4636 32bit DFG incorrectly claims an fpr is fillable even if it has not been proven double
4637 https://bugs.webkit.org/show_bug.cgi?id=90127
4639 Reviewed by Filip Pizlo.
4641 The 32-bit version of fillSpeculateDouble doesn't handle Number->fpr loads
4642 correctly. This patch fixes this by killing the fill info in the GenerationInfo
4643 when the spillFormat doesn't guarantee the value is a double.
4645 * dfg/DFGSpeculativeJIT32_64.cpp:
4646 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
4648 2012-06-27 Benjamin Poulain <bpoulain@apple.com>
4650 Add back CSS Flexbox temporarily
4653 * Configurations/FeatureDefines.xcconfig:
4655 2012-06-06 Mark Rowe <mrowe@apple.com>
4659 2012-05-30 Oliver Hunt <oliver@apple.com>
4661 Really provide error information with the inspector disabled
4662 https://bugs.webkit.org/show_bug.cgi?id=87910
4664 Reviewed by Filip Pizlo.
4666 Don't bother checking for anything other than pre-existing error info.
4667 In the absence of complete line number information you'll only get the
4668 line a function starts on, but at least it's something.
4670 * interpreter/Interpreter.cpp:
4671 (JSC::Interpreter::throwException):
4673 2012-06-06 Mark Rowe <mrowe@apple.com>
4677 2012-05-30 Filip Pizlo <fpizlo@apple.com>
4679 LLInt broken on x86-32 with JIT turned off
4680 https://bugs.webkit.org/show_bug.cgi?id=87906
4682 Reviewed by Geoffrey Garen.
4684 Fixed the code to not clobber registers that contain important things, like the call frame.
4686 * llint/LowLevelInterpreter32_64.asm:
4688 2012-05-31 Tim Horton <timothy_horton@apple.com>
4690 Add feature defines for web-facing parts of CSS Regions and Exclusions
4691 https://bugs.webkit.org/show_bug.cgi?id=87442
4692 <rdar://problem/10887709>
4694 Reviewed by Dan Bernstein.
4696 * Configurations/FeatureDefines.xcconfig:
4698 2012-05-30 Lucas Forschler <lforschler@apple.com>
4702 2012-05-30 Oliver Hunt <oliver@apple.com>
4704 DFG does not correctly handle exceptions caught in the LLInt
4705 https://bugs.webkit.org/show_bug.cgi?id=87885
4707 Reviewed by Filip Pizlo.
4709 Make the DFG use genericThrow, rather than reimplementing a small portion of it.
4710 Also make the LLInt slow paths validate that their PC is correct.
4712 * dfg/DFGOperations.cpp:
4713 * llint/LLIntSlowPaths.cpp:
4716 2012-05-30 Lucas Forschler <lforschler@apple.com>
4720 2012-05-29 Mark Hahnenberg <mhahnenberg@apple.com>
4722 CopiedSpace::doneCopying could start another collection
4723 https://bugs.webkit.org/show_bug.cgi?id=86538
4725 Reviewed by Geoffrey Garen.
4727 It's possible that if we don't have anything at the head of to-space
4728 after a collection and the BlockAllocator doesn't have any fresh blocks
4729 to give us right now we could start another collection while still in
4730 the middle of the first collection when we call CopiedSpace::addNewBlock().
4732 One way to resolve this would be to have Heap::shouldCollect() check that
4733 m_operationInProgress is NoOperation. This would prevent the path in
4734 getFreshBlock() that starts the collection if we're already in the middle of one.
4736 I could not come up with a test case to reproduce this crash on ToT.
4739 (JSC::Heap::shouldCollect): We shouldn't collect if we're already in the middle
4740 of a collection, i.e. the current operation should be NoOperation.
4742 2012-05-30 Lucas Forschler <lforschler@apple.com>
4744 Merge <rdar://problem/11519288>
4746 2012-05-21 Lucas Forschler <lforschler@apple.com>
4750 2012-05-17 Filip Pizlo <fpizlo@apple.com>
4752 Setting array index -1 and looping over array causes bad behavior
4753 https://bugs.webkit.org/show_bug.cgi?id=86733
4754 <rdar://problem/11477670>
4756 Reviewed by Oliver Hunt.
4758 * dfg/DFGOperations.cpp:
4760 2012-05-21 Lucas Forschler <lforschler@apple.com>
4764 2012-05-15 Oliver Hunt <oliver@apple.com>
4766 Make error information available even if all we have is line number information.
4767 https://bugs.webkit.org/show_bug.cgi?id=86547
4769 Reviewed by Filip Pizlo.
4771 We don't need expression information to generate useful line, file, and stack information,
4772 so only require that we have line number info available.
4774 * interpreter/Interpreter.cpp:
4775 (JSC::Interpreter::throwException):
4776 * runtime/Executable.h:
4779 2012-05-21 Lucas Forschler <lforschler@apple.com>
4783 2012-05-15 Mark Hahnenberg <mhahnenberg@apple.com>
4785 Block freeing thread should not free blocks when we are actively requesting them
4786 https://bugs.webkit.org/show_bug.cgi?id=86519
4788 Reviewed by Geoff Garen.
4790 * heap/BlockAllocator.h:
4791 (JSC::BlockAllocator::allocate): Reordering the setting of the flag so its done
4792 while we hold the lock to ensure proper locking.
4794 2012-05-21 Lucas Forschler <lforschler@apple.com>
4798 2012-05-15 Mark Hahnenberg <mhahnenberg@apple.com>
4800 Block freeing thread should not free blocks when we are actively requesting them
4801 https://bugs.webkit.org/show_bug.cgi?id=86519
4803 Reviewed by Geoffrey Garen.
4805 The block freeing thread shoots us in the foot if it decides to run while we're actively
4806 requesting blocks and returning them. This situation can arise when there is a lot of copying
4807 collection going on in steady state. We allocate a large swath of pages to copy into, then we
4808 return all the newly free old pages to the BlockAllocator. In this state, if the block freeing
4809 thread wakes up in between collections (which is more likely than it waking up during a
4810 collection) and frees half of these pages, they will be needed almost immediately during the
4811 next collection, causing a storm of VM allocations which we know are going to be very slow.
4813 What we'd like is for when things have quieted down the block freeing thread can then return
4814 memory to the OS. Usually this will be when a page has fully loaded and has a low allocation
4815 rate. In this situation, our opportunistic collections will only be running at least every few
4816 seconds, thus the extra time spent doing VM allocations won't matter nearly as much as, say,
4817 while a page is loading.
4819 * heap/BlockAllocator.cpp:
4820 (JSC::BlockAllocator::BlockAllocator): Initialize our new field.
4821 (JSC::BlockAllocator::blockFreeingThreadMain): We check if we've seen any block requests recently.
4822 If so, reset our flag and go back to sleep. We also don't bother with locking here. If we miss out
4823 on an update, we'll see it when we wake up again.
4824 * heap/BlockAllocator.h: Add new field to track whether or not we've received recent block requests.
4826 (JSC::BlockAllocator::allocate): If we receive a request for a block, set our field that tracks
4827 that to true. We don't bother locking since we assume that writing to a bool is atomic.
4829 2012-06-10 David Kilzer <ddkilzer@apple.com>
4831 <rdar://problem/11634375> Debug code in JSC::Heap::getConservativeRegisterRoots() doesn't match ToT WebKit
4833 Reviewed by David Carson.
4835 The JSC::Heap::getConservativeRegisterRoots() method was added
4836 in ToT WebKit r89885 and its assertion has never changed on ToT.
4837 The current iOS code was added in iOS WebKit r1047630 for
4838 Telluride because isValidThreadState() wasn't merged back to iOS
4841 This change reverts iOS WebKit r1047630.
4844 (JSC::Heap::getConservativeRegisterRoots): Replace temporary
4845 debug code merged for Telluride with assertion from ToT WebKit.
4847 2012-06-07 Gavin Barraclough <barraclough@apple.com>
4849 <rdar://problem/11621272> Math.pow is inaccurate on iOS
4851 Merged ToT WebKit r119775
4853 2012-06-07 Gavin Barraclough <barraclough@apple.com>
4855 Math.pow on iOS does not support denormal numbers.
4856 https://bugs.webkit.org/show_bug.cgi?id=88592
4858 Reviewed by Filip Pizlo.
4860 Import an implementation from fdlibm, detect cases where it is safe to use the system
4861 implementation & where we should fall back to fdlibm.
4863 * runtime/MathObject.cpp:
4867 - On iOS, detect cases where denormal support may be required & use fdlibm in these cases.
4868 (JSC::mathProtoFuncPow):
4869 - Changed to use mathPow.
4870 (JSC::fdlibmScalbn):
4872 - These functions imported from fdlibm; original style retained to ease future merging.
4874 2012-06-06 Gavin Barraclough <barraclough@apple.com>
4876 <rdar://problem/11340413> Iteration order of properties of global object is not stable between global/eval code.
4878 Merged ToT WebKit r119623
4880 2012-06-06 Gavin Barraclough <barraclough@apple.com>
4882 Assigning to a static property should not change iteration order
4883 https://bugs.webkit.org/show_bug.cgi?id=88401
4885 Reviewed by Geoff Garen.
4887 A specific iteration order is not defined by the spec, but test-262 somewhat tenuously
4888 requires that it is at least stable, e.g. ch10/10.4/10.4.2/S10.4.2_A1.1_T1.js
4890 Whilst it is not clear that this behavior really arises from the specification, it
4891 would seem like common sense to conform to this.
4893 The problem here is that we allow properties in the structure to shadow those in the
4894 static table, and we iterate the properties in the structure first - which means that
4895 as values of existing properties are modified, their iteration order changes too.
4897 The easy fix is to iterate the properties from the static table first. This has a
4898 further benefit, since it will mean that user added properties will come after those
4899 present in the static table (respected the expected insertion-order).
4901 * runtime/JSObject.cpp:
4902 (JSC::JSObject::getOwnPropertyNames):
4903 - Iterate static properties first.
4905 2012-06-06 Michael Saboff <msaboff@apple.com>
4907 <rdar://problem/11607363> Merge: JSGlobalData ScratchBuffers Are Not Visited During Garbage Collection
4909 Merge r117729, r117860 andr118239 from OpenSource WebKit.
4911 2012-05-20 Michael Saboff <msaboff@apple.com>
4913 JSGlobalData ScratchBuffers Are Not Visited During Garbage Collection
4914 https://bugs.webkit.org/show_bug.cgi?id=86553
4916 Reviewed by Gavin Barraclough.
4918 Scratch buffers can contain the only reference to live objects.
4919 Therefore visit scratch buffer contents as conservative roots.
4920 Changed the scratch buffers to be a struct with an "active"
4921 length and the actual buffer. The users of the scratch
4922 buffer emit code where needed to set and clear the active
4923 length as appropriate. During marking, the active count is
4924 used for conservative marking.
4926 * dfg/DFGAssemblyHelpers.h:
4927 (JSC::DFG::AssemblyHelpers::debugCall):
4928 * dfg/DFGOSRExitCompiler32_64.cpp:
4929 (JSC::DFG::OSRExitCompiler::compileExit):
4930 * dfg/DFGOSRExitCompiler64.cpp:
4931 (JSC::DFG::OSRExitCompiler::compileExit):
4932 * dfg/DFGOperations.cpp:
4933 * dfg/DFGOperations.h:
4934 * dfg/DFGSpeculativeJIT32_64.cpp:
4935 (JSC::DFG::SpeculativeJIT::compile):
4936 * dfg/DFGSpeculativeJIT64.cpp:
4937 (JSC::DFG::SpeculativeJIT::compile):
4938 * dfg/DFGThunks.cpp:
4939 (JSC::DFG::osrExitGenerationThunkGenerator):
4941 (JSC::Heap::markRoots):
4942 * runtime/JSGlobalData.cpp:
4943 (JSC::JSGlobalData::gatherConservativeRoots):
4944 * runtime/JSGlobalData.h:
4945 (JSC::ScratchBuffer::ScratchBuffer):
4947 (JSC::ScratchBuffer::allocationSize):
4948 (JSC::ScratchBuffer::setActiveLength):
4949 (JSC::ScratchBuffer::activeLength):
4950 (JSC::ScratchBuffer::activeLengthPtr):
4951 (JSC::ScratchBuffer::dataBuffer):
4953 (JSC::JSGlobalData::scratchBufferForSize):
4955 2012-05-21 Michael Saboff <msaboff@apple.com>
4957 Cleanup of Calls to operationStrCat and operationNewArray and Use Constructor after r117729
4958 https://bugs.webkit.org/show_bug.cgi?id=87027
4960 Reviewed by Oliver Hunt.
4962 Change calls to operationStrCat and operationNewArray to provide the
4963 pointer to the EncodedJSValue* data buffer instead of the ScratchBuffer
4964 that contains it. Added a ScratchBuffer::create() function.
4965 This is a clean-up to r117729.
4967 * dfg/DFGOperations.cpp:
4968 * dfg/DFGSpeculativeJIT32_64.cpp:
4969 (JSC::DFG::SpeculativeJIT::compile):
4970 * dfg/DFGSpeculativeJIT64.cpp:
4971 (JSC::DFG::SpeculativeJIT::compile):
4972 * runtime/JSGlobalData.h:
4973 (JSC::ScratchBuffer::create):
4974 (JSC::ScratchBuffer::dataBuffer):
4975 (JSC::JSGlobalData::scratchBufferForSize):
4977 2012-05-23 Filip Pizlo <fpizlo@apple.com>
4979 Every OSR exit on ARM results in a crash
4980 https://bugs.webkit.org/show_bug.cgi?id=87307
4982 Reviewed by Geoffrey Garen.
4984 * dfg/DFGThunks.cpp:
4985 (JSC::DFG::osrExitGenerationThunkGenerator):
4987 2012-06-06 Mark Lam <mark.lam@apple.com>
4989 <rdar://problem/11578367> ASSERTION FAILED: key->isIdentifier() under operationGetByIdOptimizeWithReturnAddress @ my.yahoo.com
4991 Merge http://trac.webkit.org/changeset/118257
4993 2012-05-23 Filip Pizlo <fpizlo@apple.com>
4995 It should be possible to make C function calls from DFG code on ARM in debug mode
4996 https://bugs.webkit.org/show_bug.cgi?id=87313
4998 Reviewed by Gavin Barraclough.
5000 * dfg/DFGSpeculativeJIT.h:
5003 2012-06-05 Michael Saboff <msaboff@apple.com>
5005 <rdar://problem/11600087> MERGE: Entry into JSC should CRASH() if the Heap is busy
5007 Merge r119518 from OpenSource WebKit.
5009 2012-06-05 Mark Hahnenberg <mhahnenberg@apple.com>
5011 Entry into JSC should CRASH() if the Heap is busy
5012 https://bugs.webkit.org/show_bug.cgi?id=88355
5014 Reviewed by Geoffrey Garen.
5016 Interpreter::execute() returns jsNull() right now if we try to enter it while
5017 the Heap is busy (e.g. with a collection), which is okay, but some code paths
5018 that call Interpreter::execute() allocate objects before checking if the Heap
5019 is busy. Attempting to execute JS code while the Heap is busy should not be
5020 allowed and should be enforced by a release-mode CRASH() to prevent vague,
5021 unhelpful backtraces later on if somebody makes a mistake. Normally, recursively
5022 executing JS code is okay, e.g. for evals, but it should not occur during a
5023 Heap allocation or collection because the Heap is not guaranteed to be in a
5024 consistent state (especially during collections). We are protected from
5025 executing JS on the same Heap concurrently on two separate threads because
5026 they must each take a JSLock first. However, we are not protected from reentrant
5027 execution of JS on the same thread because JSLock allows reentrancy. Therefore,
5028 we should fail early if we detect an entrance into JS code while the Heap is busy.
5030 * heap/Heap.cpp: Changed Heap::collect so that it sets the m_operationInProgress field
5031 at the beginning of collection and then unsets it at the end so that it is set at all
5032 times throughout the duration of a collection rather than sporadically during various
5033 phases. There is no reason to unset during a collection because our collector does
5034 not currently support running additional JS between the phases of a collection.
5035 (JSC::Heap::getConservativeRegisterRoots):
5036 (JSC::Heap::markRoots):
5037 (JSC::Heap::collect):
5038 * interpreter/Interpreter.cpp:
5039 (JSC::Interpreter::execute): Crash if the Heap is busy.
5040 * runtime/Completion.cpp: Crash if the Heap is busy. We do it here before we call
5041 Interpreter::execute() because we do some allocation prior to calling execute() which
5042 could cause Heap corruption if, for example, that allocation caused a collection.
5045 2012-06-03 Gavin Barraclough <barraclough@apple.com>
5047 <rdar://problem/11585758> Complete MacroAssemblerARM64
5049 Reviewed by Filip Pizlo.
5051 The new MacroAssembler is currently missing some support for features not required by the
5052 Yarr JIT. This patch implements all the features stubbed out in the initial implementation,
5053 specifically floating point, compare/test, memory accesses -WithMemoryOffsetPatch, and Call
5056 * assembler/ARM64Assembler.h:
5057 (JSC::ARM64Assembler::linkPointer):
5058 - Now implemented in terms of repatchPointer.
5059 (JSC::ARM64Assembler::repatchPointer):
5060 - Added, called by ARM64Assembler::repatchCall.
5061 * assembler/MacroAssemblerARM64.h:
5062 (JSC::MacroAssemblerARM64::loadPtr):
5063 (JSC::MacroAssemblerARM64::load32):
5064 (JSC::MacroAssemblerARM64::load16):
5065 (JSC::MacroAssemblerARM64::load16Signed):
5066 (JSC::MacroAssemblerARM64::load8):
5067 (JSC::MacroAssemblerARM64::load8Signed):
5068 (JSC::MacroAssemblerARM64::storePtr):
5069 (JSC::MacroAssemblerARM64::store32):
5070 (JSC::MacroAssemblerARM64::store16):
5071 (JSC::MacroAssemblerARM64::store8):
5072 - Replace some nasty casting & move() with signExtend32ToPtr().
5073 (JSC::MacroAssemblerARM64::loadPtrWithAddressOffsetPatch):
5074 (JSC::MacroAssemblerARM64::loadPtrWithCompactAddressOffsetPatch):
5075 (JSC::MacroAssemblerARM64::load32WithAddressOffsetPatch):
5076 (JSC::MacroAssemblerARM64::load32WithCompactAddressOffsetPatch):
5077 (JSC::MacroAssemblerARM64::storePtrWithAddressOffsetPatch):
5078 (JSC::MacroAssemblerARM64::store32WithAddressOffsetPatch):
5079 - Implemented, using new signExtend32ToPtrWithFixedWidth method.
5080 (JSC::MacroAssemblerARM64::absDouble):
5081 (JSC::MacroAssemblerARM64::addDouble):
5082 (JSC::MacroAssemblerARM64::branchConvertDoubleToInt32):
5083 (JSC::MacroAssemblerARM64::branchDouble):
5084 (JSC::MacroAssemblerARM64::branchDoubleNonZero):
5085 (JSC::MacroAssemblerARM64::branchDoubleZeroOrNaN):
5086 (JSC::MacroAssemblerARM64::branchTruncateDoubleToInt32):
5087 (JSC::MacroAssemblerARM64::branchTruncateDoubleToUint32):
5088 (JSC::MacroAssemblerARM64::convertDoubleToFloat):
5089 (JSC::MacroAssemblerARM64::convertFloatToDouble):
5090 (JSC::MacroAssemblerARM64::convertInt32ToDouble):
5091 (JSC::MacroAssemblerARM64::divDouble):
5092 (JSC::MacroAssemblerARM64::loadDouble):
5093 (JSC::MacroAssemblerARM64::loadFloat):
5094 (JSC::MacroAssemblerARM64::moveDouble):
5095 (JSC::MacroAssemblerARM64::moveDoubleToPtr):
5096 (JSC::MacroAssemblerARM64::movePtrToDouble):
5097 (JSC::MacroAssemblerARM64::mulDouble):
5098 (JSC::MacroAssemblerARM64::negateDouble):
5099 (JSC::MacroAssemblerARM64::sqrtDouble):
5100 (JSC::MacroAssemblerARM64::storeDouble):
5101 (JSC::MacroAssemblerARM64::storeFloat):
5102 (JSC::MacroAssemblerARM64::subDouble):
5103 (JSC::MacroAssemblerARM64::truncateDoubleToInt32):
5104 (JSC::MacroAssemblerARM64::truncateDoubleToUint32):
5105 - Implemented floating point operations.
5106 (JSC::MacroAssemblerARM64::compare32):
5107 (JSC::MacroAssemblerARM64::comparePtr):
5108 (JSC::MacroAssemblerARM64::test32):
5109 (JSC::MacroAssemblerARM64::test8):
5110 - Implemented compare/test operations.
5111 (JSC::MacroAssemblerARM64::signExtend32ToPtrWithFixedWidth):
5112 - Used to implement WithAddressOffsetPatch memory accesses.
5113 (JSC::MacroAssemblerARM64::repatchCall):
5114 - Implemented using new repatchPointer methods.
5116 2012-05-30 Oliver Hunt <oliver@apple.com>
5118 <rdar://problem/11569194> MERGE: CrashTracer: 270 crashes in WebProcess at com.apple.JavaScriptCore: llint_op_jfalse + 69
5120 Merged ToT WebKit r118956
5122 2012-05-30 Oliver Hunt <oliver@apple.com>
5124 DFG does not correctly handle exceptions caught in the LLInt
5125 https://bugs.webkit.org/show_bug.cgi?id=87885
5127 Reviewed by Filip Pizlo.
5129 Make the DFG use genericThrow, rather than reimplementing a small portion of it.
5130 Also make the LLInt slow paths validate that their PC is correct.
5132 * dfg/DFGOperations.cpp:
5133 * llint/LLIntSlowPaths.cpp:
5136 2012-05-30 Oliver Hunt <oliver@apple.com>
5138 <rdar://problem/11561506> ScriptDebugServer wants sourceIDs that are non-zero because that's what HashMaps want, so JSC should placate it (87887)
5140 Merged ToT WebKit r118960 and r118966
5142 2012-05-30 Filip Pizlo <fpizlo@apple.com>
5144 ScriptDebugServer wants sourceIDs that are non-zero because that's what HashMaps want, so JSC should placate it
5145 https://bugs.webkit.org/show_bug.cgi?id=87887
5147 Reviewed by Darin Adler.
5149 Better fix - we now never call SourceProvider::asID() if SourceProvider* is 0.
5152 (JSC::ScopeNode::sourceID):
5153 * parser/SourceCode.h:
5154 (JSC::SourceCode::providerID):
5156 * parser/SourceProvider.h:
5158 (JSC::SourceProvider::asID):
5159 * runtime/Executable.h:
5160 (JSC::ScriptExecutable::sourceID):
5162 2012-05-30 Filip Pizlo <fpizlo@apple.com>
5164 ScriptDebugServer wants sourceIDs that are non-zero because that's what HashMaps want, so JSC should placate it
5165 https://bugs.webkit.org/show_bug.cgi?id=87887
5167 Reviewed by Geoffrey Garen.
5169 * parser/SourceProvider.h:
5170 (JSC::SourceProvider::asID):
5172 2012-05-30 Oliver Hunt <oliver@apple.com>
5174 <rdar://problem/11524413> MERGE: MailCompositionService CRASH()'d once in JavaScriptCore: JSC::Heap::markRoots
5176 Merged ToT WebKit r118810.
5178 2012-05-29 Mark Hahnenberg <mhahnenberg@apple.com>
5180 CopiedSpace::doneCopying could start another collection
5181 https://bugs.webkit.org/show_bug.cgi?id=86538
5183 Reviewed by Geoffrey Garen.
5185 It's possible that if we don't have anything at the head of to-space
5186 after a collection and the BlockAllocator doesn't have any fresh blocks
5187 to give us right now we could start another collection while still in
5188 the middle of the first collection when we call CopiedSpace::addNewBlock().
5190 One way to resolve this would be to have Heap::shouldCollect() check that
5191 m_operationInProgress is NoOperation. This would prevent the path in
5192 getFreshBlock() that starts the collection if we're already in the middle of one.
5194 I could not come up with a test case to reproduce this crash on ToT.
5197 (JSC::Heap::shouldCollect): We shouldn't collect if we're already in the middle
5198 of a collection, i.e. the current operation should be NoOperation.
5200 2012-05-30 David Kilzer <ddkilzer@apple.com>
5202 <rdar://problem/11561724> iOS: LLInt broken on x86-32 with JIT turned off (87906)
5204 Merged ToT WebKit r118992.
5206 2012-05-30 Filip Pizlo <fpizlo@apple.com>
5208 LLInt broken on x86-32 with JIT turned off
5209 https://bugs.webkit.org/show_bug.cgi?id=87906
5211 Reviewed by Geoffrey Garen.
5213 Fixed the code to not clobber registers that contain important things, like the call frame.
5215 * llint/LowLevelInterpreter32_64.asm:
5217 2012-05-27 Gavin Barraclough <barraclough@apple.com>
5219 <rdar://problem/11543239> Complete ARM64Assembler
5221 Reviewed by Oliver Hunt & Filip Pizlo.
5223 Primarily this patch adds support for the ARMv8 floating point instruction set.
5224 In addition, there were a few integer instructions that were missing, and that
5225 we'll likely want: hlt (this is useful as a I'm-really-not-kidding breakpoint,
5226 since the userspace debugger takes a casual disinterest in brk instructions),
5227 ldr/ldrsw literal (PC relative), conditional compare & select instructions, and
5228 logical operations with immediate operands (which includes the movi alias).
5230 Also, there were a couple of bits of cleanup that were necessitated by this
5231 patch. The marshalling of parameters for load/store formatters was a bit of a
5232 mess (lots of meaningless magic numbers), I've added a MemOpSize enum & some
5233 helper macros & functions to clean this up, as a part of which the macro 'SF'
5234 has been renamed to the still terse but slightly more descriptive 'DATASIZE'.
5236 Finally, it made sense to rename the floating point registers to better match
5237 the naming used for the integer registers. In ARMv8 the integer registers are
5238 referred to as Wn or Xn for 32-bit or 64-bit respectively, or Rn to refer to a
5239 general purpose register without indicating a size. The floating point / SIMD
5240 registers are referred to as Bn, Hn, Sn, Dn, and Qn when indicating a size, or
5241 Vn more abstractly. We were using the naming scheme of labeling the general
5242 purpose registers as x0..x30 and the floating point registers as v0..v31,
5243 which mixes use of the largest concrete register size with the abstract name.
5244 I've sided with using the largest concrete register size (hence q0..q31)
5245 since the names rN, vN seem generic and ambiguous within the compiler as a
5246 whole, whereas xN, qN seem a little more distinctive and easily identifiable.
5248 * assembler/ARM64Assembler.h:
5252 (JSC::UInt5::UInt5):
5253 (JSC::UInt5::operator int):
5254 - Added, used by ccmn/ccmp.
5256 (JSC::LogicalImmediate::create32):
5257 (JSC::LogicalImmediate::create64):
5258 (JSC::LogicalImmediate::value):
5259 (JSC::LogicalImmediate::isValid):
5260 (JSC::LogicalImmediate::is64bit):
5261 (JSC::LogicalImmediate::LogicalImmediate):
5262 (JSC::LogicalImmediate::mask):
5263 (JSC::LogicalImmediate::partialHSB):
5264 (JSC::LogicalImmediate::highestSetBit):
5265 (JSC::LogicalImmediate::findBitRange):
5266 (JSC::LogicalImmediate::encodeLogicalImmediate):
5267 - Type used to identify values that can be encoded as logical immediates,
5268 and to encode them appropriately.
5269 (JSC::ARM64Assembler::invert):
5270 - Moved from MacroAssemblerARM64; used by some alias mnemonics.
5272 (JSC::ARM64Assembler::canEncodeFPImm):
5273 (JSC::ARM64Assembler::encodeFPImm):
5274 - Methods used to identify values that can be encoded as floating-point,
5275 immediates and to encode them appropriately.
5276 (JSC::ARM64Assembler::encodeShiftAmount):
5277 (JSC::ARM64Assembler::encodePositiveImmediate):
5278 - Methods to assist in formatting of load/store instructions.
5279 (JSC::ARM64Assembler::adc):
5280 (JSC::ARM64Assembler::add):
5281 (JSC::ARM64Assembler::and_):
5282 (JSC::ARM64Assembler::asrv):
5283 (JSC::ARM64Assembler::bfm):
5284 (JSC::ARM64Assembler::bic):
5285 (JSC::ARM64Assembler::cbnz):
5286 (JSC::ARM64Assembler::cbz):
5287 (JSC::ARM64Assembler::ccmn):
5288 (JSC::ARM64Assembler::ccmp):
5289 (JSC::ARM64Assembler::cinc):
5290 (JSC::ARM64Assembler::cinv):
5291 (JSC::ARM64Assembler::cls):
5292 (JSC::ARM64Assembler::clz):
5293 (JSC::ARM64Assembler::cneg):
5294 (JSC::ARM64Assembler::csel):
5295 (JSC::ARM64Assembler::cset):
5296 (JSC::ARM64Assembler::csetm):
5297 (JSC::ARM64Assembler::csinc):
5298 (JSC::ARM64Assembler::csinv):
5299 (JSC::ARM64Assembler::csneg):
5300 (JSC::ARM64Assembler::eon):
5301 (JSC::ARM64Assembler::eor):
5302 (JSC::ARM64Assembler::extr):
5303 (JSC::ARM64Assembler::hlt):
5304 (JSC::ARM64Assembler::ldr):
5305 (JSC::ARM64Assembler::ldr_literal):
5306 (JSC::ARM64Assembler::ldrb):
5307 (JSC::ARM64Assembler::ldrh):
5308 (JSC::ARM64Assembler::ldrsb):
5309 (JSC::ARM64Assembler::ldrsh):
5310 (JSC::ARM64Assembler::ldrsw):
5311 (JSC::ARM64Assembler::ldrsw_literal):
5312 (JSC::ARM64Assembler::ldur):
5313 (JSC::ARM64Assembler::ldurb):
5314 (JSC::ARM64Assembler::ldurh):
5315 (JSC::ARM64Assembler::ldursb):
5316 (JSC::ARM64Assembler::ldursh):
5317 (JSC::ARM64Assembler::ldursw):
5318 (JSC::ARM64Assembler::lslv):
5319 (JSC::ARM64Assembler::lsrv):
5320 (JSC::ARM64Assembler::madd):
5321 (JSC::ARM64Assembler::movi):
5322 (JSC::ARM64Assembler::movk):
5323 (JSC::ARM64Assembler::movn):
5324 (JSC::ARM64Assembler::movz):
5325 (JSC::ARM64Assembler::msub):
5326 (JSC::ARM64Assembler::orn):
5327 (JSC::ARM64Assembler::orr):
5328 (JSC::ARM64Assembler::rbit):
5329 (JSC::ARM64Assembler::rev16):
5330 (JSC::ARM64Assembler::rorv):
5331 (JSC::ARM64Assembler::sbc):
5332 (JSC::ARM64Assembler::sbfm):
5333 (JSC::ARM64Assembler::sdiv):
5334 (JSC::ARM64Assembler::str):
5335 (JSC::ARM64Assembler::strb):
5336 (JSC::ARM64Assembler::strh):
5337 (JSC::ARM64Assembler::stur):
5338 (JSC::ARM64Assembler::sturb):
5339 (JSC::ARM64Assembler::sturh):
5340 (JSC::ARM64Assembler::sub):
5341 (JSC::ARM64Assembler::tst):
5342 (JSC::ARM64Assembler::ubfm):
5343 (JSC::ARM64Assembler::udiv):
5344 (JSC::ARM64Assembler::fabs):
5345 (JSC::ARM64Assembler::fadd):
5346 (JSC::ARM64Assembler::fccmp):
5347 (JSC::ARM64Assembler::fccmpe):
5348 (JSC::ARM64Assembler::fcmp):
5349 (JSC::ARM64Assembler::fcmp_0):
5350 (JSC::ARM64Assembler::fcmpe):
5351 (JSC::ARM64Assembler::fcmpe_0):
5352 (JSC::ARM64Assembler::fcsel):
5353 (JSC::ARM64Assembler::fcvt):
5354 (JSC::ARM64Assembler::fcvtas):
5355 (JSC::ARM64Assembler::fcvtau):
5356 (JSC::ARM64Assembler::fcvtms):
5357 (JSC::ARM64Assembler::fcvtmu):
5358 (JSC::ARM64Assembler::fcvtns):
5359 (JSC::ARM64Assembler::fcvtnu):
5360 (JSC::ARM64Assembler::fcvtps):
5361 (JSC::ARM64Assembler::fcvtpu):
5362 (JSC::ARM64Assembler::fcvtzs):
5363 (JSC::ARM64Assembler::fcvtzu):
5364 (JSC::ARM64Assembler::fdiv):
5365 (JSC::ARM64Assembler::fmadd):
5366 (JSC::ARM64Assembler::fmax):
5367 (JSC::ARM64Assembler::fmaxnm):
5368 (JSC::ARM64Assembler::fmin):
5369 (JSC::ARM64Assembler::fminnm):
5370 (JSC::ARM64Assembler::fmov):
5371 (JSC::ARM64Assembler::fmov_top):
5372 (JSC::ARM64Assembler::fmsub):
5373 (JSC::ARM64Assembler::fmul):
5374 (JSC::ARM64Assembler::fneg):
5375 (JSC::ARM64Assembler::fnmadd):
5376 (JSC::ARM64Assembler::fnmsub):
5377 (JSC::ARM64Assembler::fnmul):
5378 (JSC::ARM64Assembler::frinta):
5379 (JSC::ARM64Assembler::frinti):
5380 (JSC::ARM64Assembler::frintm):
5381 (JSC::ARM64Assembler::frintn):
5382 (JSC::ARM64Assembler::frintp):
5383 (JSC::ARM64Assembler::frintx):
5384 (JSC::ARM64Assembler::frintz):
5385 (JSC::ARM64Assembler::fsqrt):
5386 (JSC::ARM64Assembler::fsub):
5387 (JSC::ARM64Assembler::scvtf):
5388 (JSC::ARM64Assembler::ucvtf):
5389 (JSC::ARM64Assembler::label):
5390 (JSC::ARM64Assembler::align):
5391 (JSC::ARM64Assembler::getRelocatedAddress):
5392 (JSC::ARM64Assembler::getDifferenceBetweenLabels):
5393 (JSC::ARM64Assembler::executableOffsetFor):
5394 (JSC::ARM64Assembler::executableCopy):
5395 (JSC::ARM64Assembler::codeSize):
5396 (JSC::ARM64Assembler::getCallReturnOffset):
5397 (JSC::ARM64Assembler::linkJump):
5398 (JSC::ARM64Assembler::xOrZrAsFPR):
5399 (JSC::ARM64Assembler::xOrZrOrSp):
5400 (JSC::ARM64Assembler::addSubtractExtendedRegister):
5401 (JSC::ARM64Assembler::addSubtractImmediate):
5402 (JSC::ARM64Assembler::conditionalCompareImmediate):
5403 (JSC::ARM64Assembler::conditionalCompareRegister):
5404 (JSC::ARM64Assembler::conditionalSelect):
5405 (JSC::ARM64Assembler::floatingPointCompare):
5406 (JSC::ARM64Assembler::floatingPointConditionalCompare):
5407 (JSC::ARM64Assembler::floatingPointConditionalSelect):
5408 (JSC::ARM64Assembler::floatingPointImmediate):
5409 (JSC::ARM64Assembler::floatingPointIntegerConversions):
5410 (JSC::ARM64Assembler::floatingPointDataProcessing1Source):
5411 (JSC::ARM64Assembler::floatingPointDataProcessing2Source):
5412 (JSC::ARM64Assembler::floatingPointDataProcessing3Source):
5413 (JSC::ARM64Assembler::loadRegisterLiteral):
5414 (JSC::ARM64Assembler::loadStoreRegisterPostIndex):
5415 (JSC::ARM64Assembler::loadStoreRegisterPreIndex):
5416 (JSC::ARM64Assembler::loadStoreRegisterRegisterOffset):
5417 (JSC::ARM64Assembler::loadStoreRegisterUnscaledImmediate):
5418 (JSC::ARM64Assembler::loadStoreRegisterUnsignedImmediate):
5419 (JSC::ARM64Assembler::logicalImmediate):
5420 * assembler/MacroAssemblerARM64.h:
5421 (MacroAssemblerARM64):
5422 (JSC::MacroAssemblerARM64::call):
5423 (JSC::MacroAssemblerARM64::tailRecursiveCall):
5424 - Fixed typo, REPTACH -> REPATCH.
5425 (JSC::MacroAssemblerARM64::breakpoint):
5426 - Switched from an infinite loop to a hlt instruction.
5427 (We now have a userspce debugger that will catch this, but not a brk!)
5428 (JSC::MacroAssemblerARM64::invert):
5429 - Moved to ARM64Assembler.
5430 (JSC::MacroAssemblerARM64::makeBranch):
5431 (JSC::MacroAssemblerARM64::linkCall):
5432 - Fixed typo, REPTACH -> REPATCH.
5434 2012-05-26 David Kilzer <ddkilzer@apple.com>
5436 <rdar://problem/11541338> FeatureDefines.xcconfig should match across projects
5438 Reviewed by David Carson.
5440 * Configurations/FeatureDefines.xcconfig:
5441 - Remove ENABLE_CSS_SHADERS setting (matches ToT).
5442 - Add ENABLE_LEGACY_CSS_VENDOR_PREFIXES setting.
5444 2012-05-25 Gavin Barraclough <barraclough@apple.com>
5446 <rdar://problem/11536267> YARR JIT for arm64
5448 Reviewed by Filip Pizlo.
5450 Enable support for the YARR regular expression JIT on arm64. This patch
5451 introduces the arm64 assembler & MacroAssembler classes, along with a
5452 couple of small tweaks to existing files to make sure these are included
5453 & provide an assignment of registers for the JIT to use.
5455 The assembler & MacroAssembler are largely complete, with the following
5456 work still to be undertaken:
5457 - Floating point support has not yet been implemented.
5458 - Test/Comare operations are not yet supported.
5459 - Branch compaction has not yet been implemented for arm64.
5460 - Constant blinding is currently disabled.
5461 - Address calculations for loads/stores is overly simplistic, only using indexed addressing forms.
5462 - Immediate forms of arithmetic operations are not being generated.
5464 * JavaScriptCore.xcodeproj/project.pbxproj:
5465 - Added ARM64Assembler.h, MacroAssemblerARM64.h.
5466 * assembler/ARM64Assembler.h: Added.
5470 - helper functions to test sizes of integers.
5472 (JSC::UInt12::UInt12):
5473 (JSC::UInt12::operator int):
5474 - Type to make it explicit where an immediate must be 12-bit.
5476 (JSC::PostIndex::PostIndex):
5477 (JSC::PostIndex::operator int):
5479 (JSC::PreIndex::PreIndex):
5480 (JSC::PreIndex::operator int):
5481 - Types to convey pre/post indexing (normally denoted in arm asm syntax through punctuation!)
5483 - Used to extract 16-bit chunks from larger immediates.
5484 (JSC::ARM64Registers::isSp):
5485 (JSC::ARM64Registers::isZr):
5487 (JSC::ARM64Assembler::isSp):
5488 (JSC::ARM64Assembler::isZr):
5490 (JSC::ARM64Assembler::adc):
5491 (JSC::ARM64Assembler::add):
5492 (JSC::ARM64Assembler::adr):
5493 (JSC::ARM64Assembler::adrp):
5494 (JSC::ARM64Assembler::and_):
5495 - ('and' is a reserved word, so using 'and_' instead)
5496 (JSC::ARM64Assembler::asr):
5497 (JSC::ARM64Assembler::asrv):
5498 (JSC::ARM64Assembler::b):
5499 (JSC::ARM64Assembler::b_cond):
5500 - ('b.cond' is not a valid identifier, so using 'b_cond' instead)
5501 (JSC::ARM64Assembler::bfi):
5502 (JSC::ARM64Assembler::bfm):
5503 (JSC::ARM64Assembler::bfxil):
5504 (JSC::ARM64Assembler::bic):
5505 (JSC::ARM64Assembler::bl):
5506 (JSC::ARM64Assembler::blr):
5507 (JSC::ARM64Assembler::br):
5508 (JSC::ARM64Assembler::brk):
5509 (JSC::ARM64Assembler::cbnz):
5510 (JSC::ARM64Assembler::cbz):
5511 (JSC::ARM64Assembler::cls):
5512 (JSC::ARM64Assembler::clz):
5513 (JSC::ARM64Assembler::cmn):
5514 (JSC::ARM64Assembler::cmp):
5515 (JSC::ARM64Assembler::eon):
5516 (JSC::ARM64Assembler::eor):
5517 (JSC::ARM64Assembler::extr):
5518 (JSC::ARM64Assembler::hint):
5519 (JSC::ARM64Assembler::ldr):
5520 (JSC::ARM64Assembler::ldrb):
5521 (JSC::ARM64Assembler::ldrh):
5522 (JSC::ARM64Assembler::ldrsb):
5523 (JSC::ARM64Assembler::ldrsh):
5524 (JSC::ARM64Assembler::ldrsw):
5525 (JSC::ARM64Assembler::ldur):
5526 (JSC::ARM64Assembler::ldurb):
5527 (JSC::ARM64Assembler::ldurh):
5528 (JSC::ARM64Assembler::ldursb):
5529 (JSC::ARM64Assembler::ldursh):
5530 (JSC::ARM64Assembler::ldursw):
5531 (JSC::ARM64Assembler::lsl):
5532 (JSC::ARM64Assembler::lslv):
5533 (JSC::ARM64Assembler::lsr):
5534 (JSC::ARM64Assembler::lsrv):
5535 (JSC::ARM64Assembler::madd):
5536 (JSC::ARM64Assembler::mneg):
5537 (JSC::ARM64Assembler::mov):
5538 (JSC::ARM64Assembler::movk):
5539 (JSC::ARM64Assembler::movn):
5540 (JSC::ARM64Assembler::movz):
5541 (JSC::ARM64Assembler::msub):
5542 (JSC::ARM64Assembler::mul):
5543 (JSC::ARM64Assembler::mvn):
5544 (JSC::ARM64Assembler::neg):
5545 (JSC::ARM64Assembler::ngc):
5546 (JSC::ARM64Assembler::nop):
5547 (JSC::ARM64Assembler::orn):
5548 (JSC::ARM64Assembler::orr):
5549 (JSC::ARM64Assembler::rbit):
5550 (JSC::ARM64Assembler::ret):
5551 (JSC::ARM64Assembler::rev):
5552 (JSC::ARM64Assembler::rev16):
5553 (JSC::ARM64Assembler::rev32):
5554 (JSC::ARM64Assembler::ror):
5555 (JSC::ARM64Assembler::rorv):
5556 (JSC::ARM64Assembler::sbc):
5557 (JSC::ARM64Assembler::sbfiz):
5558 (JSC::ARM64Assembler::sbfm):
5559 (JSC::ARM64Assembler::sbfx):
5560 (JSC::ARM64Assembler::sdiv):
5561 (JSC::ARM64Assembler::smaddl):
5562 (JSC::ARM64Assembler::smnegl):
5563 (JSC::ARM64Assembler::smsubl):
5564 (JSC::ARM64Assembler::smulh):
5565 (JSC::ARM64Assembler::smull):
5566 (JSC::ARM64Assembler::str):
5567 (JSC::ARM64Assembler::strb):
5568 (JSC::ARM64Assembler::strh):
5569 (JSC::ARM64Assembler::stur):
5570 (JSC::ARM64Assembler::sturb):
5571 (JSC::ARM64Assembler::sturh):
5572 (JSC::ARM64Assembler::sub):
5573 (JSC::ARM64Assembler::sxtb):
5574 (JSC::ARM64Assembler::sxth):
5575 (JSC::ARM64Assembler::sxtw):
5576 (JSC::ARM64Assembler::tbz):
5577 (JSC::ARM64Assembler::tbnz):
5578 (JSC::ARM64Assembler::tst):
5579 (JSC::ARM64Assembler::ubfiz):
5580 (JSC::ARM64Assembler::ubfm):
5581 (JSC::ARM64Assembler::ubfx):
5582 (JSC::ARM64Assembler::udiv):
5583 (JSC::ARM64Assembler::umaddl):
5584 (JSC::ARM64Assembler::umnegl):
5585 (JSC::ARM64Assembler::umsubl):
5586 (JSC::ARM64Assembler::umulh):
5587 (JSC::ARM64Assembler::umull):
5588 (JSC::ARM64Assembler::uxtb):
5589 (JSC::ARM64Assembler::uxth):
5590 (JSC::ARM64Assembler::uxtw):
5591 - Instruction formatters. The function names & arguments match arm64 mnemonics,
5592 see https://mobsi-svn.ecs.apple.com/svn/mobsi/docs/ARM_V8/ISA/index.xml
5593 (JSC::ARM64Assembler::label):
5594 (JSC::ARM64Assembler::align):
5595 (JSC::ARM64Assembler::getRelocatedAddress):
5596 (JSC::ARM64Assembler::getDifferenceBetweenLabels):
5597 (JSC::ARM64Assembler::executableOffsetFor):
5598 (JSC::ARM64Assembler::executableCopy):
5599 (JSC::ARM64Assembler::codeSize):
5600 (JSC::ARM64Assembler::getCallReturnOffset):
5601 - Misc admin functions.
5602 (JSC::ARM64Assembler::linkJump):
5603 (JSC::ARM64Assembler::linkCall):
5604 (JSC::ARM64Assembler::linkPointer):
5605 (JSC::ARM64Assembler::cacheFlush):
5606 - Public linking interface.
5607 (JSC::ARM64Assembler::linkJumpOrCall):
5608 (JSC::ARM64Assembler::addressOf):
5609 (JSC::ARM64Assembler::disassembleXOrSp):
5610 (JSC::ARM64Assembler::disassembleXOrZr):
5611 (JSC::ARM64Assembler::disassembleMoveWideImediate):
5612 (JSC::ARM64Assembler::disassembleUnconditionalBranchImmediate):
5613 - Internal helpers for linking & patching code.
5614 (JSC::ARM64Assembler::xOrSp):
5615 (JSC::ARM64Assembler::xOrZr):
5616 - Used to convert sp & zr enum values to integer representation, 31.
5617 (JSC::ARM64Assembler::insn):
5618 - used to add a formatted instruction to the AssemblerBuffer.
5619 (JSC::ARM64Assembler::addSubtractExtendedRegister):
5620 (JSC::ARM64Assembler::addSubtractImmediate):
5621 (JSC::ARM64Assembler::addSubtractShiftedRegister):
5622 (JSC::ARM64Assembler::addSubtractWithCarry):
5623 (JSC::ARM64Assembler::bitfield):
5624 (JSC::ARM64Assembler::compareAndBranchImmediate):
5625 (JSC::ARM64Assembler::conditionalBranchImmediate):
5626 (JSC::ARM64Assembler::dataProcessing1Source):
5627 (JSC::ARM64Assembler::dataProcessing2Source):
5628 (JSC::ARM64Assembler::dataProcessing3Source):
5629 (JSC::ARM64Assembler::excepnGeneration):
5630 (JSC::ARM64Assembler::extract):
5631 (JSC::ARM64Assembler::loadStoreRegisterPostIndex):
5632 (JSC::ARM64Assembler::loadStoreRegisterPreIndex):
5633 (JSC::ARM64Assembler::loadStoreRegisterRegisterOffset):
5634 (JSC::ARM64Assembler::loadStoreRegisterUnscaledImmediate):
5635 (JSC::ARM64Assembler::loadStoreRegisterUnsignedImmediate):
5636 (JSC::ARM64Assembler::logicalShiftedRegister):
5637 (JSC::ARM64Assembler::moveWideImediate):
5638 (JSC::ARM64Assembler::unconditionalBranchImmediate):
5639 (JSC::ARM64Assembler::pcRelative):
5640 (JSC::ARM64Assembler::system):
5641 (JSC::ARM64Assembler::testAndBranchImmediate):
5642 (JSC::ARM64Assembler::unconditionalBranchRegister):
5643 - Internal formatters, the function names & arguments match the arm64 encoding tables,
5644 see https://mobsi-svn.ecs.apple.com/svn/mobsi/docs/ARM_V8/ISA/encodingindex.xml
5645 * assembler/MacroAssembler.h:
5647 * assembler/MacroAssemblerARM64.h: Added.
5649 (MacroAssemblerARM64):
5650 (JSC::MacroAssemblerARM64::add32):
5651 (JSC::MacroAssemblerARM64::addPtr):
5652 (JSC::MacroAssemblerARM64::add64):
5653 (JSC::MacroAssemblerARM64::and32):
5654 (JSC::MacroAssemblerARM64::andPtr):
5655 (JSC::MacroAssemblerARM64::countLeadingZeros32):
5656 (JSC::MacroAssemblerARM64::lshift32):
5657 (JSC::MacroAssemblerARM64::mul32):
5658 (JSC::MacroAssemblerARM64::neg32):
5659 (JSC::MacroAssemblerARM64::or32):
5660 (JSC::MacroAssemblerARM64::orPtr):
5661 (JSC::MacroAssemblerARM64::rotateRightPtr):
5662 (JSC::MacroAssemblerARM64::rshift32):
5663 (JSC::MacroAssemblerARM64::sub32):
5664 (JSC::MacroAssemblerARM64::subPtr):
5665 (JSC::MacroAssemblerARM64::urshift32):
5666 (JSC::MacroAssemblerARM64::xor32):
5667 (JSC::MacroAssemblerARM64::xor64):
5668 (JSC::MacroAssemblerARM64::loadPtr):
5669 (JSC::MacroAssemblerARM64::loadPtrWithAddressOffsetPatch):
5670 (JSC::MacroAssemblerARM64::loadPtrWithCompactAddressOffsetPatch):
5671 (JSC::MacroAssemblerARM64::load32):
5672 (JSC::MacroAssemblerARM64::load32WithAddressOffsetPatch):
5673 (JSC::MacroAssemblerARM64::load32WithCompactAddressOffsetPatch):
5674 (JSC::MacroAssemblerARM64::load32WithUnalignedHalfWords):
5675 (JSC::MacroAssemblerARM64::load16):
5676 (JSC::MacroAssemblerARM64::load16Unaligned):
5677 (JSC::MacroAssemblerARM64::load16Signed):
5678 (JSC::MacroAssemblerARM64::load8):
5679 (JSC::MacroAssemblerARM64::load8Signed):
5680 (JSC::MacroAssemblerARM64::storePtr):
5681 (JSC::MacroAssemblerARM64::storePtrWithAddressOffsetPatch):
5682 (JSC::MacroAssemblerARM64::store32):
5683 (JSC::MacroAssemblerARM64::store32WithAddressOffsetPatch):
5684 (JSC::MacroAssemblerARM64::store16):
5685 (JSC::MacroAssemblerARM64::store8):
5686 (JSC::MacroAssemblerARM64::supportsFloatingPoint):
5687 (JSC::MacroAssemblerARM64::supportsFloatingPointTruncate):
5688 (JSC::MacroAssemblerARM64::supportsFloatingPointSqrt):
5689 (JSC::MacroAssemblerARM64::supportsFloatingPointAbs):
5690 (JSC::MacroAssemblerARM64::absDouble):
5691 (JSC::MacroAssemblerARM64::addDouble):
5692 (JSC::MacroAssemblerARM64::branchConvertDoubleToInt32):
5693 (JSC::MacroAssemblerARM64::branchDouble):
5694 (JSC::MacroAssemblerARM64::branchDoubleNonZero):
5695 (JSC::MacroAssemblerARM64::branchDoubleZeroOrNaN):
5696 (JSC::MacroAssemblerARM64::branchTruncateDoubleToInt32):
5697 (JSC::MacroAssemblerARM64::branchTruncateDoubleToUint32):
5698 (JSC::MacroAssemblerARM64::convertDoubleToFloat):
5699 (JSC::MacroAssemblerARM64::convertFloatToDouble):
5700 (JSC::MacroAssemblerARM64::convertInt32ToDouble):
5701 (JSC::MacroAssemblerARM64::divDouble):
5702 (JSC::MacroAssemblerARM64::loadDouble):
5703 (JSC::MacroAssemblerARM64::loadFloat):
5704 (JSC::MacroAssemblerARM64::moveDouble):
5705 (JSC::MacroAssemblerARM64::moveDoubleToPtr):
5706 (JSC::MacroAssemblerARM64::movePtrToDouble):
5707 (JSC::MacroAssemblerARM64::mulDouble):
5708 (JSC::MacroAssemblerARM64::negateDouble):
5709 (JSC::MacroAssemblerARM64::sqrtDouble):
5710 (JSC::MacroAssemblerARM64::storeDouble):
5711 (JSC::MacroAssemblerARM64::storeFloat):
5712 (JSC::MacroAssemblerARM64::subDouble):
5713 (JSC::MacroAssemblerARM64::truncateDoubleToInt32):
5714 (JSC::MacroAssemblerARM64::truncateDoubleToUint32):
5715 (JSC::MacroAssemblerARM64::pop):
5716 (JSC::MacroAssemblerARM64::push):
5717 (JSC::MacroAssemblerARM64::move):
5718 (JSC::MacroAssemblerARM64::swap):
5719 (JSC::MacroAssemblerARM64::signExtend32ToPtr):
5720 (JSC::MacroAssemblerARM64::zeroExtend32ToPtr):
5721 (JSC::MacroAssemblerARM64::branch32):
5722 (JSC::MacroAssemblerARM64::branchPtr):
5723 (JSC::MacroAssemblerARM64::branch8):
5724 (JSC::MacroAssemblerARM64::branchTest32):
5725 (JSC::MacroAssemblerARM64::branchTestPtr):
5726 (JSC::MacroAssemblerARM64::branchTest8):
5727 (JSC::MacroAssemblerARM64::branch32WithUnalignedHalfWords):
5728 (JSC::MacroAssemblerARM64::branchAdd32):
5729 (JSC::MacroAssemblerARM64::branchAddPtr):
5730 (JSC::MacroAssemblerARM64::branchMul32):
5731 (JSC::MacroAssemblerARM64::branchSub32):
5732 (JSC::MacroAssemblerARM64::branchSubPtr):
5733 (JSC::MacroAssemblerARM64::call):
5734 (JSC::MacroAssemblerARM64::jump):
5735 (JSC::MacroAssemblerARM64::makeTailRecursiveCall):
5736 (JSC::MacroAssemblerARM64::nearCall):
5737 (JSC::MacroAssemblerARM64::ret):
5738 (JSC::MacroAssemblerARM64::tailRecursiveCall):
5739 (JSC::MacroAssemblerARM64::compare32):
5740 (JSC::MacroAssemblerARM64::comparePtr):
5741 (JSC::MacroAssemblerARM64::test32):
5742 (JSC::MacroAssemblerARM64::test8):
5743 (JSC::MacroAssemblerARM64::moveWithPatch):
5744 (JSC::MacroAssemblerARM64::branchPtrWithPatch):
5745 (JSC::MacroAssemblerARM64::storePtrWithPatch):
5746 (JSC::MacroAssemblerARM64::breakpoint):
5747 (JSC::MacroAssemblerARM64::nop):
5748 (JSC::MacroAssemblerARM64::invert):
5749 (JSC::MacroAssemblerARM64::makeBranch):
5750 (JSC::MacroAssemblerARM64::ARM64Condition):
5751 (JSC::MacroAssemblerARM64::moveWithFixedWidth):
5752 (JSC::MacroAssemblerARM64::linkCall):
5753 (JSC::MacroAssemblerARM64::repatchCall):
5754 * jit/ExecutableAllocatorFixedVMPool.cpp:
5755 - Fix #ifdef typo, to enable ASSEMBLER but !JIT builds.
5758 - Add ARM64 register assignment.
5761 - As for X86-64, return match start/end in two registers.
5763 2012-05-24 Gavin Barraclough <barraclough@apple.com>
5765 Merged Open Source WebKit r118413.
5767 2012-05-24 Gavin Barraclough <barraclough@apple.com>
5769 Move cacheFlush from ExecutableAllocator to Assembler classes
5770 https://bugs.webkit.org/show_bug.cgi?id=87420
5772 Reviewed by Oliver Hunt.
5774 Makes more sense there, & remove a pile of #ifdefs.
5776 * assembler/ARMAssembler.cpp:
5778 (JSC::ARMAssembler::cacheFlush):
5779 * assembler/ARMAssembler.h:
5781 (JSC::ARMAssembler::cacheFlush):
5782 * assembler/ARMv7Assembler.h:
5783 (JSC::ARMv7Assembler::relinkJump):
5784 (JSC::ARMv7Assembler::cacheFlush):
5786 (JSC::ARMv7Assembler::setInt32):
5787 (JSC::ARMv7Assembler::setUInt7ForLoad):
5788 * assembler/AbstractMacroAssembler.h:
5789 (JSC::AbstractMacroAssembler::cacheFlush):
5790 * assembler/LinkBuffer.h:
5791 (JSC::LinkBuffer::performFinalization):
5792 * assembler/MIPSAssembler.h:
5793 (JSC::MIPSAssembler::relinkJump):
5794 (JSC::MIPSAssembler::relinkCall):
5795 (JSC::MIPSAssembler::repatchInt32):
5796 (JSC::MIPSAssembler::cacheFlush):
5798 * assembler/SH4Assembler.h:
5799 (JSC::SH4Assembler::repatchCompact):
5800 (JSC::SH4Assembler::cacheFlush):
5802 * assembler/X86Assembler.h:
5804 (JSC::X86Assembler::cacheFlush):
5805 * jit/ExecutableAllocator.cpp:
5807 * jit/ExecutableAllocator.h:
5808 (ExecutableAllocator):
5810 2012-05-15 Sam Weinig <sam@webkit.org>
5812 <rdar://problem/11401642> ENABLE_IFRAME_SEAMLESS should be turned off on the branch
5814 Reviewed by Andy Estes.
5816 * Configurations/FeatureDefines.xcconfig:
5817 Disable ENABLE_IFRAME_SEAMLESS.
5819 2012-05-15 Lucas Forschler <lforschler@apple.com>
5823 2012-05-13 Filip Pizlo <fpizlo@apple.com>
5825 DFG performs incorrect constant folding on double-to-uint32 conversion in
5826 Uint32Array PutByVal
5827 https://bugs.webkit.org/show_bug.cgi?id=86330
5829 Reviewed by Darin Adler.
5831 static_cast<int>(d) is wrong, since JS semantics require us to use toInt32(d).
5832 In particular, C++ casts on typical hardware (like x86 and similar) will
5833 return 0x80000000 for double values that are out of range of the int32 domain
5834 (i.e. less than -2^31 or greater than or equal to 2^31). But JS semantics call
5835 for wrap-around; for example the double value 4294967297 ought to become the
5836 int32 value 1, not 0x80000000.
5838 * dfg/DFGSpeculativeJIT.cpp:
5839 (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
5841 2012-05-15 Lucas Forschler <lforschler@apple.com>
5845 2012-05-11 Geoffrey Garen <ggaren@apple.com>
5847 Clarified JSGlobalData (JavaScript VM) lifetime
5848 https://bugs.webkit.org/show_bug.cgi?id=85142
5850 Reviewed by Alexey Proskuryakov.
5854 * API/JSContextRef.cpp:
5855 (JSGlobalContextCreate): Restored some code I removed because I misread an #ifdef.
5856 (We don't need to test BUILDING_ON_LEOPARD, but we still need the linked-on
5857 test, because apps might have been linked on older OS's.)
5859 2012-05-15 Lucas Forschler <lforschler@apple.com>
5863 2012-05-11 Filip Pizlo <fpizlo@apple.com>
5865 JIT memory allocator is not returning memory to the OS on Darwin
5866 https://bugs.webkit.org/show_bug.cgi?id=86047
5868 Reviewed by Geoff Garen.
5870 * jit/ExecutableAllocatorFixedVMPool.cpp:
5871 (JSC::FixedVMPoolExecutableAllocator::notifyPageIsFree):
5873 2012-05-15 Lucas Forschler <lforschler@apple.com>
5877 2012-05-09 Filip Pizlo <fpizlo@apple.com>
5879 JIT memory allocator is not returning memory to the OS on Darwin
5880 https://bugs.webkit.org/show_bug.cgi?id=86047
5881 <rdar://problem/11414948>
5883 Reviewed by Geoff Garen.
5885 Work around the problem by using a different madvise() flag, but only for the JIT memory
5886 allocator. Also put in ASSERTs that the call is actually working.
5888 * jit/ExecutableAllocatorFixedVMPool.cpp:
5889 (JSC::FixedVMPoolExecutableAllocator::notifyNeedPage):
5890 (JSC::FixedVMPoolExecutableAllocator::notifyPageIsFree):
5892 2012-05-15 Lucas Forschler <lforschler@apple.com>
5896 2012-05-09 Mark Hahnenberg <mhahnenberg@apple.com>
5898 CopiedSpace does not add pinned blocks back to the to-space filter
5899 https://bugs.webkit.org/show_bug.cgi?id=86011
5901 Reviewed by Geoffrey Garen.
5903 After a collection has finished, we go through the blocks in from-space
5904 and move any of them that are pinned into to-space. At the beginning of
5905 collection, we reset the to-space block filter that is used during
5906 conservative scanning and add back the blocks that are filled during the
5907 collection. However, we neglect to add back those blocks that are moved
5908 from from-space to to-space, which can cause the conservative scan to
5909 think that some pinned items are not actually in CopiedSpace.
5911 * heap/CopiedSpace.cpp:
5912 (JSC::CopiedSpace::doneCopying): Add the pinned blocks back to the
5913 to-space filter. Also added a comment and assert for future readers that
5914 indicates that it's okay that we don't also add the block to the
5915 to-space block set since it was never removed.
5917 2012-05-15 Lucas Forschler <lforschler@apple.com>
5921 2012-05-08 Mark Hahnenberg <mhahnenberg@apple.com>
5923 Heap should not continually allocate new pages in steady state
5924 https://bugs.webkit.org/show_bug.cgi?id=85936
5926 Reviewed by Geoff Garen.
5928 Currently, in steady state (i.e. a constant amount of live GC
5929 memory with a constant rate of allocation) assuming we've just
5930 finished a collection with X live blocks in CopiedSpace, we
5931 increase our working set by X blocks in CopiedSpace with each
5932 collection we perform. This is due to the fact that we allocate
5933 until we run out of free blocks to use in the Heap before we
5934 consider whether we should run a collection.
5936 In the longer term, this issue will be mostly resolved by
5937 implementing quick release for the CopiedSpace. In the shorter
5938 term, we should change our policy to check whether we should
5939 allocate before trying to use a free block from the Heap. We
5940 can change our policy to something more appropriate once we
5941 have implemented quick release.
5943 This change should also have the convenient side effect of
5944 reducing the variance in GC-heavy tests (e.g. v8-splay) due
5945 to fact that we are doing less VM allocation during copying
5946 collection. Overall, this patch is performance neutral across
5947 the benchmarks we track.
5949 * heap/CopiedSpace.cpp:
5950 (JSC::CopiedSpace::getFreshBlock): Shuffle the request from the BlockAllocator
5951 around so that we only do it if the block request must succeed
5952 i.e. after we've already checked whether we should do a collection.
5953 * heap/MarkedAllocator.cpp:
5954 (JSC::MarkedAllocator::allocateSlowCase): Ditto.
5955 (JSC::MarkedAllocator::allocateBlock): We no longer have a failure mode in this
5956 function because by the time we've called it, we've already checked whether we
5957 should run a collection so there's no point in returning null.
5958 * heap/MarkedAllocator.h: Removing old arguments from function declaration.
5961 2012-05-15 Lucas Forschler <lforschler@apple.com>
5965 2012-05-07 Oliver Hunt <oliver@apple.com>
5971 r110287 was meant to be refactoring only, but changed behavior
5972 enough to break some websites, including qq.com.
5974 2012-05-15 Lucas Forschler <lforschler@apple.com>
5978 2012-05-07 Oliver Hunt <oliver@apple.com>
5980 LLInt doesn't check for Ropes when performing a character switch
5981 https://bugs.webkit.org/show_bug.cgi?id=85837
5983 Reviewed by Filip Pizlo.
5985 Make LLint check if the scrutinee of a char switch is a rope, and if
5986 so fall back to a slow case.
5988 * llint/LLIntSlowPaths.cpp:
5989 (JSC::LLInt::LLINT_SLOW_PATH_DECL):
5991 * llint/LowLevelInterpreter32_64.asm:
5992 * llint/LowLevelInterpreter64.asm:
5994 2012-05-15 Lucas Forschler <lforschler@apple.com>
5998 2012-05-07 Andy Estes <aestes@apple.com>
6000 ENABLE_IFRAME_SEAMLESS should be part of FEATURE_DEFINES.
6002 * Configurations/FeatureDefines.xcconfig:
6004 2012-05-15 Lucas Forschler <lforschler@apple.com>
6008 2012-05-07 Eric Seidel <eric@webkit.org>
6010 Add ENABLE_IFRAME_SEAMLESS so Apple can turn off SEAMLESS if needed
6011 https://bugs.webkit.org/show_bug.cgi?id=85822
6013 Reviewed by Adam Barth.
6015 * Configurations/FeatureDefines.xcconfig:
6017 2012-05-14 Benjamin Poulain <bpoulain@apple.com>
6019 <rdar://problem/11406944> iOS WebKit merge: stabilizing merge branch to ToT r116210 (starts Mon, May 14)
6021 Merge up to OpenSource WebKit r116210.
6023 2012-05-08 Benjamin Poulain <bpoulain@apple.com>
6025 Merge 115093 from Open Source for <rdar://problem/11339602>.
6027 2012-04-23 Filip Pizlo <fpizlo@apple.com>
6029 DFG on ARMv7 should not OSR exit on every integer division
6030 https://bugs.webkit.org/show_bug.cgi?id=84661
6032 Reviewed by Oliver Hunt.
6034 On ARMv7, ArithDiv no longer has to know whether or not to speculate integer (since
6035 that was broken with the introduction of Int32ToDouble) nor does it have to know
6036 whether or not to convert its result to integer. This is now taken care of for free
6037 with the addition of the DoubleAsInt32 node, which represents a double-is-really-int
6040 * dfg/DFGAbstractState.cpp:
6041 (JSC::DFG::AbstractState::execute):
6042 * dfg/DFGCSEPhase.cpp:
6043 (JSC::DFG::CSEPhase::performNodeCSE):
6044 * dfg/DFGFixupPhase.cpp:
6045 (JSC::DFG::FixupPhase::fixupNode):
6046 * dfg/DFGNodeType.h:
6048 * dfg/DFGOSRExit.cpp:
6049 (JSC::DFG::OSRExit::OSRExit):
6050 (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow):
6053 * dfg/DFGPredictionPropagationPhase.cpp:
6054 (JSC::DFG::PredictionPropagationPhase::propagate):
6055 * dfg/DFGSpeculativeJIT.cpp:
6056 (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
6057 (JSC::DFG::SpeculativeJIT::compileDoubleAsInt32):
6059 * dfg/DFGSpeculativeJIT.h:
6061 (JSC::DFG::SpeculativeJIT::speculationCheck):
6062 (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck):
6063 * dfg/DFGSpeculativeJIT32_64.cpp:
6064 (JSC::DFG::SpeculativeJIT::compile):
6065 * dfg/DFGSpeculativeJIT64.cpp:
6066 (JSC::DFG::SpeculativeJIT::compile):
6068 2012-05-03 Joseph Pecoraro <pecoraro@apple.com>
6070 Merged Open Source WebKit r116054.
6072 2012-05-03 Oliver Hunt <oliver@apple.com>
6074 Regression(r114702): Clobbering the caller frame register before we've stored it.
6075 https://bugs.webkit.org/show_bug.cgi?id=85564
6077 Reviewed by NOBODY (OOPS!).
6079 Don't use t0 as a temporary, when we're about to use the value in t0.
6081 * llint/LowLevelInterpreter32_64.asm:
6083 2012-05-03 Joseph Pecoraro <pecoraro@apple.com>
6085 Merged Open Source WebKit r116054.
6087 2012-05-03 Oliver Hunt <oliver@apple.com>
6089 Regression(r114702): Clobbering the caller frame register before we've stored it.
6090 https://bugs.webkit.org/show_bug.cgi?id=85564
6092 Reviewed by NOBODY (OOPS!).
6094 Don't use t0 as a temporary, when we're about to use the value in t0.
6096 * llint/LowLevelInterpreter32_64.asm:
6098 2012-05-07 Benjamin Poulain <bpoulain@apple.com>
6100 Build fix for iOS Simulator after r115523
6102 Rubber-stamped by Gavin Barraclough.
6104 The header and code is only relevant for ARM thumb2.
6109 2012-05-03 Joseph Pecoraro <pecoraro@apple.com>
6111 Merged Open Source WebKit r116054.
6113 2012-05-03 Oliver Hunt <oliver@apple.com>
6115 Regression(r114702): Clobbering the caller frame register before we've stored it.
6116 https://bugs.webkit.org/show_bug.cgi?id=85564
6118 Reviewed by NOBODY (OOPS!).
6120 Don't use t0 as a temporary, when we're about to use the value in t0.
6122 * llint/LowLevelInterpreter32_64.asm:
6124 2012-05-07 Benjamin Poulain <bpoulain@apple.com>
6126 Build fix for iOS Simulator after r115523
6128 Rubber-stamped by Gavin Barraclough.
6130 The header and code is only relevant for ARM thumb2.
6135 2012-04-25 Pratik Solanki <psolanki@apple.com>
6137 Merged Open Source WebKit r114845.
6139 2012-04-21 Darin Adler <darin@apple.com>
6141 Change JavaScript lexer to use 0 instead of -1 for sentinel, eliminating the need to put characters into ints
6142 https://bugs.webkit.org/show_bug.cgi?id=84523
6144 Reviewed by Oliver Hunt.
6146 Profiles showed that checks against -1 were costly, and I saw they could be eliminated.
6147 Streamlined this code to use standard character types and 0 rather than -1. One benefit
6148 of this is that there's no widening and narrowing. Another is that there are many cases
6149 where we already have the correct behavior for 0, so can eliminate a branch that was
6150 used to test for -1 before. Also eliminates typecasts in the code.
6153 (JSC::Lexer::invalidCharacterMessage): Updated use of String::format since m_current is now a
6154 character type, not an int.
6155 (JSC::Lexer::setCode): Use 0 rather than -1 when past the end.
6156 (JSC::Lexer::shift): Ditto. Also spruced up the comment a bit.
6157 (JSC::Lexer::atEnd): Added. New function that distinguishes an actual 0 character from the end
6158 of the code. This can be used places we used to cheeck for -1.
6159 (JSC::Lexer::peek): Updated to use -1 instead of 0. Removed meaningless comment.
6160 (JSC::Lexer::parseFourDigitUnicodeHex): Changed to use character types instead of int.
6161 (JSC::Lexer::shiftLineTerminator): Removed now-unneeded type casts. Changed local variable that
6162 had a data-member-style name.
6163 (JSC::Lexer::parseIdentifier): Removed now-unneeded explicit checks for -1, since the isIdentPart
6164 function already returns false for the 0 character. Updated types in a couple other places. Used
6165 the atEnd function where needed.
6166 (JSC::Lexer::parseIdentifierSlowCase): More of the same.
6167 (JSC::characterRequiresParseStringSlowCase): Added overloaded helper function for parseString.
6168 (JSC::Lexer::parseString): Ditto.
6169 (JSC::Lexer::parseStringSlowCase): Ditto.
6170 (JSC::Lexer::parseMultilineComment): Ditto.
6171 (JSC::Lexer::lex): More of the same. Also changed code to set the startOffset directly in
6172 the tokenInfo instead of putting it in a local variable first, saving some memory access.
6173 (JSC::Lexer::scanRegExp): Ditto.
6174 (JSC::Lexer::skipRegExp): Ditto.
6176 * parser/Lexer.h: Changed return type of the peek function and type of m_current from int to
6177 the character type. Added atEnd function.
6178 (JSC::Lexer::setOffset): Used 0 instead of -1 and removed an overzealous attempt to optimize.
6179 (JSC::Lexer::lexExpectIdentifier): Used 0 instead of -1.
6181 2012-04-25 Pratik Solanki <psolanki@apple.com>
6183 Merged Open Source WebKit r114844.
6185 2012-04-21 Darin Adler <darin@apple.com>
6187 Change JavaScript lexer to use 0 instead of -1 for sentinel, eliminating the need to put characters into ints
6188 https://bugs.webkit.org/show_bug.cgi?id=84523
6190 Reviewed by Oliver Hunt.
6192 Separate preparation step of copyright dates, renaming, and other small tweaks.
6195 (JSC::Lexer::invalidCharacterMessage): Removed "get" from name to match WebKit naming conventions.
6196 (JSC::Lexer::peek): Removed meaningless comment.
6197 (JSC::Lexer::parseFourDigitUnicodeHex): Renamed from getUnicodeCharacter to be more precise about
6198 what this function does.
6199 (JSC::Lexer::shiftLineTerminator): Renamed local variable that had a data-member-style name.
6200 (JSC::Lexer::parseStringSlowCase): Updated for new name of parseFourDigitUnicodeHex.
6201 (JSC::Lexer::lex): Updated for new name of invalidCharacterMessage.
6203 * parser/Lexer.h: Removed an unneeded forward declaration of the RegExp class.
6204 Renamed getInvalidCharMessage to invalidCharacterMessage and made it const. Renamed
6205 getUnicodeCharacter to parseFourDigitUnicodeHex.
6207 2012-04-26 Benjamin Poulain <bpoulain@apple.com>
6209 Merge OpenSource WebKit r115290.
6211 2012-04-25 Benjamin Poulain <benjamin@webkit.org>
6213 Add a version of StringImpl::find() without offset
6214 https://bugs.webkit.org/show_bug.cgi?id=83968
6216 Reviewed by Sam Weinig.
6218 Add support for the new StringImpl::find() to UString.
6220 Change stringProtoFuncIndexOf() to specifically take advatage of the feature.
6221 This gives a 12% gains on a distribution of strings between 30 and 100 characters.
6223 * runtime/StringPrototype.cpp:
6224 (JSC::substituteBackreferences):
6225 (JSC::stringProtoFuncIndexOf):
6226 * runtime/UString.h:
6228 (JSC::UString::find):
6230 2012-04-26 Benjamin Poulain <bpoulain@apple.com>
6232 Merge OpenSource WebKit r115132.
6234 2012-04-24 Benjamin Poulain <bpoulain@apple.com>
6236 Generalize the single character optimization of r114072
6237 https://bugs.webkit.org/show_bug.cgi?id=83961
6239 Reviewed by Eric Seidel.
6241 Use the regular String::find(StringImpl*) in all cases now that it has been made faster.
6243 * runtime/StringPrototype.cpp:
6244 (JSC::replaceUsingStringSearch):
6246 2012-04-26 Benjamin Poulain <bpoulain@apple.com>
6248 Merge OpenSource WebKit r114793.
6250 2012-04-20 Benjamin Poulain <bpoulain@apple.com>
6252 Inline the JSArray constructor
6253 https://bugs.webkit.org/show_bug.cgi?id=84416
6255 Reviewed by Geoffrey Garen.
6257 The constructor is trivial, no reason to jump for it.
6259 This makes the creation of array ~5% faster (on non-trivial cases, no empty arrays).
6261 * runtime/JSArray.cpp:
6263 * runtime/JSArray.h:
6264 (JSC::JSArray::JSArray):
6265 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
6267 2012-04-26 Benjamin Poulain <bpoulain@apple.com>
6269 Merge OpenSource WebKit r114539.
6271 2012-04-18 Benjamin Poulain <bpoulain@apple.com>
6273 Remove m_subclassData from JSArray, move the attribute to subclass as needed
6274 https://bugs.webkit.org/show_bug.cgi?id=84249
6276 Reviewed by Geoffrey Garen.
6278 JSArray's m_subclassData is only used by WebCore's RuntimeArray. This patch moves
6279 the attribute to RuntimeArray to avoid allocating memory for the pointer in the common
6282 This gives ~1% improvement in JSArray creation microbenchmark thanks to fewer allocations
6285 * jit/JITInlineMethods.h:
6286 (JSC::JIT::emitAllocateJSArray):
6287 * runtime/JSArray.cpp:
6288 (JSC::JSArray::JSArray):
6289 * runtime/JSArray.h:
6291 2012-04-26 Benjamin Poulain <bpoulain@apple.com>
6293 Merge OpenSource WebKit r114521.
6295 2012-04-18 Benjamin Poulain <bpoulain@apple.com>
6297 replaceUsingStringSearch: delay the creation of the replace string until needed
6298 https://bugs.webkit.org/show_bug.cgi?id=83841
6300 Reviewed by Geoffrey Garen.
6302 We do not need to obtain the replaceValue until we have a match. By moving the intialization
6303 of replaceValue when needed, we save a few instructions when there is no match.
6305 * runtime/StringPrototype.cpp:
6306 (JSC::replaceUsingRegExpSearch):
6307 (JSC::replaceUsingStringSearch):
6308 (JSC::stringProtoFuncReplace):
6310 2012-04-26 Benjamin Poulain <bpoulain@apple.com>
6312 Merge OpenSource WebKit r114072.
6314 2012-04-12 Benjamin Poulain <bpoulain@apple.com>
6316 Improve replaceUsingStringSearch() for case of a single character searchValue
6317 https://bugs.webkit.org/show_bug.cgi?id=83738
6319 Reviewed by Geoffrey Garen.
6321 This patch improves replaceUsingStringSearch() with the following:
6322 -Add a special case for single character search, taking advantage of the faster WTF::find().
6323 -Inline replaceUsingStringSearch().
6324 -Use StringImpl::create() instead of UString::substringSharingImpl() since we know we are in the bounds
6327 This gives less than 1% improvement for the multicharacter replace.
6328 The single character search show about 9% improvement.
6330 * runtime/StringPrototype.cpp:
6331 (JSC::replaceUsingStringSearch):
6333 2012-04-26 Benjamin Poulain <bpoulain@apple.com>
6335 Merge OpenSource WebKit r113886.
6337 2012-04-11 Benjamin Poulain <bpoulain@apple.com>
6339 Optimize String.split() for 1 character separator
6340 https://bugs.webkit.org/show_bug.cgi?id=83546
6342 Reviewed by Gavin Barraclough.
6344 This patch adds a serie of optimizations to make stringProtoFuncSplit() faster in the common case
6345 where the separator is a single character.
6347 The two main gains are:
6348 -Use of the find() function with a single character instead of doing a full string matching.
6349 -Use of WTF::find() instead of UString::find() to avoid branching on is8Bit() and have a simpler inline
6352 The code is also changed to avoid making unnecessary allocations by converting the 8bit string to 16bits.
6354 This makes String.split() faster by about 13% in that particular case.
6356 * runtime/StringPrototype.cpp:
6358 (JSC::splitStringByOneCharacterImpl):
6359 (JSC::stringProtoFuncSplit):
6361 2012-04-26 Benjamin Poulain <bpoulain@apple.com>
6363 Merge OpenSource WebKit r113530.
6365 2012-04-06 Benjamin Poulain <bpoulain@apple.com>
6367 Do not abuse ArrayStorage's m_length for testing array consistency
6368 https://bugs.webkit.org/show_bug.cgi?id=83403
6370 Reviewed by Geoffrey Garen.
6372 Array creation from a list of values is a 3 steps process:
6373 -JSArray::tryCreateUninitialized()
6374 -JSArray::initializeIndex() for each values
6375 -JSArray::completeInitialization()
6377 Previously, the attribute m_length was not set to the final size
6378 JSArray::tryCreateUninitialized() because it was used to test the array
6379 consistency JSArray::initializeIndex().
6381 This caused the initialization loop using JSArray::initializeIndex() maintain
6384 -storage->m_length++
6386 This patch fixes this by using the index of the initialization loop for the indinces of
6387 JSArray::initializeIndex(). For testing consistency, the variable m_initializationIndex
6388 is introduced if CHECK_ARRAY_CONSISTENCY is defined.
6390 The patch also fixes minor unrelated build issue when CHECK_ARRAY_CONSISTENCY is defined.
6392 This improves the performance of JSArray creation from literals by 8%.
6394 * runtime/JSArray.cpp:
6395 (JSC::JSArray::tryFinishCreationUninitialized):
6396 (JSC::JSArray::checkConsistency):
6397 * runtime/JSArray.h:
6399 (JSC::JSArray::initializeIndex):
6400 (JSC::JSArray::completeInitialization):
6402 2012-04-24 Yongjun Zhang <yongjun_zhang@apple.com>
6404 <rdar://problem/11210742> iOS WebKit merge: stabilizing merge branch to ToT r113485
6406 Merge up to OpenSource WebKit r113485.
6408 2012-04-18 Filip Pizlo <fpizlo@apple.com>
6410 Merge r114434 from OpenSource WebKit.
6411 <rdar://problem/10767252>
6413 2012-04-17 Filip Pizlo <fpizlo@apple.com>
6415 DFG and LLInt should not clobber the frame pointer on ARMv7
6416 https://bugs.webkit.org/show_bug.cgi?id=84185
6417 <rdar://problem/10767252>
6419 Reviewed by Gavin Barraclough.
6421 Changed LLInt to use a different register. Changed DFG to use one fewer
6422 registers. We should revisit this and switch the DFG to use a different
6423 register instead of r7, but we can do that in a subsequent step since
6424 the performance effect is tiny.
6428 (JSC::DFG::GPRInfo::toRegister):
6429 (JSC::DFG::GPRInfo::toIndex):
6430 * offlineasm/armv7.rb:
6432 2012-04-16 Filip Pizlo <fpizlo@apple.com>
6434 <rdar://problem/11244632> REGRESSION(Sundance): Crash in JSC::JSCell::toPrimitive trying to pay bill on usbank.com
6435 Merge r111244 from OpenSource WebKit.
6437 2012-03-19 Filip Pizlo <fpizlo@apple.com>
6439 LLInt get_by_pname slow path incorrectly assumes that the operands are not constants
6440 https://bugs.webkit.org/show_bug.cgi?id=81559
6442 Reviewed by Michael Saboff.
6444 * llint/LLIntSlowPaths.cpp:
6445 (JSC::LLInt::LLINT_SLOW_PATH_DECL):
6447 2012-04-13 Benjamin Poulain <bpoulain@apple.com>
6449 <rdar://problem/10951750> GEOLOCATION_PERMISSION_CACHE is incorrect
6451 Reviewed by David Kilzer.
6453 Remove the flag GEOLOCATION_PERMISSION_CACHE.
6457 2012-04-13 Michael Saboff <msaboff@apple.com>
6458 Merge r113253 from OpenSource WebKit.
6459 <rdar://problem/11179731>
6461 2012-04-04 Michael Saboff <msaboff@apple.com>
6463 Constant Blinding for add/sub immediate crashes in ArmV7 when dest is SP
6464 https://bugs.webkit.org/show_bug.cgi?id=83191
6466 Reviewed by Oliver Hunt.
6468 Make are that blinded constant pairs are similarly aligned to the
6469 original immediate values so that instructions that expect that
6470 alignment work correctly. One example is ARMv7 add/sub imm to SP.
6472 * assembler/ARMv7Assembler.h:
6473 (JSC::ARMv7Assembler::add): Added ASSERT that immediate is word aligned.
6474 (JSC::ARMv7Assembler::sub): Added ASSERT that immediate is word aligned.
6475 (JSC::ARMv7Assembler::sub_S): Added ASSERT that immediate is word aligned.
6476 * assembler/MacroAssembler.h:
6477 (JSC::MacroAssembler::additionBlindedConstant):
6479 2012-04-09 Filip Pizlo <fpizlo@apple.com>
6481 Merge r113642 from OpenSource WebKit.
6482 <rdar://problem/11204572>
6484 Note that the OpenSource changeset included a fix in dfg/DFGOperations.cpp that
6485 had already been applied to iOS WebKit.
6487 2012-04-09 Filip Pizlo <fpizlo@apple.com>
6489 Unreviewed, modernize and clean up uses of ARM assembly mnemonics in inline asm blocks.
6491 * offlineasm/armv7.rb:
6493 2012-04-06 Benjamin Poulain <bpoulain@apple.com>
6495 Merge r111433 from Open Source WebKit.
6497 Running some benchmarks without this patch is useless as it changes the profile
6500 2012-03-20 Benjamin Poulain <bpoulain@apple.com>
6502 Cache the type string of JavaScript object
6503 https://bugs.webkit.org/show_bug.cgi?id=81446
6505 Reviewed by Geoffrey Garen.
6507 Instead of creating the JSString every time, we create
6508 lazily the strings in JSGlobalData.
6510 This avoid the construction of the StringImpl and of the JSString,
6511 which gives some performance improvements.
6513 * runtime/CommonIdentifiers.h:
6514 * runtime/JSValue.cpp:
6515 (JSC::JSValue::toStringSlowCase):
6516 * runtime/Operations.cpp:
6517 (JSC::jsTypeStringForValue):
6518 * runtime/SmallStrings.cpp:
6519 (JSC::SmallStrings::SmallStrings):
6520 (JSC::SmallStrings::finalizeSmallStrings):
6521 (JSC::SmallStrings::initialize):
6523 * runtime/SmallStrings.h:
6526 2012-04-06 Benjamin Poulain <bpoulain@apple.com>
6528 Merge r111306 from Open Source WebKit.
6530 2012-03-19 Benjamin Poulain <bpoulain@apple.com>
6532 Simplify SmallStrings
6533 https://bugs.webkit.org/show_bug.cgi?id=81445
6535 Reviewed by Gavin Barraclough.
6537 SmallStrings had two methods that should not be public: count() and clear().
6539 The method clear() is effectively replaced by finalizeSmallStrings(). The body
6540 of the method was moved to the constructor since the code is obvious.
6542 The method count() is unused.
6544 * runtime/SmallStrings.cpp:
6545 (JSC::SmallStrings::SmallStrings):
6546 * runtime/SmallStrings.h:
6549 2012-04-06 David Kilzer <ddkilzer@apple.com>
6551 <rdar://problem/9587937> Switch c++0x and switch from libstdc++ to libc++ when building with clang
6553 Reviewed by Sam Weinig.
6555 * Configurations/Base.xcconfig: Set CLANG_CXX_LIBRARY based on
6558 2012-04-04 David Kilzer <ddkilzer@apple.com>
6560 <rdar://problem/11184606> UIKit-806c85 failed to build in the Innsbruck autoBot for sim
6562 Reviewed by Matt Lilek.
6564 * Configurations/Base.xcconfig: Hard-code VALID_ARCHS for
6565 iphoneos and iphonesimulator.
6567 2012-04-03 Pratik Solanki <psolanki@apple.com>
6569 Merged Open Source WebKit r113113.
6571 2012-04-03 Filip Pizlo <fpizlo@apple.com>
6573 Offlineasm ARM backend uses the wrong mnemonic for multiply
6574 https://bugs.webkit.org/show_bug.cgi?id=83098
6575 <rdar://problem/11168744>
6577 Reviewed by Gavin Barraclough.
6579 Use "mul" instead of "muls" since we're passing three operands, not two.
6581 * offlineasm/armv7.rb:
6583 2012-04-03 Pratik Solanki <psolanki@apple.com>
6585 Merged Open Source WebKit r113113.
6587 2012-04-03 Filip Pizlo <fpizlo@apple.com>
6589 Offlineasm ARM backend uses the wrong mnemonic for multiply
6590 https://bugs.webkit.org/show_bug.cgi?id=83098
6591 <rdar://problem/11168744>
6593 Reviewed by Gavin Barraclough.
6595 Use "mul" instead of "muls" since we're passing three operands, not two.
6597 * offlineasm/armv7.rb:
6599 2012-04-03 Pratik Solanki <psolanki@apple.com>
6601 Merged Open Source WebKit r113113.
6603 2012-04-03 Filip Pizlo <fpizlo@apple.com>
6605 Offlineasm ARM backend uses the wrong mnemonic for multiply
6606 https://bugs.webkit.org/show_bug.cgi?id=83098
6607 <rdar://problem/11168744>
6609 Reviewed by Gavin Barraclough.
6611 Use "mul" instead of "muls" since we're passing three operands, not two.
6613 * offlineasm/armv7.rb:
6615 2012-04-03 Pratik Solanki <psolanki@apple.com>
6617 Merged Open Source WebKit r113113.
6619 2012-04-03 Filip Pizlo <fpizlo@apple.com>
6621 Offlineasm ARM backend uses the wrong mnemonic for multiply
6622 https://bugs.webkit.org/show_bug.cgi?id=83098
6623 <rdar://problem/11168744>
6625 Reviewed by Gavin Barraclough.
6627 Use "mul" instead of "muls" since we're passing three operands, not two.
6629 * offlineasm/armv7.rb:
6631 2012-04-04 Pratik Solanki <psolanki@apple.com>
6633 Merged Open Source WebKit r113113.
6635 2012-04-03 Filip Pizlo <fpizlo@apple.com>
6637 Offlineasm ARM backend uses the wrong mnemonic for multiply
6638 https://bugs.webkit.org/show_bug.cgi?id=83098
6639 <rdar://problem/11168744>
6641 Reviewed by Gavin Barraclough.
6643 Use "mul" instead of "muls" since we're passing three operands, not two.
6645 * offlineasm/armv7.rb:
6647 2012-04-04 Pratik Solanki <psolanki@apple.com>
6649 Merge Open Source WebKit r112285.
6651 2012-03-27 Pratik Solanki <psolanki@apple.com>
6653 Compiler warning when JIT is not enabled
6654 https://bugs.webkit.org/show_bug.cgi?id=82352
6656 Reviewed by Filip Pizlo.
6658 * runtime/JSFunction.cpp:
6659 (JSC::JSFunction::create):
6661 2012-04-04 Pratik Solanki <psolanki@apple.com>
6663 <rdar://problem/11142625> iOS WebKit merge: stabilizing merge branch to ToT r111184
6665 Merge up to OpenSource WebKit r111184.
6667 2012-04-01 David Kilzer <ddkilzer@apple.com>
6669 <rdar://problem/10429650> Remove resources from JavaScriptCore.framework in carrier/customer images
6671 Reviewed by David Carson.
6673 This patch sets SKIP_INSTALL=YES for testRegExp to prevent its
6674 installation. Previously, SKIP_INSTALL was set to NO in the
6675 Xcode project file, overriding the setting in
6676 ToolExecutable.xcconfig and causing testRegExp to be installed.
6678 The remaining changes are simply removing duplicate settings in
6679 the Xcode project file that are already in JSC.xcconfig or
6680 ToolExecutable.xcconfig.
6682 * Configurations/ToolExecutable.xcconfig: Added
6683 CODE_SIGN_ENTITLEMENTS for iphoneos platform.
6684 * JavaScriptCore.xcodeproj/project.pbxproj:
6685 (testRegExp Production_Deployment): Remove INSTALL_PATH_* and
6686 SKIP_INSTALL macros.
6687 (testRegExp Production_Hardware): Remove CODE_SIGN_ENTITLEMENTS,
6688 INSTALL_PATH and SKIP_INSTALL macros.
6689 (minidom Production_Hardware): Remove CODE_SIGN_ENTITLEMENTS.
6690 (jsc Production_Hardware): Remove CODE_SIGN_ENTITLEMENTS,
6691 INSTALL_PATH and SKIP_INSTALL macros.
6692 (minidom Development_Hardware): Remove CODE_SIGN_ENTITLEMENTS.
6693 (testapi Development): Remove INSTALL_PATH_* macros.
6694 (jsc Development): Ditto.
6695 (minidom Deployment_Hardware): Remove CODE_SIGN_ENTITLEMENTS.
6696 (testapi Deployment): Ditto.
6697 (jsc Deployment): Ditto.
6698 (testapi Production_Deployment): Remove INSTALL_PATH_* and
6699 SKIP_INSTALL macros.
6700 (jsc Production_Deployment): Ditto.
6702 2012-03-29 Yongjun Zhang <yongjun_zhang@apple.com>
6704 Merge ToT WebKit r112595.
6706 2012-03-29 Filip Pizlo <fpizlo@apple.com>
6708 Unreviewed build fix for non-x86 platforms.
6710 * dfg/DFGSpeculativeJIT.cpp:
6711 (JSC::DFG::SpeculativeJIT::compileSoftModulo):
6712 * dfg/DFGSpeculativeJIT.h:
6713 (JSC::DFG::SpeculativeJIT::callOperation):
6714 * jit/JITArithmetic32_64.cpp:
6715 (JSC::JIT::emitSlow_op_mod):
6717 2012-03-29 Yongjun Zhang <yongjun_zhang@apple.com>
6719 Merge ToT WebKit r112595.
6721 2012-03-29 Filip Pizlo <fpizlo@apple.com>
6723 Unreviewed build fix for non-x86 platforms.
6725 * dfg/DFGSpeculativeJIT.cpp:
6726 (JSC::DFG::SpeculativeJIT::compileSoftModulo):
6727 * dfg/DFGSpeculativeJIT.h:
6728 (JSC::DFG::SpeculativeJIT::callOperation):
6729 * jit/JITArithmetic32_64.cpp:
6730 (JSC::JIT::emitSlow_op_mod):
6732 2012-03-29 Yongjun Zhang <yongjun_zhang@apple.com>
6734 Merge ToT WebKit r112595.
6736 2012-03-29 Filip Pizlo <fpizlo@apple.com>
6738 Unreviewed build fix for non-x86 platforms.
6740 * dfg/DFGSpeculativeJIT.cpp:
6741 (JSC::DFG::SpeculativeJIT::compileSoftModulo):
6742 * dfg/DFGSpeculativeJIT.h:
6743 (JSC::DFG::SpeculativeJIT::callOperation):
6744 * jit/JITArithmetic32_64.cpp:
6745 (JSC::JIT::emitSlow_op_mod):
6747 2012-03-29 Yongjun Zhang <yongjun_zhang@apple.com>
6749 Merge ToT WebKit r112595.
6751 2012-03-29 Filip Pizlo <fpizlo@apple.com>
6753 Unreviewed build fix for non-x86 platforms.
6755 * dfg/DFGSpeculativeJIT.cpp:
6756 (JSC::DFG::SpeculativeJIT::compileSoftModulo):
6757 * dfg/DFGSpeculativeJIT.h:
6758 (JSC::DFG::SpeculativeJIT::callOperation):
6759 * jit/JITArithmetic32_64.cpp:
6760 (JSC::JIT::emitSlow_op_mod):
6762 2012-03-28 David Kilzer <ddkilzer@apple.com>
6764 minidom configurations should be based on ToolExecutable.xcconfig
6765 <http://webkit.org/b/82513>
6767 Merged ToT WebKit r112496.
6769 * JavaScriptCore.xcodeproj/project.pbxproj:
6770 - Base all iOS configurations for minidom on
6771 ToolExecutable.xcconfig.
6772 - Remove redundant variables in iOS configurations for minidom:
6773 INSTALL_PATH, INSTALL_PATH_ACTUAL, PRODUCT_NAME, SKIP_INSTALL.
6775 2012-03-28 David Kilzer <ddkilzer@apple.com>
6777 minidom configurations should be based on ToolExecutable.xcconfig
6778 <http://webkit.org/b/82513>
6780 Reviewed by Mark Rowe.
6782 Note that this patch changes minidom from being installed in
6783 /usr/local/bin to JavaScriptCore.framework/Resources.
6785 * Configurations/ToolExecutable.xcconfig: Add semi-colon.
6786 * JavaScriptCore.xcodeproj/project.pbxproj: Base minidom
6787 configurations on ToolExecutable.xcconfig. Remove redundant
6788 PRODUCT_NAME and SKIP_INSTALL variables.
6790 2012-03-28 David Kilzer <ddkilzer@apple.com>
6792 Make Debug/Release/Production configurations work with iOS JavaScriptCore
6794 Reviewed by Joseph Pecoraro.
6796 Part of: <rdar://problem/10568199> WebKit: Switch to Debug/Release/Production configurations for iphoneos and iphonesimulator builds
6798 This change makes Debug, Release and Production configurations
6799 work when building from Xcode and ~rc/bin/buildit and targeting
6800 an iOS SDK. The Development, Deployment, Production_Deployment
6801 configurations and the Development_Hardware, Deployment_Hardware
6802 and Production_Hardware configurations still work, but will be
6803 removed once B&I switches over to Production targets and once
6804 build-webkit is updated to use Debug and Release for local iOS
6807 The only real change in B&I builds is that testRegExp is no
6808 longer installed when building for the iphoneos platform, which
6809 matches OS X builds.
6811 * Configurations/Base.xcconfig:
6812 - Include iOS.xcconfig.
6813 - Fix VALID_ARCHS for each platform.
6814 - Define INSTALL_PATH for OS X builds just like it's defined in
6815 AspenFamily.xcconfig. This makes it possible to define the
6816 install path only once for both iOS and OS X, and makes the
6817 definition of INSTALL_PATH* variables much simpler in other
6819 * Configurations/Indigo.xcconfig: Removed. This isn't needed
6820 anymore since AspenFamily.xcconfig is included in
6821 Base.xcconfig via iOS.xcconfig.
6822 * Configurations/JSC.xcconfig: Rename INSTALL_PATH to
6823 INSTALL_PATH_ACTUAL. Use .../Resources instead of
6824 .../Versions/A/Resources since the former works on both iOS
6825 and OS X. ToolExecutable.xcconfig already does this.
6826 * Configurations/JavaScriptCore.xcconfig: Simplify the
6827 INSTALL_PATH mess. (This is what can happen if INSTALL_PATH
6828 is not defined in Base.xcconfig.)
6829 * Configurations/ToolExecutable.xcconfig: Rename INSTALL_PATH to
6830 INSTALL_PATH_ACTUAL.
6831 * Configurations/iOS.xcconfig: Use this xcconfig file to obscure
6832 the path to and name of AspenFamily.xcconfig. Normally it
6833 would have been removed just like Indigo.xcconfig, but we want
6835 * JavaScriptCore.xcodeproj/project.pbxproj:
6836 - Remove references to IndigoSDK.xcconfig and AspenSDK.xcconfig.
6837 These are AppleInternal files that are not part of the
6838 project. They were originally added for convenience.
6839 - Remove Indigo.xcconfig since it was deleted.
6840 - Update the base xcconfig files for targets in the legacy iOS
6841 configurations. The iOS configurations now match their Debug,
6842 Release, and Production counterparts.
6844 2012-03-28 David Kilzer <ddkilzer@apple.com>
6846 Let Xcode 4.5 update the JavaScriptCore project file
6848 Reviewed by Pratik Solanki.
6850 * JavaScriptCore.xcodeproj/project.pbxproj:
6851 - Remove references to non-existent AllocationSpace.{h|cpp}
6853 - Re-sort Development configuration for JSCLLIntOffsetsExtractor
6855 - Fix the configuration names in the "LLInt Offsets" target.
6857 2012-03-27 David Kilzer <ddkilzer@apple.com>
6859 Fix path setting for ios folder
6861 Rubber-stamped by Anders Carlsson.
6863 * JavaScriptCore.xcodeproj/project.pbxproj:
6865 2012-03-27 David Kilzer <ddkilzer@apple.com>
6867 Remove duplicate copy of CommonSlowPaths.h
6869 Reviewed by Joseph Pecoraro.
6871 * JavaScriptCore.xcodeproj/project.pbxproj:
6873 2012-03-27 Matt Lilek <mrl@apple.com>
6875 <rdar://problem/11124194> JavaScriptCore-1049 fails to build with clang-421.1.5 due to -fno-var-tracking flag
6877 Merge OpenSource r112313.
6879 2012-03-27 Matt Lilek <mrl@apple.com>
6881 Stop compiling Interpreter.cpp with -fno-var-tracking
6882 https://bugs.webkit.org/show_bug.cgi?id=82299
6884 Reviewed by Anders Carlsson.
6886 * JavaScriptCore.xcodeproj/project.pbxproj:
6888 2012-03-23 Alexey Proskuryakov <ap@apple.com>
6890 <rdar://problem/8268351> Enable BLOB
6892 Merge OpenSource r111931.
6894 2012-03-23 Alexey Proskuryakov <ap@apple.com>
6896 [Mac] No need for platform-specific ENABLE_BLOB values
6897 https://bugs.webkit.org/show_bug.cgi?id=82102
6899 Reviewed by David Kilzer.
6901 * Configurations/FeatureDefines.xcconfig:
6903 2012-03-21 Filip Pizlo <fpizlo@apple.com>
6905 GC should not attempt to clear LLInt instruction inline caches for code blocks that are in
6906 the process of being generated
6907 https://bugs.webkit.org/show_bug.cgi?id=81565
6908 <rdar://problem/10987024>
6910 Reviewed by Oliver Hunt.
6912 Merge OpenSource r111264.
6914 * bytecode/CodeBlock.cpp:
6915 (JSC::CodeBlock::finalizeUnconditionally):
6917 2012-03-20 Oliver Hunt <oliver@apple.com>
6919 <rdar://problem/11083923> Having LLINT enabled without JIT entitlements results in crashes
6921 Merge OpenSource r111431
6923 2012-03-20 Oliver Hunt <oliver@apple.com>
6925 Allow LLINT to work even when executable allocation fails.
6926 https://bugs.webkit.org/show_bug.cgi?id=81693
6928 Reviewed by Gavin Barraclough.
6930 Don't crash if executable allocation fails if we can fall back on LLINT
6932 * jit/ExecutableAllocatorFixedVMPool.cpp:
6933 (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
6934 * wtf/OSAllocatorPosix.cpp:
6935 (WTF::OSAllocator::reserveAndCommit):
6937 2012-03-19 Oliver Hunt <oliver@apple.com>
6939 <rdar://problem/11077141> iOS WebKit merge: stabilizing merge branch to ToT r110032
6941 Merge up to OpenSource WebKit r110032.
6943 Also needed to pull in ARMv7 fix from r110751 to ensure we have a working JIT.
6945 2012-03-16 Matt Lilek <mrl@apple.com>
6947 <rdar://problem/11013563> WeatherApp fails to build in xcodebuild due to warnings about ENABLE_INSPECTOR being redefined
6949 ENABLE_INSPECTOR is already defined above and since we don't need to worry about armv6 anymore, we can use the logic
6950 above to handle ENABLE_PURGEABLE_MEMORY.
6952 Reviewed by Paul Knight and Joseph Pecoraro.
6956 2012-03-16 Matt Lilek <mrl@apple.com>
6958 <rdar://problem/11055309> JavaScriptCore-1044 fails to build with clang-421.1.4: pre-UAL syntax in inline assembly
6960 Reviewed by Geoff Garen.
6962 * dfg/DFGOperations.cpp:
6965 2012-03-08 Matt Lilek <mrl@apple.com>
6967 <rdar://problem/10821239> ENABLE_VIDEO_TRACK should not be defined for iOS
6969 Merge OpenSource r110212.
6971 2012-03-08 Matt Lilek <mrl@apple.com>
6973 Don't enable VIDEO_TRACK on all OS X platforms
6974 https://bugs.webkit.org/show_bug.cgi?id=80635
6976 Reviewed by Eric Carlson.
6978 * Configurations/FeatureDefines.xcconfig:
6980 2012-03-04 David Kilzer <ddkilzer@apple.com>
6982 Fix build when the classic interpreter is enabled
6984 Merged ToT WebKit r109678.
6986 2012-03-04 David Kilzer <ddkilzer@apple.com>
6988 Fix build when the classic interpreter is enabled
6990 Reviewed by Gavin Barraclough.
6992 Fixes the following build error when running the "Generate
6993 Derived Sources" build phase script:
6995 offlineasm: Parsing JavaScriptCore/llint/LowLevelInterpreter.asm and ../../JSCLLIntOffsetsExtractor and creating assembly file LLIntAssembly.h.
6996 ./JavaScriptCore/offlineasm/offsets.rb:145:in `offsetsAndConfigurationIndex': unhandled exception
6997 from JavaScriptCore/offlineasm/asm.rb:131
6998 Command /bin/sh failed with exit code 1
7000 Gavin's fix in r109674 avoided the #error statement in
7001 JITStubs.h when compiling LLIntOffsetsExtractor.cpp, but it
7002 caused the "Generate Derived Sources" build phase script to fail
7003 when JavaScriptCore/offlineasm/asm.rb was run. The solution is
7004 to detect when the classic interpreter is being built and simply
7005 exit early from asm.rb in that case.
7007 * llint/LLIntOffsetsExtractor.cpp:
7008 (JSC::LLIntOffsetsExtractor::dummy): Return NULL pointer if the
7009 JIT is disabled. Note that offsets.rb doesn't care about the
7010 return value here, but instead it cares about finding the magic
7011 values in the binary. The magic values are no longer present
7012 when the JIT is disabled.
7013 * offlineasm/asm.rb: Catch MissingMagicValuesException and exit
7014 early with a status message.
7015 * offlineasm/offsets.rb:
7016 (MissingMagicValuesException): Add new exception class.
7017 (offsetsAndConfigurationIndex): Throw
7018 MissingMagicValuesException when no magic values are found.
7020 2012-03-04 Gavin Barraclough <barraclough@apple.com>
7022 Merge ToT r109674 - this fixes the Innsbruck build.
7024 2012-03-04 Gavin Barraclough <barraclough@apple.com>
7026 Unreviewed build fix.
7029 - Move ENABLE(JIT) to head of file.
7031 2012-03-02 Filip Pizlo <fpizlo@apple.com>
7033 Cherry-pick merge of r109519 and r109522. <rdar://problem/10974632>
7035 2012-03-02 Filip Pizlo <fpizlo@apple.com>
7037 Unreviewed build fix for platforms that have DFG_JIT disabled but PARALLEL_GC enabled.
7039 * bytecode/CodeBlock.cpp:
7040 (JSC::CodeBlock::visitAggregate):
7042 2012-03-01 Filip Pizlo <fpizlo@apple.com>
7044 DFGCodeBlocks should not trace CodeBlocks that are also going to be traced by
7045 virtue of being in the transitive closure
7046 https://bugs.webkit.org/show_bug.cgi?id=80098
7048 Reviewed by Anders Carlsson.
7050 If DFGCodeBlocks traces a CodeBlock that might also be traced via its owner Executable,
7051 then you might have the visitAggregate() method called concurrently by multiple threads.
7052 This is benign on 64-bit -- visitAggregate() and everything it calls turns out to be
7053 racy and slightly imprecise but not unsound. But on 32-bit, visitAggregate() may crash
7054 due to word tearing in ValueProfile bucket updates inside of computeUpdatedPrediction().
7056 It would seem that the fix is just to have DFGCodeBlocks not trace CodeBlocks that are
7057 not jettisoned. But CodeBlocks may be jettisoned later during the GC, so it must trace
7058 any CodeBlock that it knows to be live by virtue of it being reachable from the stack.
7059 Hence the real fix is to make sure that concurrent calls into CodeBlock::visitAggregate()
7060 don't lead to two threads racing over each other as they clobber state. This patch
7061 achieves this with a simple CAS loop: whichever thread wins the CAS race (which is
7062 trivially linearizable) will get to trace the CodeBlock; all other threads give up and
7065 Unfortunately there will be no new tests. It's possible to reproduce this maybe 1/10
7066 times by running V8-v6's raytrace repeatedly, using the V8 harness hacked to rerun it
7067 even when it's gotten sufficient counts. But that takes a while - sometimes up to a
7068 minute to get a crash. I have no other reliable repro case.
7070 * bytecode/CodeBlock.cpp:
7071 (JSC::CodeBlock::visitAggregate):
7072 * bytecode/CodeBlock.h:
7074 * heap/DFGCodeBlocks.cpp:
7075 (JSC::DFGCodeBlocks::clearMarks):
7077 2012-03-01 Filip Pizlo <fpizlo@apple.com>
7079 Fix the build of universal binary with ARMv7s of JavaScriptCore
7081 * llint/LLIntOfflineAsmConfig.h:
7082 * llint/LowLevelInterpreter.asm:
7084 2012-02-29 Benjamin Poulain <bpoulain@apple.com>
7086 Stabilization: fix the debug/development build
7088 Reviewed by David Kilzer.
7090 On iOS, there is an extra assertion for pthread_main_np(). This was failing in
7091 Debug due to the function being undefined.
7093 * wtf/text/StringStatics.cpp:
7095 2012-03-01 Benjamin Poulain <bpoulain@apple.com>
7097 <rdar://problem/10922144> iOS WebKit merge: stabilizing merge branch to ToT r108448 or later (to pick up LLInt)
7099 Integrate the merge branch of Matt up to OpenSource WebKit r109201.
7101 2012-02-28 Benjamin Poulain <bpoulain@apple.com>
7103 <rdar://problem/8976264> MobileSafari should switch to client-based geolocation
7105 Reviewed by David Kilzer.
7107 * Configurations/FeatureDefines.xcconfig: Enable Client Based Geolocation.
7109 2012-02-28 Dean Jackson <dino@apple.com>
7111 <rdar://problem/10042073> Make CSS filters work on iOS
7113 Reviewed by Joseph Pecoraro.
7115 Turn ENABLE_CSS_FILTERS on for iOS.
7117 * Configurations/FeatureDefines.xcconfig:
7119 2012-02-27 Tim Horton <timothy_horton@apple.com>
7121 <rdar://problem/6136646> iOS: Enable SVG filters
7123 Reviewed by Dean Jackson.
7127 * Configurations/FeatureDefines.xcconfig:
7130 2012-02-24 Chris Marrin <cmarrin@apple.com>
7132 Make requestAnimationFrame work on iOS (change CVDisplayLink to CADisplayLink)
7133 <rdar://problem/10406593>
7135 Turn on requestAnimationFrame flags for iOS
7137 Reviewed by Dean Jackson.
7141 2012-02-23 Pratik Solanki <psolanki@apple.com>
7143 <rdar://problem/10922577> Define WTF_USE_COREMEDIA on Sundance only
7145 Reviewed by Simon Fraser.
7147 This allows us to build and run ToT WebKit on Hoodoo. USE(COREMEDIA) code requires header
7148 files that are not present on Hoodoo.
7152 2012-02-23 Benjamin Poulain <bpoulain@apple.com>
7154 Remove JavaScriptCore.exp
7156 Reviewed by Joseph Pecoraro.
7158 For some reason, the file was not deleted in the merge branch. It was supposed
7159 to disappear following https://bugs.webkit.org/show_bug.cgi?id=72854
7161 * JavaScriptCore.exp: Removed.
7163 2012-02-22 Benjamin Poulain <bpoulain@apple.com>
7165 Merge Open Source WebKit r108432.
7167 2012-02-21 Oliver Hunt <oliver@apple.com>
7169 Unbreak double-typed arrays on ARMv7
7170 https://bugs.webkit.org/show_bug.cgi?id=79177
7172 Reviewed by Gavin Barraclough.
7174 The existing code had completely broken address arithmetic.
7176 * JSCTypedArrayStubs.h:
7178 * assembler/MacroAssemblerARMv7.h:
7179 (JSC::MacroAssemblerARMv7::storeDouble):
7180 (JSC::MacroAssemblerARMv7::storeFloat):
7182 2012-02-15 Jer Noble <jer.noble@apple.com>
7184 <rdar://problem/10326923> Support HTML5 media synchronization through AVFoundation
7186 Merged ToT revisions 106978, 106996
7188 2012-02-06 Jer Noble <jer.noble@apple.com>
7190 Use CMClock as a timing source for PlatformClock where available.
7192 https://bugs.webkit.org/show_bug.cgi?id=77885
7194 Reviewed by Eric Carlson.
7196 * wtf/Platform.h: Added WTF_USE_COREMEDIA.
7198 2012-02-14 Michael Saboff <msaboff@apple.com>
7200 Merged TOT revision 107400
7202 2012-02-10 Michael Saboff <msaboff@apple.com>
7204 Yarr assert with regexp where alternative in *-quantified group matches empty
7205 https://bugs.webkit.org/show_bug.cgi?id=67752
7207 Reviewed by Gavin Barraclough.
7209 Added backtracking for the prior alternative if it matched
7210 but didn't consume any input characters.
7214 (JSC::Yarr::YarrGenerator::generate): Emit conditional jump
7215 when an alternative matches and no input was consumed. Moved the
7216 zero length match check for a set of alternatives to the alternative
7217 code from the parentheses cases to the alternative end cases.
7218 Converted the existing zero length checks in the parentheses cases
7219 to runtime assertion checks.
7220 (JSC::Yarr::YarrGenerator::backtrack): Link new jump to backtrack
7223 2012-02-14 Oliver Hunt <oliver@apple.com>
7225 <rdar://problem/10861737> Unexpected syntax error
7229 2012-01-30 Oliver Hunt <oliver@apple.com>
7231 Unexpected syntax error
7232 https://bugs.webkit.org/show_bug.cgi?id=77340
7234 Reviewed by Gavin Barraclough.
7236 Function calls and new expressions have the same semantics for
7237 assignment, so should simply share their lhs handling.
7239 * parser/Parser.cpp:
7240 (JSC::::parseMemberExpression):
7242 2012-02-14 Oliver Hunt <oliver@apple.com>
7244 <rdar://problem/10861648> Make DFG update topCallFrame
7248 2012-01-24 Oliver Hunt <oliver@apple.com>
7250 Make DFG update topCallFrame
7251 https://bugs.webkit.org/show_bug.cgi?id=76969
7253 Reviewed by Filip Pizlo.
7255 Add NativeCallFrameTracer to manage topCallFrame assignment
7256 in the DFG operations, and make use of it.
7258 * dfg/DFGOperations.cpp:
7259 (JSC::DFG::operationPutByValInternal):
7261 * interpreter/Interpreter.h:
7263 (NativeCallFrameTracer):
7264 (JSC::NativeCallFrameTracer::NativeCallFrameTracer):
7266 2012-02-14 Oliver Hunt <oliver@apple.com>
7268 <rdar://problem/10861562> GetByteArrayLength is incorrect
7272 2012-01-06 Oliver Hunt <oliver@apple.com>
7274 GetByteArrayLength is incorrect
7275 https://bugs.webkit.org/show_bug.cgi?id=75735
7277 Reviewed by Filip Pizlo.
7279 Load the byte array length from the correct location.
7280 This stops an existing test from hanging.
7282 * dfg/DFGSpeculativeJIT32_64.cpp:
7283 (JSC::DFG::SpeculativeJIT::compile):
7284 * dfg/DFGSpeculativeJIT64.cpp:
7285 (JSC::DFG::SpeculativeJIT::compile):
7287 2012-02-13 Pratik Solanki <psolanki@apple.com>
7289 <rdar://problem/10853544> Get ToT WebKit to compile on Hoodoo
7291 Reviewed by Scott Grant.
7295 2012-02-13 Gavin Barraclough <barraclough@apple.com>
7297 Merged TOT revisions 106512, 106748, 106783, 106999
7299 2012-02-07 Gavin Barraclough <barraclough@apple.com>
7301 Crash on http://www.rickshawbags.com/
7302 https://bugs.webkit.org/show_bug.cgi?id=78045
7304 Reviewed by Darin Adler.
7306 Problem URL is: http://www.rickshawbags.com/customize/custom-bag#!thl=rickshaw/bag()
7308 This is a bug introduced by https://bugs.webkit.org/show_bug.cgi?id=71933,
7309 isVariableObject() checks were excluding StaticScopeObjects, this patch
7310 inadvertently changed them to be included.
7313 - sort JSType enum such that StaticScopeObjectType comes before VariableObjectType,
7314 and thus is excluded from isVariableObject() checks.
7316 2012-02-05 Gavin Barraclough <barraclough@apple.com>
7318 Remove JSObject defineGetter/defineSetter lookupGetter/lookupSetter
7319 https://bugs.webkit.org/show_bug.cgi?id=77451
7321 Reviewed by Sam Weinig.
7323 These can now all be implemented in terms of defineOwnProperty & getPropertyDescriptor.
7324 Also remove initializeGetterSetterProperty, since this is equivalent to putDirectAccessor.
7326 * JavaScriptCore.exp:
7327 * debugger/DebuggerActivation.cpp:
7328 (JSC::DebuggerActivation::defineOwnProperty):
7329 * debugger/DebuggerActivation.h:
7330 (DebuggerActivation):
7331 * runtime/ClassInfo.h:
7334 * runtime/JSBoundFunction.cpp:
7335 (JSC::JSBoundFunction::finishCreation):
7336 * runtime/JSCell.cpp:
7340 * runtime/JSFunction.cpp:
7341 (JSC::JSFunction::getOwnPropertySlot):
7342 (JSC::JSFunction::getOwnPropertyDescriptor):
7343 * runtime/JSGlobalObject.cpp:
7344 (JSC::JSGlobalObject::defineOwnProperty):
7346 * runtime/JSGlobalObject.h:
7348 * runtime/JSObject.cpp:
7350 * runtime/JSObject.h:
7352 * runtime/ObjectPrototype.cpp:
7353 (JSC::objectProtoFuncDefineGetter):
7354 (JSC::objectProtoFuncDefineSetter):
7355 (JSC::objectProtoFuncLookupGetter):
7356 (JSC::objectProtoFuncLookupSetter):
7358 2012-02-04 Gavin Barraclough <barraclough@apple.com>
7360 Rubber stamped by Sam Weinig.
7362 * yarr/YarrPattern.cpp:
7363 (JSC::Yarr::YarrPatternConstructor::quantifyAtom):
7366 2012-02-01 Gavin Barraclough <barraclough@apple.com>
7368 calling function on catch block scope containing an eval result in wrong this value being passed
7369 https://bugs.webkit.org/show_bug.cgi?id=77581
7371 Reviewed by Oliver Hunt.
7373 javascript:function F(){ return 'F' in this; }; try { throw F; } catch (e) { eval(""); alert(e()); }
7375 * bytecompiler/NodesCodegen.cpp:
7376 (JSC::TryNode::emitBytecode):
7377 * interpreter/Interpreter.cpp:
7378 (JSC::Interpreter::execute):
7379 * parser/ASTBuilder.h:
7380 (JSC::ASTBuilder::createTryStatement):
7381 * parser/NodeConstructors.h:
7382 (JSC::TryNode::TryNode):
7385 * parser/Parser.cpp:
7386 (JSC::::parseTryStatement):
7387 * parser/SyntaxChecker.h:
7388 (JSC::SyntaxChecker::createTryStatement):
7389 * runtime/JSObject.h:
7391 (JSC::JSObject::isStaticScopeObject):
7394 2012-02-11 Filip Pizlo <fpizlo@apple.com>
7396 Merged WebKit ToT r107492.
7398 2012-02-11 Filip Pizlo <fpizlo@apple.com>
7400 [DFG] Misuse of WeakJSConstants in silentFillGPR code.
7401 https://bugs.webkit.org/show_bug.cgi?id=78423
7402 <rdar://problem/10849353> <rdar://problem/10804043>
7404 Reviewed by Sam Weinig.
7406 The code was using Node::isConstant(), when it was supposed to use Node::hasConstant().
7407 This patch is a surgical fix; the bigger problem is: why do we have isConstant() and
7408 hasConstant() when hasConstant() is correct and isConstant() is almost always wrong?
7410 * dfg/DFGSpeculativeJIT.h:
7411 (JSC::DFG::SpeculativeJIT::silentFillGPR):
7413 2012-02-10 Mark Hahnenberg <mhahnenberg@apple.com>
7415 Merging WebKit ToT r106676 r106677
7417 2012-02-03 Mark Hahnenberg <mhahnenberg@apple.com>
7419 Refactor MarkedBlock::SizeClass into a separate class
7420 https://bugs.webkit.org/show_bug.cgi?id=77600
7422 Reviewed by Geoffrey Garen.
7424 We pulled SizeClass out into its own class, named MarkedAllocator, and gave it
7425 the responsibility of allocating objects from the collection of MarkedBlocks
7426 that it manages. Also limited the amount of coupling to internal data fields
7427 from other places, although it's mostly unavoidable in the JIT code.
7429 Eventually MarkedAllocator will implement various policies to do with object
7430 management, e.g. whether or not to run destructors on objects that it manages.
7431 MarkedSpace will manage a collection of MarkedAllocators with varying policies,
7432 as it does now but to a larger extent.
7435 * GNUmakefile.list.am:
7436 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
7437 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
7438 * JavaScriptCore.xcodeproj/project.pbxproj:
7440 * dfg/DFGSpeculativeJIT.h:
7441 (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject):
7443 (JSC::Heap::collect):
7444 (JSC::Heap::resetAllocators):
7446 (JSC::Heap::allocatorForObject):
7448 * heap/MarkedAllocator.cpp: Added.
7450 (JSC::MarkedAllocator::tryAllocateHelper):
7451 (JSC::MarkedAllocator::tryAllocate):
7452 (JSC::MarkedAllocator::allocateSlowCase):
7453 (JSC::MarkedAllocator::allocateBlock):
7454 (JSC::MarkedAllocator::addBlock):
7455 (JSC::MarkedAllocator::removeBlock):
7456 * heap/MarkedAllocator.h: Added.
7460 (JSC::MarkedAllocator::cellSize):
7461 (JSC::MarkedAllocator::heap):
7462 (JSC::MarkedAllocator::setHeap):
7463 (JSC::MarkedAllocator::setCellSize):
7464 (JSC::MarkedAllocator::setMarkedSpace):
7465 (JSC::MarkedAllocator::MarkedAllocator):
7466 (JSC::MarkedAllocator::allocate):
7467 (JSC::MarkedAllocator::reset):
7468 (JSC::MarkedAllocator::zapFreeList):
7469 (JSC::MarkedAllocator::forEachBlock):
7470 * heap/MarkedSpace.cpp:
7471 (JSC::MarkedSpace::MarkedSpace):
7472 (JSC::MarkedSpace::resetAllocators):
7473 (JSC::MarkedSpace::canonicalizeCellLivenessData):
7474 (JSC::TakeIfUnmarked::operator()):
7475 * heap/MarkedSpace.h:
7477 (JSC::MarkedSpace::allocatorFor):
7478 (JSC::MarkedSpace::allocate):
7479 (JSC::MarkedSpace::forEachBlock):
7480 (JSC::MarkedSpace::didAddBlock):
7481 (JSC::MarkedSpace::didConsumeFreeList):
7482 * jit/JITInlineMethods.h:
7483 (JSC::JIT::emitAllocateBasicJSObject):
7485 2012-02-03 Mark Hahnenberg <mhahnenberg@apple.com>
7489 Unreviewed build fix
7491 Forgot to add a couple files.
7493 * heap/MarkedAllocator.cpp: Added.
7495 (JSC::MarkedAllocator::tryAllocateHelper):
7496 (JSC::MarkedAllocator::tryAllocate):
7497 (JSC::MarkedAllocator::allocateSlowCase):
7498 (JSC::MarkedAllocator::allocateBlock):
7499 (JSC::MarkedAllocator::addBlock):
7500 (JSC::MarkedAllocator::removeBlock):
7501 * heap/MarkedAllocator.h: Added.
7505 (JSC::MarkedAllocator::cellSize):
7506 (JSC::MarkedAllocator::heap):
7507 (JSC::MarkedAllocator::setHeap):
7508 (JSC::MarkedAllocator::setCellSize):
7509 (JSC::MarkedAllocator::setMarkedSpace):
7510 (JSC::MarkedAllocator::MarkedAllocator):
7511 (JSC::MarkedAllocator::allocate):
7512 (JSC::MarkedAllocator::reset):
7513 (JSC::MarkedAllocator::zapFreeList):
7514 (JSC::MarkedAllocator::forEachBlock):
7517 2012-02-06 Mark Hahnenberg <mhahnenberg@apple.com>
7519 Merged ToT WebKit r106078
7521 2012-01-26 Mark Hahnenberg <mhahnenberg@apple.com>
7523 Merge AllocationSpace into MarkedSpace
7524 https://bugs.webkit.org/show_bug.cgi?id=77116
7526 Reviewed by NOBODY (OOPS!).
7528 Merging AllocationSpace and MarkedSpace in preparation for future refactoring/enhancement to
7529 MarkedSpace allocation.
7532 * GNUmakefile.list.am:
7533 * JavaScriptCore.exp:
7534 * JavaScriptCore.gypi:
7535 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
7536 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
7537 * JavaScriptCore.xcodeproj/project.pbxproj:
7539 * heap/AllocationSpace.cpp: Removed.
7540 * heap/AllocationSpace.h: Removed.
7544 (JSC::Heap::objectSpace):
7549 * heap/MarkedSpace.cpp:
7550 (JSC::MarkedSpace::tryAllocateHelper):
7552 (JSC::MarkedSpace::tryAllocate):
7553 (JSC::MarkedSpace::allocateSlowCase):
7554 (JSC::MarkedSpace::allocateBlock):
7555 (JSC::MarkedSpace::freeBlocks):
7557 (JSC::TakeIfUnmarked::TakeIfUnmarked):
7558 (JSC::TakeIfUnmarked::operator()):
7559 (JSC::TakeIfUnmarked::returnValue):
7560 (JSC::MarkedSpace::shrink):
7562 (JSC::GatherDirtyCells::returnValue):
7563 (JSC::GatherDirtyCells::GatherDirtyCells):
7564 (JSC::GatherDirtyCells::operator()):
7565 (JSC::MarkedSpace::gatherDirtyCells):
7566 * heap/MarkedSpace.h:
7568 (JSC::MarkedSpace::blocks):
7569 (JSC::MarkedSpace::forEachCell):
7571 (JSC::MarkedSpace::allocate):
7573 2012-02-06 Mark Hahnenberg <mhahnenberg@apple.com>
7577 2012-01-23 Mark Hahnenberg <mhahnenberg@apple.com>
7579 Remove StackBounds from JSGlobalData
7580 https://bugs.webkit.org/show_bug.cgi?id=76310
7582 Reviewed by Sam Weinig.
7584 Removed StackBounds and the stack() function from JSGlobalData since it no
7585 longer accessed any members of JSGlobalData.
7587 * bytecompiler/BytecodeGenerator.cpp:
7588 (JSC::BytecodeGenerator::BytecodeGenerator):
7589 * heap/MachineStackMarker.cpp:
7590 (JSC::MachineThreads::addCurrentThread):
7591 (JSC::MachineThreads::gatherFromCurrentThread):
7592 * parser/Parser.cpp:
7594 * runtime/JSGlobalData.cpp:
7595 (JSC::JSGlobalData::JSGlobalData):
7596 * runtime/JSGlobalData.h:
7598 2012-02-02 Michael Saboff <msaboff@apple.com>
7600 Merged TOT revision 106521
7602 2012-02-01 Michael Saboff <msaboff@apple.com>
7604 Yarr crash with regexp replace
7605 https://bugs.webkit.org/show_bug.cgi?id=67454
7607 Reviewed by Gavin Barraclough.
7609 Properly handle the case of a back reference to an unmatched
7610 subpattern by always matching without consuming any characters.
7612 * yarr/YarrInterpreter.cpp:
7613 (JSC::Yarr::Interpreter::matchBackReference):
7614 (JSC::Yarr::Interpreter::backtrackBackReference):
7616 2012-02-01 Michael Saboff <msaboff@apple.com>
7618 Merged TOT revision 106417
7620 2012-01-31 Michael Saboff <msaboff@apple.com>
7622 StringProtoFuncToUpperCase should call StringImpl::upper similar to StringProtoToLowerCase
7623 https://bugs.webkit.org/show_bug.cgi?id=76647
7625 Reviewed by Darin Adler.
7627 Changed stringProtoFuncToUpperCase to call StringImpl::upper() in a manor similar
7628 to stringProtoFuncToLowerCase(). Fixed StringImpl::upper() to handle to special
7629 cases. One case is s-sharp (0xdf) which converts to "SS". The other case is
7630 for characters which become 16 bit values when converted to upper case. For
7631 those, we up convert the the source string and use the 16 bit path.
7633 * runtime/StringPrototype.cpp:
7634 (JSC::stringProtoFuncToUpperCase):
7635 * wtf/text/StringImpl.cpp:
7636 (WTF::StringImpl::upper):
7637 * wtf/unicode/CharacterNames.h:
7638 (smallLetterSharpS): New constant
7640 2012-02-01 Mark Hahnenberg <mhahnenberg@apple.com>
7644 2012-02-01 Mark Hahnenberg <mhahnenberg@apple.com>
7646 Replace JSArray destructor with finalizer
7647 https://bugs.webkit.org/show_bug.cgi?id=77488
7649 Reviewed by Geoffrey Garen.
7651 * JavaScriptCore.exp:
7652 * runtime/JSArray.cpp:
7653 (JSC::JSArray::finalize): Added finalizer.
7654 (JSC::JSArray::allocateSparseMap): Factored out code for allocating new sparse maps.
7656 (JSC::JSArray::deallocateSparseMap): Factored out code for deallocating sparse maps.
7657 (JSC::JSArray::enterDictionaryMode): Renamed enterSparseMode to enterDictionaryMode
7658 because the old name was confusing because we could have a sparse array that never
7659 called enterSparseMode.
7660 (JSC::JSArray::defineOwnNumericProperty):
7661 (JSC::JSArray::setLengthWritable):
7662 (JSC::JSArray::putByIndexBeyondVectorLength):
7663 (JSC::JSArray::setLength):
7664 (JSC::JSArray::pop):
7665 (JSC::JSArray::sort):
7666 (JSC::JSArray::compactForSorting):
7667 * runtime/JSArray.h:
7670 2012-01-30 Geoffrey Garen <ggaren@apple.com>
7672 Merged TOT revision 106429.
7674 2012-01-30 Geoffrey Garen <ggaren@apple.com>
7676 Stop using -fomit-frame-pointer
7677 https://bugs.webkit.org/show_bug.cgi?id=77403
7679 Reviewed by Filip Pizlo.
7681 JavaScriptCore is too fast. I'm just the man to fix it.
7683 * Configurations/JavaScriptCore.xcconfig:
7685 2012-01-31 Mark Hahnenberg <mhahnenberg@apple.com>
7687 Merged ToT WebKit r105816
7689 2012-01-24 Mark Hahnenberg <mhahnenberg@apple.com>
7691 Use copying collector for out-of-line JSObject property storage
7692 https://bugs.webkit.org/show_bug.cgi?id=76665
7694 Reviewed by Geoffrey Garen.
7696 * runtime/JSObject.cpp:
7697 (JSC::JSObject::visitChildren): Changed to use copyAndAppend whenever the property storage is out-of-line.
7698 Also added a temporary variable to avoid warnings from GCC.
7699 (JSC::JSObject::allocatePropertyStorage): Changed to use tryAllocateStorage/tryReallocateStorage as opposed to
7700 operator new. Also added a temporary variable to avoid warnings from GCC.
7701 * runtime/JSObject.h:
7703 2012-01-31 Michael Saboff <msaboff@apple.com>
7705 Merged TOT revision 106370.
7707 2012-01-31 Michael Saboff <msaboff@apple.com>
7709 ASSERT(m_jumpsToLink.isEmpty()) failing in ARMv7Assembler dtor
7710 https://bugs.webkit.org/show_bug.cgi?id=77443
7712 Reviewed by NOBODY (OOPS!).
7714 Removed failing ASSERT() and thus destructor. The ASSERT isn't needed.
7715 We are hitting it in the YARR JIT case where we bail out and go to the
7716 interpreter with a partially JIT'ed function. Since we haven't linked
7717 the JIT'ed code, there is likely to be some unresolved jumps in the vector
7718 when the ARMv7Assembler destructor is called. For the case where we
7719 complete the JIT process, we clear the vector at the end of
7720 LinkBuffer::linkCode (LinkBuffer.h:292).
7722 * assembler/ARMv7Assembler.h:
7725 2012-01-31 Mark Hahnenberg <mhahnenberg@apple.com>
7727 Merged ToT WebKit r105442
7729 2012-01-19 Mark Hahnenberg <mhahnenberg@apple.com>
7731 Implement a new allocator for backing stores
7732 https://bugs.webkit.org/show_bug.cgi?id=75181
7734 Reviewed by Filip Pizlo.
7736 We want to move away from using fastMalloc for the backing stores for
7737 some of our objects (e.g. JSArray, JSObject, JSString, etc). These backing
7738 stores have a nice property in that they only have a single owner (i.e. a
7739 single pointer to them at any one time). One way that we can take advantage
7740 of this property is to implement a simple bump allocator/copying collector,
7741 which will run alongside our normal mark/sweep collector, that only needs to
7742 update the single owner pointer rather than having to redirect an arbitrary
7743 number of pointers in from-space to to-space.
7745 This plan can give us a number of benefits. We can beat fastMalloc in terms
7746 of both performance and memory usage, we can track how much memory we're using
7747 far more accurately than our rough estimation now through the use of
7748 reportExtraMemoryCost, and we can allocate arbitrary size objects (as opposed
7749 to being limited to size classes like we have been historically). This is also
7750 another step toward moving away from lazy destruction, which will improve our memory footprint.
7751 We start by creating said allocator and moving the ArrayStorage for JSArray
7752 to use it rather than fastMalloc.
7754 The design of the collector is as follows:
7756 -The collector allocates 64KB chunks from the OS to use for object allocation.
7757 -Each chunk contains an offset, a flag indicating if the block has been pinned,
7758 and a payload, along with next and prev pointers so that they can be put in DoublyLinkedLists.
7759 -Any allocation greater than 64KB gets its own separate oversize block, which
7760 is managed separately from the rest.
7761 -If the allocator receives a request for more than the remaining amount in the
7762 current block, it grabs a fresh block.
7763 -Grabbing a fresh block means grabbing one off of the global free list (which is now
7764 shared between the mark/sweep allocator and the bump allocator) if there is one.
7765 If there isn't a new one we do one of two things: allocate a new block from the OS
7766 if we're not ready for a GC yet, or run a GC and then try again. If we still don't
7767 have enough space after the GC, we allocate a new block from the OS.
7770 -At the start of garbage collection during conservative stack scanning, if we encounter
7771 what appears to be a pointer to a bump-allocated block of memory, we pin that block so
7772 that it will not be copied for this round of collection.
7773 -We also pin any oversize blocks that we encounter, which effectively doubles as a
7774 "mark bit" for that block. Any oversize blocks that aren't pinned at the end of copying
7775 are given back to the OS.
7776 -Marking threads are now also responsible for copying bump-allocated objects to newSpace
7777 -Each marking thread has a private 64KB block into which it copies bump-allocated objects that it encounters.
7778 -When that block fills up, the marking thread gives it back to the allocator and requests a new one.
7779 -When all marking has concluded, each thread gives back its copy block, even if it isn't full.
7780 -At the conclusion of copying (which is done by the end of the marking phase), we un-pin
7781 any pinned blocks and give any blocks left in from-space to the global free list.
7784 * GNUmakefile.list.am:
7785 * JavaScriptCore.gypi:
7786 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
7787 * JavaScriptCore.vcproj/WTF/WTF.vcproj:
7788 * JavaScriptCore.xcodeproj/project.pbxproj:
7790 * heap/AllocationSpace.cpp:
7791 (JSC::AllocationSpace::allocateSlowCase):
7792 (JSC::AllocationSpace::allocateBlock):
7793 (JSC::AllocationSpace::freeBlocks):
7794 * heap/AllocationSpace.h:
7795 (JSC::AllocationSpace::waterMark):
7796 * heap/BumpBlock.h: Added.
7797 (JSC::BumpBlock::BumpBlock):
7798 * heap/BumpSpace.cpp: Added.
7799 (JSC::BumpSpace::tryAllocateSlowCase):
7800 * heap/BumpSpace.h: Added.
7801 (JSC::BumpSpace::isInCopyPhase):
7802 (JSC::BumpSpace::totalMemoryAllocated):
7803 (JSC::BumpSpace::totalMemoryUtilized):
7804 * heap/BumpSpaceInlineMethods.h: Added.
7805 (JSC::BumpSpace::BumpSpace):
7806 (JSC::BumpSpace::init):
7807 (JSC::BumpSpace::contains):
7808 (JSC::BumpSpace::pin):
7809 (JSC::BumpSpace::startedCopying):
7810 (JSC::BumpSpace::doneCopying):
7811 (JSC::BumpSpace::doneFillingBlock):
7812 (JSC::BumpSpace::recycleBlock):
7813 (JSC::BumpSpace::getFreshBlock):
7814 (JSC::BumpSpace::borrowBlock):
7815 (JSC::BumpSpace::addNewBlock):
7816 (JSC::BumpSpace::allocateNewBlock):
7817 (JSC::BumpSpace::fitsInBlock):
7818 (JSC::BumpSpace::fitsInCurrentBlock):
7819 (JSC::BumpSpace::tryAllocate):
7820 (JSC::BumpSpace::tryAllocateOversize):
7821 (JSC::BumpSpace::allocateFromBlock):
7822 (JSC::BumpSpace::tryReallocate):
7823 (JSC::BumpSpace::tryReallocateOversize):
7824 (JSC::BumpSpace::isOversize):
7825 (JSC::BumpSpace::isPinned):
7826 (JSC::BumpSpace::oversizeBlockFor):
7827 (JSC::BumpSpace::blockFor):
7828 * heap/ConservativeRoots.cpp:
7829 (JSC::ConservativeRoots::ConservativeRoots):
7830 (JSC::ConservativeRoots::genericAddPointer):
7831 (JSC::ConservativeRoots::add):
7832 * heap/ConservativeRoots.h:
7835 (JSC::Heap::blockFreeingThreadMain):
7836 (JSC::Heap::reportExtraMemoryCostSlowCase):
7837 (JSC::Heap::getConservativeRegisterRoots):
7838 (JSC::Heap::markRoots):
7839 (JSC::Heap::collect):
7840 (JSC::Heap::releaseFreeBlocks):
7842 (JSC::Heap::waterMark):
7843 (JSC::Heap::highWaterMark):
7844 (JSC::Heap::setHighWaterMark):
7845 (JSC::Heap::tryAllocateStorage):
7846 (JSC::Heap::tryReallocateStorage):
7847 * heap/HeapBlock.h: Added.
7848 (JSC::HeapBlock::HeapBlock):
7849 * heap/MarkStack.cpp:
7850 (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
7851 (JSC::SlotVisitor::drain):
7852 (JSC::SlotVisitor::drainFromShared):
7853 (JSC::SlotVisitor::startCopying):
7854 (JSC::SlotVisitor::allocateNewSpace):
7855 (JSC::SlotVisitor::copy):
7856 (JSC::SlotVisitor::copyAndAppend):
7857 (JSC::SlotVisitor::doneCopying):
7859 * heap/MarkedBlock.cpp:
7860 (JSC::MarkedBlock::recycle):
7861 (JSC::MarkedBlock::MarkedBlock):
7862 * heap/MarkedBlock.h:
7863 * heap/MarkedSpace.cpp:
7864 (JSC::MarkedSpace::MarkedSpace):
7865 * heap/MarkedSpace.h:
7866 (JSC::MarkedSpace::allocate):
7867 (JSC::MarkedSpace::forEachBlock):
7868 (JSC::MarkedSpace::SizeClass::resetAllocator):
7869 * heap/SlotVisitor.h:
7870 (JSC::SlotVisitor::SlotVisitor):
7871 * heap/TinyBloomFilter.h:
7872 (JSC::TinyBloomFilter::reset):
7873 * runtime/JSArray.cpp:
7874 (JSC::JSArray::JSArray):
7875 (JSC::JSArray::finishCreation):
7876 (JSC::JSArray::tryFinishCreationUninitialized):
7877 (JSC::JSArray::~JSArray):
7878 (JSC::JSArray::enterSparseMode):
7879 (JSC::JSArray::defineOwnNumericProperty):
7880 (JSC::JSArray::setLengthWritable):
7881 (JSC::JSArray::getOwnPropertySlotByIndex):
7882 (JSC::JSArray::getOwnPropertyDescriptor):
7883 (JSC::JSArray::putByIndexBeyondVectorLength):
7884 (JSC::JSArray::deletePropertyByIndex):
7885 (JSC::JSArray::getOwnPropertyNames):
7886 (JSC::JSArray::increaseVectorLength):
7887 (JSC::JSArray::unshiftCountSlowCase):
7888 (JSC::JSArray::setLength):
7889 (JSC::JSArray::pop):
7890 (JSC::JSArray::unshiftCount):
7891 (JSC::JSArray::visitChildren):
7892 (JSC::JSArray::sortNumeric):
7893 (JSC::JSArray::sort):
7894 (JSC::JSArray::compactForSorting):
7895 (JSC::JSArray::subclassData):
7896 (JSC::JSArray::setSubclassData):
7897 (JSC::JSArray::checkConsistency):
7898 * runtime/JSArray.h:
7899 (JSC::JSArray::inSparseMode):
7900 (JSC::JSArray::isLengthWritable):
7901 * wtf/CheckedBoolean.h: Added.
7902 (CheckedBoolean::CheckedBoolean):
7903 (CheckedBoolean::~CheckedBoolean):
7904 (CheckedBoolean::operator bool):
7905 * wtf/DoublyLinkedList.h:
7907 * wtf/StdLibExtras.h:
7908 (WTF::isPointerAligned):
7910 2012-01-31 Michael Saboff <msaboff@apple.com>
7912 Merged TOT revisions: 106019, 106020, 106253, 106254, 106257 & 106260.
7914 2012-01-30 Michael Saboff <msaboff@apple.com>
7916 CaseFoldingHash::hash() doesn't handle 8 bit strings directly
7917 https://bugs.webkit.org/show_bug.cgi?id=76652
7919 Reviewed by Andreas Kling.
7921 * wtf/text/StringHash.h:
7922 (WTF::CaseFoldingHash::hash): Added 8 bit string code path.
7924 2012-01-30 Michael Saboff <msaboff@apple.com>
7926 stringProtoFuncReplace converts 8 bit strings to 16 bit during replacement
7927 https://bugs.webkit.org/show_bug.cgi?id=76651
7929 Reviewed by Geoffrey Garen.
7931 Made local function substituteBackreferencesSlow a template function
7932 based on character width. Cleaned up getCharacters() in both UString
7933 and StringImpl. Changed getCharacters<UChar> to up convert an 8 bit
7934 string to 16 bits if necessary.
7936 * runtime/StringPrototype.cpp:
7937 (JSC::substituteBackreferencesSlow):
7938 (JSC::substituteBackreferences):
7939 * runtime/UString.h:
7942 * wtf/text/StringImpl.h:
7945 2012-01-30 Michael Saboff <msaboff@apple.com>
7947 Dromaeo tests call parseSimpleLengthValue() on 8 bit strings
7948 https://bugs.webkit.org/show_bug.cgi?id=76649
7950 Reviewed by Geoffrey Garen.
7952 * JavaScriptCore.exp: Added export for charactersToDouble.
7954 2012-01-30 Michael Saboff <msaboff@apple.com>
7956 WebCore decodeEscapeSequences unnecessarily converts 8 bit strings to 16 bit when decoding.
7957 https://bugs.webkit.org/show_bug.cgi?id=76648
7959 Reviewed by Geoffrey Garen.
7961 Added a new overloaded append member that takes a String& argument, an offest
7962 and a length to do direct sub string appending to a StringBuilder.
7964 * wtf/text/StringBuilder.h:
7965 (WTF::StringBuilder::append):
7967 2012-01-26 Michael Saboff <msaboff@apple.com>
7969 String::latin1() should take advantage of 8 bit strings
7970 https://bugs.webkit.org/show_bug.cgi?id=76646
7972 Reviewed by Geoffrey Garen.
7974 * wtf/text/WTFString.cpp:
7975 (WTF::String::latin1): For 8 bit strings, use existing buffer
7978 2012-01-26 Michael Saboff <msaboff@apple.com>
7980 Dromaeo tests usage of StringImpl find routines cause 8->16 bit conversions
7981 https://bugs.webkit.org/show_bug.cgi?id=76645
7983 Reviewed by Geoffrey Garen.
7985 * wtf/text/StringImpl.cpp:
7986 (WTF::equalIgnoringCase): New LChar version.
7987 (WTF::findInner): New helper function.
7988 (WTF::StringImpl::find): Added 8 bit path.
7989 (WTF::reverseFindInner): New helper funciton.
7990 (WTF::StringImpl::reverseFind): Added 8 bit path.
7991 (WTF::StringImpl::reverseFindIgnoringCase): Added 8 bit path.
7992 * wtf/text/StringImpl.h:
7995 2012-01-30 Gavin Barraclough <barraclough@apple.com>
7997 Failed to svn add some new files, merging ToT WebKit r106197.
8000 * tools/CodeProfile.cpp: Added.
8002 (JSC::truncateTrace):
8003 (JSC::CodeProfile::sample):
8004 (JSC::CodeProfile::report):
8005 * tools/CodeProfile.h: Added.
8006 (JSC::CodeProfile::CodeProfile):
8007 (JSC::CodeProfile::parent):
8008 (JSC::CodeProfile::addChild):
8009 (JSC::CodeProfile::CodeRecord::CodeRecord):
8010 * tools/CodeProfiling.cpp: Added.
8011 (JSC::setProfileTimer):
8012 (JSC::profilingTimer):
8013 (JSC::CodeProfiling::sample):
8014 (JSC::CodeProfiling::notifyAllocator):
8015 (JSC::CodeProfiling::getOwnerUIDForPC):
8016 (JSC::CodeProfiling::begin):
8017 (JSC::CodeProfiling::end):
8018 * tools/CodeProfiling.h: Added.
8019 (JSC::CodeProfiling::CodeProfiling):
8020 (JSC::CodeProfiling::~CodeProfiling):
8021 (JSC::CodeProfiling::enabled):
8022 (JSC::CodeProfiling::beVerbose):
8023 (JSC::CodeProfiling::beVeryVerbose):
8024 * tools/ProfileTreeNode.h: Added.
8025 (JSC::ProfileTreeNode::ProfileTreeNode):
8026 (JSC::ProfileTreeNode::~ProfileTreeNode):
8027 (JSC::ProfileTreeNode::sampleChild):
8028 (JSC::ProfileTreeNode::dump):
8029 (JSC::ProfileTreeNode::count):
8030 (JSC::ProfileTreeNode::childCount):
8031 (JSC::ProfileTreeNode::dumpInternal):
8032 (JSC::ProfileTreeNode::compareEntries):
8033 * tools/TieredMMapArray.h: Added.
8034 (JSC::TieredMMapArray::TieredMMapArray):
8035 (JSC::TieredMMapArray::~TieredMMapArray):
8036 (JSC::TieredMMapArray::operator[]):
8037 (JSC::TieredMMapArray::append):
8038 (JSC::TieredMMapArray::size):
8040 2012-01-27 Gavin Barraclough <barraclough@apple.com>
8042 Merged ToT WebKit r104886, r104899, r105636, r105646, r105840, r106197, r106198, r106255, r106264, r106276, r106277, r106288.
8044 2012-01-30 Gavin Barraclough <barraclough@apple.com>
8046 Speculative Windows build fix.
8048 * assembler/MacroAssemblerCodeRef.h:
8051 2012-01-30 Gavin Barraclough <barraclough@apple.com>
8053 https://bugs.webkit.org/show_bug.cgi?id=77163
8054 MacroAssemblerCodeRef.h uses OS(WIN) instead of OS(WINDOWS)
8056 Rubber stamped by Geoff Garen
8058 * assembler/MacroAssemblerCodeRef.h:
8060 2012-01-30 Gavin Barraclough <barraclough@apple.com>
8062 Unreviewed build fix for interpreter builds.
8064 * bytecode/CodeBlock.cpp:
8065 (JSC::CodeBlock::CodeBlock):
8066 * bytecode/CodeBlock.h:
8068 * interpreter/Interpreter.cpp:
8069 (JSC::Interpreter::privateExecute):
8070 * tools/CodeProfile.cpp:
8071 (JSC::CodeProfile::sample):
8073 2012-01-30 Gavin Barraclough <barraclough@apple.com>
8075 Unreviewed build fix following bug#76855
8077 * JavaScriptCore.exp:
8079 2012-01-30 Gavin Barraclough <barraclough@apple.com>
8082 https://bugs.webkit.org/show_bug.cgi?id=76232
8084 Reviewed by Sam Weinig.
8086 Part 3 - merge op_put_getter & op_put_setter.
8088 Putting these separately is inefficient (and makes future optimiation,
8089 e.g. making GetterSetter immutable) harder. Change to emit a single
8090 op_put_getter_setter bytecode op. Ultimately we should probably be
8091 able to merge this with put direct, to create a common op to initialize
8092 object literal properties.
8094 * bytecode/CodeBlock.cpp:
8095 (JSC::CodeBlock::dump):
8096 * bytecode/Opcode.h:
8099 * bytecompiler/BytecodeGenerator.cpp:
8100 (JSC::BytecodeGenerator::emitPutGetterSetter):
8101 * bytecompiler/BytecodeGenerator.h:
8102 (BytecodeGenerator):
8103 * bytecompiler/NodesCodegen.cpp:
8104 (JSC::PropertyListNode::emitBytecode):
8105 * interpreter/Interpreter.cpp:
8106 (JSC::Interpreter::privateExecute):
8108 (JSC::JIT::privateCompileMainPass):
8111 * jit/JITPropertyAccess.cpp:
8112 (JSC::JIT::emit_op_put_getter_setter):
8113 * jit/JITPropertyAccess32_64.cpp:
8114 (JSC::JIT::emit_op_put_getter_setter):
8116 (JSC::DEFINE_STUB_FUNCTION):
8119 * runtime/JSObject.cpp:
8120 (JSC::JSObject::putDirectVirtual):
8121 (JSC::JSObject::putDirectAccessor):
8123 (JSC::putDescriptor):
8124 (JSC::JSObject::defineOwnProperty):
8125 * runtime/JSObject.h:
8127 (JSC::JSObject::putDirectInternal):
8128 (JSC::JSObject::putDirect):
8129 (JSC::JSObject::putDirectWithoutTransition):
8131 2012-01-28 Gavin Barraclough <barraclough@apple.com>
8134 https://bugs.webkit.org/show_bug.cgi?id=77293
8136 Rubber stamped by Oliver Hunt.
8138 'let' may become a keyword in ES6. We're going to try experimentally reserving it,
8139 to see if this breaks the web.
8141 * parser/Keywords.table:
8143 2012-01-27 Gavin Barraclough <barraclough@apple.com>
8145 Implement a JIT-code aware sampling profiler for JSC
8146 https://bugs.webkit.org/show_bug.cgi?id=76855
8148 Reviewed by Oliver Hunt.
8150 To enable the profiler, set the JSC_CODE_PROFILING environment variable to
8151 1 (no tracing the C stack), 2 (trace one level of C code) or 3 (recursively
8154 The profiler requires -fomit-frame-pointer to be removed from the build flags.
8156 * JavaScriptCore.exp:
8157 - Removed an export.
8158 * JavaScriptCore.xcodeproj/project.pbxproj:
8160 * bytecode/CodeBlock.cpp:
8161 - For baseline codeblocks, cache the result of canCompileWithDFG.
8162 * bytecode/CodeBlock.h:
8163 - For baseline codeblocks, cache the result of canCompileWithDFG.
8164 * jit/ExecutableAllocator.cpp:
8165 (JSC::ExecutableAllocator::initializeAllocator):
8166 - Notify the profiler when the allocator is created.
8167 (JSC::ExecutableAllocator::allocate):
8168 - Inform the allocated of the ownerUID.
8169 * jit/ExecutableAllocatorFixedVMPool.cpp:
8170 (JSC::ExecutableAllocator::initializeAllocator):
8171 - Notify the profiler when the allocator is created.
8172 (JSC::ExecutableAllocator::allocate):
8173 - Inform the allocated of the ownerUID.
8175 - If profiling, don't mask the return address in JIT code.
8176 (We do so to provide nicer backtraces in debug builds).
8177 * runtime/Completion.cpp:
8179 - Notify the profiler of script evaluations.
8181 * tools/CodeProfile.cpp: Added.
8183 - Helper function to get the name of a symbol in the framework.
8184 (JSC::truncateTrace):
8185 - Helper to truncate traces into methods know to have uninformatively deep stacks.
8186 (JSC::CodeProfile::sample):
8187 - Record a stack trace classifying samples.
8188 (JSC::CodeProfile::report):
8189 - {Print profiler output.
8190 * tools/CodeProfile.h: Added.
8191 - new class, captures a set of samples associated with an evaluated script,
8192 and nested to record samples from subscripts.
8193 * tools/CodeProfiling.cpp: Added.
8194 (JSC::CodeProfiling::profilingTimer):
8195 - callback fired then a timer event occurs.
8196 (JSC::CodeProfiling::notifyAllocator):
8197 - called when the executable allocator is constructed.
8198 (JSC::CodeProfiling::getOwnerUIDForPC):
8199 - helper to lookup the codeblock from an address in JIT code
8200 (JSC::CodeProfiling::begin):
8201 - enter a profiling scope.
8202 (JSC::CodeProfiling::end):
8203 - exit a profiling scope.
8204 * tools/CodeProfiling.h: Added.
8205 - new class, instantialed from Completion to define a profiling scope.
8206 * tools/ProfileTreeNode.h: Added.
8207 - new class, used to construct a tree of samples.
8208 * tools/TieredMMapArray.h: Added.
8209 - new class, a malloc-free vector (can be used while the main thread is suspended,
8210 possibly holding the malloc heap lock).
8211 * wtf/MetaAllocator.cpp:
8212 (WTF::MetaAllocatorHandle::MetaAllocatorHandle):
8213 (WTF::MetaAllocator::allocate):
8214 - Allow allocation handles to track information about their owner.
8215 * wtf/MetaAllocator.h:
8217 - Allow allocation handles to track information about their owner.
8218 * wtf/MetaAllocatorHandle.h:
8219 (MetaAllocatorHandle):
8220 (WTF::MetaAllocatorHandle::ownerUID):
8221 - Allow allocation handles to track information about their owner.
8222 * wtf/OSAllocator.h:
8223 (WTF::OSAllocator::reallocateCommitted):
8224 - reallocate an existing, committed memory allocation.
8226 2012-01-24 Gavin Barraclough <barraclough@apple.com>
8228 https://bugs.webkit.org/show_bug.cgi?id=76855
8229 Implement a JIT-code aware sampling profiler for JSC
8231 Reviewed by Oliver Hunt.
8233 Add support to MetaAllocator.cpp to track all live handles in a map,
8234 allowing lookup based on any address within the allocation.
8236 * wtf/MetaAllocator.cpp:
8237 (WTF::MetaAllocatorTracker::notify):
8238 (WTF::MetaAllocatorTracker::release):
8239 - Track live handle objects in a map.
8240 (WTF::MetaAllocator::release):
8241 - Removed support for handles with null m_allocator (no longer used).
8242 - Notify the tracker of handles being released.
8243 (WTF::MetaAllocatorHandle::~MetaAllocatorHandle):
8244 - Moved functionality out into MetaAllocator::release.
8245 (WTF::MetaAllocatorHandle::shrink):
8246 - Removed support for handles with null m_allocator (no longer used).
8247 (WTF::MetaAllocator::MetaAllocator):
8248 - Initialize m_tracker.
8249 (WTF::MetaAllocator::allocate):
8250 - Notify the tracker of new allocations.
8251 * wtf/MetaAllocator.h:
8252 (WTF::MetaAllocatorTracker::find):
8253 - Lookup a MetaAllocatorHandle based on an address inside the allocation.
8254 (WTF::MetaAllocator::trackAllocations):
8255 - Register a callback object to track allocation state.
8256 * wtf/MetaAllocatorHandle.h:
8257 - Remove unused createSelfManagedHandle/constructor.
8258 (WTF::MetaAllocatorHandle::key):
8259 - Added, for use in RedBlackTree.
8261 2012-01-23 Gavin Barraclough <barraclough@apple.com>
8263 https://bugs.webkit.org/show_bug.cgi?id=76855
8264 Implement a JIT-code aware sampling profiler for JSC
8266 Reviewed by Geoff Garen.
8268 Step 2: generalize RedBlackTree. The profiler is going to want tio use
8269 a RedBlackTree, allow this class to work with subclasses of
8270 RedBlackTree::Node, Node should not need to know the names of the m_key
8271 and m_value fields (the subclass can provide a key() accessor), and
8272 RedBlackTree does not need to know anything about ValueType.
8274 * JavaScriptCore.exp:
8275 * wtf/MetaAllocator.cpp:
8276 (WTF::MetaAllocator::findAndRemoveFreeSpace):
8277 (WTF::MetaAllocator::debugFreeSpaceSize):
8278 (WTF::MetaAllocator::addFreeSpace):
8279 * wtf/MetaAllocator.h:
8280 (WTF::MetaAllocator::FreeSpaceNode::FreeSpaceNode):
8281 (WTF::MetaAllocator::FreeSpaceNode::key):
8282 * wtf/MetaAllocatorHandle.h:
8283 (WTF::MetaAllocatorHandle::key):
8284 * wtf/RedBlackTree.h:
8285 (WTF::RedBlackTree::Node::successor):
8286 (WTF::RedBlackTree::Node::predecessor):
8287 (WTF::RedBlackTree::Node::parent):
8288 (WTF::RedBlackTree::Node::setParent):
8289 (WTF::RedBlackTree::Node::left):
8290 (WTF::RedBlackTree::Node::setLeft):
8291 (WTF::RedBlackTree::Node::right):
8292 (WTF::RedBlackTree::Node::setRight):
8293 (WTF::RedBlackTree::insert):
8294 (WTF::RedBlackTree::remove):
8295 (WTF::RedBlackTree::findExact):
8296 (WTF::RedBlackTree::findLeastGreaterThanOrEqual):
8297 (WTF::RedBlackTree::findGreatestLessThanOrEqual):
8298 (WTF::RedBlackTree::first):
8299 (WTF::RedBlackTree::last):
8300 (WTF::RedBlackTree::size):
8301 (WTF::RedBlackTree::treeMinimum):
8302 (WTF::RedBlackTree::treeMaximum):
8303 (WTF::RedBlackTree::treeInsert):
8304 (WTF::RedBlackTree::leftRotate):
8305 (WTF::RedBlackTree::rightRotate):
8306 (WTF::RedBlackTree::removeFixup):
8308 2012-01-23 Gavin Barraclough <barraclough@apple.com>
8310 Implement a JIT-code aware sampling profiler for JSC
8311 https://bugs.webkit.org/show_bug.cgi?id=76855
8313 Rubber stanmped by Geoff Garen.
8315 Mechanical change - pass CodeBlock through to the executable allocator,
8316 such that we will be able to map ranges of JIT code back to their owner.
8318 * assembler/ARMAssembler.cpp:
8319 (JSC::ARMAssembler::executableCopy):
8320 * assembler/ARMAssembler.h:
8321 * assembler/AssemblerBuffer.h:
8322 (JSC::AssemblerBuffer::executableCopy):
8323 * assembler/AssemblerBufferWithConstantPool.h:
8324 (JSC::AssemblerBufferWithConstantPool::executableCopy):
8325 * assembler/LinkBuffer.h:
8326 (JSC::LinkBuffer::LinkBuffer):
8327 (JSC::LinkBuffer::linkCode):
8328 * assembler/MIPSAssembler.h:
8329 (JSC::MIPSAssembler::executableCopy):
8330 * assembler/SH4Assembler.h:
8331 (JSC::SH4Assembler::executableCopy):
8332 * assembler/X86Assembler.h:
8333 (JSC::X86Assembler::executableCopy):
8334 (JSC::X86Assembler::X86InstructionFormatter::executableCopy):
8335 * dfg/DFGJITCompiler.cpp:
8336 (JSC::DFG::JITCompiler::compile):
8337 (JSC::DFG::JITCompiler::compileFunction):
8338 * dfg/DFGOSRExitCompiler.cpp:
8339 * dfg/DFGRepatch.cpp:
8340 (JSC::DFG::generateProtoChainAccessStub):
8341 (JSC::DFG::tryCacheGetByID):
8342 (JSC::DFG::tryBuildGetByIDList):
8343 (JSC::DFG::tryCachePutByID):
8344 * dfg/DFGThunks.cpp:
8345 (JSC::DFG::osrExitGenerationThunkGenerator):
8346 * jit/ExecutableAllocator.cpp:
8347 (JSC::ExecutableAllocator::allocate):
8348 * jit/ExecutableAllocator.h:
8349 * jit/ExecutableAllocatorFixedVMPool.cpp:
8350 (JSC::ExecutableAllocator::allocate):
8352 (JSC::JIT::privateCompile):
8353 * jit/JITOpcodes.cpp:
8354 (JSC::JIT::privateCompileCTIMachineTrampolines):
8355 * jit/JITOpcodes32_64.cpp:
8356 (JSC::JIT::privateCompileCTIMachineTrampolines):
8357 (JSC::JIT::privateCompileCTINativeCall):
8358 * jit/JITPropertyAccess.cpp:
8359 (JSC::JIT::stringGetByValStubGenerator):
8360 (JSC::JIT::privateCompilePutByIdTransition):
8361 (JSC::JIT::privateCompilePatchGetArrayLength):
8362 (JSC::JIT::privateCompileGetByIdProto):
8363 (JSC::JIT::privateCompileGetByIdSelfList):
8364 (JSC::JIT::privateCompileGetByIdProtoList):
8365 (JSC::JIT::privateCompileGetByIdChainList):
8366 (JSC::JIT::privateCompileGetByIdChain):
8367 * jit/JITPropertyAccess32_64.cpp:
8368 (JSC::JIT::stringGetByValStubGenerator):
8369 (JSC::JIT::privateCompilePutByIdTransition):
8370 (JSC::JIT::privateCompilePatchGetArrayLength):
8371 (JSC::JIT::privateCompileGetByIdProto):
8372 (JSC::JIT::privateCompileGetByIdSelfList):
8373 (JSC::JIT::privateCompileGetByIdProtoList):
8374 (JSC::JIT::privateCompileGetByIdChainList):
8375 (JSC::JIT::privateCompileGetByIdChain):
8377 * jit/SpecializedThunkJIT.h:
8378 (JSC::SpecializedThunkJIT::finalize):
8380 (JSC::Yarr::YarrGenerator::compile):
8382 2012-01-12 Gavin Barraclough <barraclough@apple.com>
8384 Clean up putDirect (part 2)
8385 https://bugs.webkit.org/show_bug.cgi?id=76232
8387 Reviewed by Sam Weinig.
8389 Rename putWithAttributes to putDirectVirtual, to identify that this
8390 has the same unchecked-DefineOwnProperty behaviour, change putDirectInternal
8391 to be templated on an enum indicating which behaviour it is supposed to be
8392 implementing, and change clients that are defining properties to call
8393 putDirectInternal correctly.
8395 * API/JSObjectRef.cpp:
8396 (JSObjectSetProperty):
8397 * JavaScriptCore.exp:
8398 * debugger/DebuggerActivation.cpp:
8399 (JSC::DebuggerActivation::putDirectVirtual):
8400 * debugger/DebuggerActivation.h:
8401 * interpreter/Interpreter.cpp:
8402 (JSC::Interpreter::execute):
8403 * runtime/ClassInfo.h:
8404 * runtime/Error.cpp:
8405 (JSC::addErrorInfo):
8406 * runtime/JSActivation.cpp:
8407 (JSC::JSActivation::putDirectVirtual):
8408 * runtime/JSActivation.h:
8409 * runtime/JSCell.cpp:
8410 (JSC::JSCell::putDirectVirtual):
8412 * runtime/JSGlobalObject.cpp:
8413 (JSC::JSGlobalObject::putDirectVirtual):
8414 * runtime/JSGlobalObject.h:
8415 * runtime/JSObject.cpp:
8416 (JSC::JSObject::put):
8417 (JSC::JSObject::putDirectVirtual):
8418 (JSC::JSObject::defineGetter):
8419 (JSC::JSObject::initializeGetterSetterProperty):
8420 (JSC::JSObject::defineSetter):
8421 (JSC::putDescriptor):
8422 * runtime/JSObject.h:
8423 (JSC::JSObject::putDirectInternal):
8424 (JSC::JSObject::putOwnDataProperty):
8425 (JSC::JSObject::putDirect):
8426 * runtime/JSStaticScopeObject.cpp:
8427 (JSC::JSStaticScopeObject::putDirectVirtual):
8428 * runtime/JSStaticScopeObject.h:
8429 * runtime/JSVariableObject.cpp:
8430 (JSC::JSVariableObject::putDirectVirtual):
8431 * runtime/JSVariableObject.h:
8433 2012-01-12 Gavin Barraclough <barraclough@apple.com>
8435 Clean up putDirect (part 1)
8436 https://bugs.webkit.org/show_bug.cgi?id=76232
8438 Reviewed by Sam Weinig.
8440 putDirect has ambiguous semantics, clean these up a bit.
8442 putDirect generally behaves a bit like a fast defineOwnProperty, but one that
8443 always creates the property, with no checking to validate the put it permitted.
8445 It also encompasses two slightly different behaviors.
8446 (1) a fast form of put for JSActivation, which doesn't have to handle searching
8447 the prototype chain, getter/setter properties, or the magic __proto__ value.
8448 Break this out as a new method, 'putOwnDataProperty'.
8449 (2) the version of putDirect on JSValue will also check for overwriting ReadOnly
8450 values, in strict mode. This is, however, not so smart on a few level, since
8451 it is only called from op_put_by_id with direct set, which is only used with
8452 an object as the base, and is only used to put new properties onto objects.
8454 * dfg/DFGOperations.cpp:
8455 * interpreter/Interpreter.cpp:
8456 (JSC::Interpreter::privateExecute):
8458 (JSC::DEFINE_STUB_FUNCTION):
8459 * runtime/JSActivation.cpp:
8460 (JSC::JSActivation::put):
8461 * runtime/JSFunction.cpp:
8462 (JSC::JSFunction::getOwnPropertySlot):
8463 * runtime/JSObject.h:
8464 (JSC::JSObject::putOwnDataProperty):
8465 * runtime/JSValue.h:
8467 2012-01-26 Geoffrey Garen <ggaren@apple.com>
8469 Merged TOT revisions: 105698; 105702; 105703; 105713; 105811.
8471 2012-01-24 Geoffrey Garen <ggaren@apple.com>
8473 JSValue::toString() should return a JSString* instead of a UString
8474 https://bugs.webkit.org/show_bug.cgi?id=76861
8476 Fixed two failing layout tests after my last patch.
8478 Reviewed by Gavin Barraclough.
8480 * runtime/ArrayPrototype.cpp:
8481 (JSC::arrayProtoFuncSort): Call value() after calling toString(), as
8484 I missed this case because the JSString* type has a valid operator<,
8485 so the compiler didn't complain.
8487 2012-01-24 Ilya Tikhonovsky <loislo@chromium.org>
8489 Unreviewed build fix for Qt LinuxSH4 build after r105698.
8491 * interpreter/Interpreter.cpp:
8492 (JSC::Interpreter::privateExecute):
8494 2012-01-23 Geoffrey Garen <ggaren@apple.com>
8496 JSValue::toString() should return a JSString* instead of a UString
8497 https://bugs.webkit.org/show_bug.cgi?id=76861
8499 Reviewed by Gavin Barraclough.
8501 This makes the common case -- toString() on a string -- faster and
8502 inline-able. (Not a measureable speedup, but we can now remove a bunch
8503 of duplicate hand-rolled code for this optimization.)
8505 This also clarifies the boundary between "C++ strings" and "JS strings".
8507 In all cases other than true, false, null, undefined, and multi-digit
8508 numbers, the JS runtime was just retrieving a UString from a JSString,
8509 so returning a JSString* is strictly better. In the other cases, we can
8510 optimize to avoid creating a new JSString if we care to, but it doesn't
8511 seem to be a big deal.
8513 * JavaScriptCore.exp: Export!
8520 (functionCheckSyntax):
8523 * API/JSValueRef.cpp:
8524 (JSValueToStringCopy):
8525 * bytecode/CodeBlock.cpp:
8526 (JSC::valueToSourceString): Call value() after calling toString(), to
8527 convert from "JS string" (JSString*) to "C++ string" (UString), since
8528 toString() no longer returns a "C++ string".
8530 * dfg/DFGOperations.cpp:
8531 (JSC::DFG::operationValueAddNotNumber):
8533 (op_add): Updated for removal of toPrimitiveString():
8534 all '+' operands can use toString(), except for object operands, which
8535 need to take a slow path to call toPrimitive().
8537 * runtime/ArrayPrototype.cpp:
8538 (JSC::arrayProtoFuncToString):
8539 (JSC::arrayProtoFuncToLocaleString):
8540 (JSC::arrayProtoFuncJoin):
8541 (JSC::arrayProtoFuncPush):
8542 * runtime/CommonSlowPaths.h:
8543 (JSC::CommonSlowPaths::opIn):
8544 * runtime/DateConstructor.cpp:
8546 * runtime/DatePrototype.cpp:
8547 (JSC::formatLocaleDate): Call value() after calling toString(), as above.
8549 * runtime/ErrorInstance.h:
8550 (JSC::ErrorInstance::create): Simplified down to one canonical create()
8551 function, to make string handling easier.
8553 * runtime/ErrorPrototype.cpp:
8554 (JSC::errorProtoFuncToString):
8555 * runtime/ExceptionHelpers.cpp:
8556 (JSC::createInvalidParamError):
8557 (JSC::createNotAConstructorError):
8558 (JSC::createNotAFunctionError):
8559 (JSC::createNotAnObjectError):
8560 * runtime/FunctionConstructor.cpp:
8561 (JSC::constructFunctionSkippingEvalEnabledCheck):
8562 * runtime/FunctionPrototype.cpp:
8563 (JSC::functionProtoFuncBind):
8564 * runtime/JSArray.cpp:
8565 (JSC::JSArray::sort): Call value() after calling toString(), as above.
8567 * runtime/JSCell.cpp:
8568 * runtime/JSCell.h: Removed JSCell::toString() because JSValue does this
8569 job now. Doing it in JSCell is slower (requires extra type checking), and
8570 creates the misimpression that language-defined toString() behavior is
8571 an implementation detail of JSCell.
8573 * runtime/JSGlobalObjectFunctions.cpp:
8576 (JSC::globalFuncEval):
8577 (JSC::globalFuncParseInt):
8578 (JSC::globalFuncParseFloat):
8579 (JSC::globalFuncEscape):
8580 (JSC::globalFuncUnescape): Call value() after calling toString(), as above.
8582 * runtime/JSONObject.cpp:
8583 (JSC::unwrapBoxedPrimitive):
8584 (JSC::Stringifier::Stringifier):
8585 (JSC::JSONProtoFuncParse): Removed some manual optimization that toString()
8588 * runtime/JSObject.cpp:
8589 (JSC::JSObject::toString):
8590 * runtime/JSObject.h: Updated to return JSString*.
8592 * runtime/JSString.cpp:
8593 * runtime/JSString.h:
8594 (JSC::JSValue::toString): Removed, since I removed JSCell::toString().
8596 * runtime/JSValue.cpp:
8597 (JSC::JSValue::toStringSlowCase): Removed toPrimitiveString(), and re-
8598 spawned toStringSlowCase() from its zombie corpse, since toPrimitiveString()
8599 basically did what we want all the time. (Note that the toPrimitive()
8600 preference changes from NoPreference to PreferString, because that's
8601 how ToString is defined in the language. op_add does not want this behavior.)
8603 * runtime/NumberPrototype.cpp:
8604 (JSC::numberProtoFuncToString):
8605 (JSC::numberProtoFuncToLocaleString): A little simpler, now that toString()
8606 returns a JSString*.
8608 * runtime/ObjectConstructor.cpp:
8609 (JSC::objectConstructorGetOwnPropertyDescriptor):
8610 (JSC::objectConstructorDefineProperty):
8611 * runtime/ObjectPrototype.cpp:
8612 (JSC::objectProtoFuncHasOwnProperty):
8613 (JSC::objectProtoFuncDefineGetter):
8614 (JSC::objectProtoFuncDefineSetter):
8615 (JSC::objectProtoFuncLookupGetter):
8616 (JSC::objectProtoFuncLookupSetter):
8617 (JSC::objectProtoFuncPropertyIsEnumerable): More calls to value(), as above.
8619 * runtime/Operations.cpp:
8620 (JSC::jsAddSlowCase): Need to check for object before taking the toString()
8621 fast path becuase adding an object to a string requires calling toPrimitive()
8622 on the object, not toString(). (They differ in their preferred conversion
8625 * runtime/Operations.h:
8627 (JSC::jsStringFromArguments): This code gets simpler, now that toString()
8628 does the right thing.
8630 (JSC::jsAdd): Now checks for object, just like jsAddSlowCase().
8632 * runtime/RegExpConstructor.cpp:
8633 (JSC::setRegExpConstructorInput):
8634 (JSC::constructRegExp):
8635 * runtime/RegExpObject.cpp:
8636 (JSC::RegExpObject::match):
8637 * runtime/RegExpPrototype.cpp:
8638 (JSC::regExpProtoFuncCompile):
8639 (JSC::regExpProtoFuncToString): More calls to value(), as above.
8641 * runtime/StringConstructor.cpp:
8642 (JSC::constructWithStringConstructor):
8643 (JSC::callStringConstructor): This code gets simpler, now that toString()
8644 does the right thing.
8646 * runtime/StringPrototype.cpp:
8647 (JSC::replaceUsingRegExpSearch):
8648 (JSC::replaceUsingStringSearch):
8649 (JSC::stringProtoFuncReplace):
8650 (JSC::stringProtoFuncCharAt):
8651 (JSC::stringProtoFuncCharCodeAt):
8652 (JSC::stringProtoFuncConcat):
8653 (JSC::stringProtoFuncIndexOf):
8654 (JSC::stringProtoFuncLastIndexOf):
8655 (JSC::stringProtoFuncMatch):
8656 (JSC::stringProtoFuncSearch):
8657 (JSC::stringProtoFuncSlice):
8658 (JSC::stringProtoFuncSplit):
8659 (JSC::stringProtoFuncSubstr):
8660 (JSC::stringProtoFuncSubstring):
8661 (JSC::stringProtoFuncToLowerCase):
8662 (JSC::stringProtoFuncToUpperCase):
8663 (JSC::stringProtoFuncLocaleCompare):
8664 (JSC::stringProtoFuncBig):
8665 (JSC::stringProtoFuncSmall):
8666 (JSC::stringProtoFuncBlink):
8667 (JSC::stringProtoFuncBold):
8668 (JSC::stringProtoFuncFixed):
8669 (JSC::stringProtoFuncItalics):
8670 (JSC::stringProtoFuncStrike):
8671 (JSC::stringProtoFuncSub):
8672 (JSC::stringProtoFuncSup):
8673 (JSC::stringProtoFuncFontcolor):
8674 (JSC::stringProtoFuncFontsize):
8675 (JSC::stringProtoFuncAnchor):
8676 (JSC::stringProtoFuncLink):
8677 (JSC::trimString): Some of this code gets simpler, now that toString()
8678 does the right thing. More calls to value(), as above.
8680 2012-01-24 Yongjun Zhang <yongjun_zhang@apple.com>
8682 <rdar://problem/10092396> TLF: Safari should not jetsam across the top 1M sites (Memory pressure logging)
8686 2012-01-24 Mark Rowe <mrowe@apple.com>
8688 <http://webkit.org/b/75606> [Mac] WTF logging functions should output to both stderr and ASL
8690 We should always log to both ASL and stderr on platforms where this won't result in launchd
8691 duplicating the messages.
8693 Reviewed by Dan Bernstein.
8695 * wtf/Assertions.cpp:
8696 (vprintf_stderr_common):
8698 2012-01-19 Geoffrey Garen <ggaren@apple.com>
8700 Merged TOT revision 105539.
8702 2012-01-19 Geoffrey Garen <ggaren@apple.com>
8704 Removed some regexp entry boilerplate code
8705 https://bugs.webkit.org/show_bug.cgi?id=76687
8707 Reviewed by Darin Adler.
8709 1% - 2% speedup on regexp tests, no change overall.
8711 * runtime/RegExp.cpp:
8712 (JSC::RegExp::match):
8713 - ASSERT that our startIndex is non-negative, because anything less
8714 would be uncivilized.
8716 - ASSERT that our input is not the null string for the same reason.
8718 - No need to test for startOffset being past the end of the string,
8719 since the regular expression engine will do this test for us.
8721 - No need to initialize the output vector, since the regular expression
8722 engine will fill it in for us.
8724 * yarr/YarrInterpreter.cpp:
8725 (JSC::Yarr::Interpreter::interpret):
8727 (JSC::Yarr::YarrGenerator::compile):
8729 RegExp used to do these jobs for us, but now we do them for ourselves
8730 because it's a better separation of concerns, and the JIT can do them
8731 more efficiently than C++ code:
8733 - Test for "past the end" before doing any matching -- otherwise
8734 a* will match with zero length past the end of the string, which is wrong.
8736 - Initialize the output vector before doing any matching.
8738 2012-01-19 Geoffrey Garen <ggaren@apple.com>
8740 Merged TOT revision 105444.
8742 2012-01-19 Geoffrey Garen <ggaren@apple.com>
8744 Implicit creation of a regular expression should eagerly check for syntax errors
8745 https://bugs.webkit.org/show_bug.cgi?id=76642
8747 Reviewed by Oliver Hunt.
8749 This is a correctness fix and a slight optimization.
8751 * runtime/StringPrototype.cpp:
8752 (JSC::stringProtoFuncMatch):
8753 (JSC::stringProtoFuncSearch): Check for syntax errors because that's the
8756 * runtime/RegExp.cpp:
8757 (JSC::RegExp::match): ASSERT that we aren't a syntax error. (One line
8758 of code change, many lines of indentation change.)
8760 Since we have no clients that try to match a RegExp that is a syntax error,
8761 let's optimize out the check.
8763 2012-01-17 Geoffrey Garen <ggaren@apple.com>
8765 Merged TOT revision 105223.
8767 2012-01-17 Geoffrey Garen <ggaren@apple.com>
8769 Factored out some code into a helper function.
8771 I think this might help getting rid of omit-frame-pointer.
8773 Reviewed by Sam Weinig.
8775 No benchmark change.
8777 * runtime/StringPrototype.cpp:
8778 (JSC::removeUsingRegExpSearch): Moved to here...
8779 (JSC::replaceUsingRegExpSearch): ...from here.
8781 2012-01-12 Gavin Barraclough <barraclough@apple.com>
8783 Merged ToT revisions 104602, 104604, 104611, 104620, 104777, 104784, 104836, 104871.
8785 2012-01-12 Gavin Barraclough <barraclough@apple.com>
8787 https://bugs.webkit.org/show_bug.cgi?id=76141
8788 defineSetter/defineGetter may fail to update Accessor attribute
8790 Reviewed by Oliver Hunt.
8792 * runtime/JSObject.cpp:
8793 (JSC::JSObject::defineGetter):
8794 (JSC::JSObject::initializeGetterSetterProperty):
8795 (JSC::JSObject::defineSetter):
8796 * runtime/Structure.cpp:
8797 (JSC::Structure::attributeChangeTransition):
8798 * runtime/Structure.h:
8800 2012-01-11 Gavin Barraclough <barraclough@apple.com>
8802 Allow accessor get/set property to be set to undefined
8803 https://bugs.webkit.org/show_bug.cgi?id=76148
8805 Reviewed by Oliver Hunt.
8807 AccessorDescriptor properties may have their get & set properties defined to reference a function
8808 (Callable object) or be set to undefined. Valid PropertyDescriptors created by toPropertyDescriptor
8809 (defined from JS code via Object.defineProperty, etc) have get and set properties that are in one of
8810 three states (1) nonexistent, (2) set to undefined, or (3) a function (any Callable object).
8812 On the PropertyDescriptor object these three states are represneted by JSValue(), jsUndefined(), and
8813 any JSObject* (with a constraint that this must be callable).
8815 Logically the get/set property of an accessor descriptor on an object might be in any of the three
8816 states above, but in practice there is no way to distinguish between the first two states. As such
8817 we stor the get/set values in property storage in a JSObject* field, with 0 indicating absent or
8818 undefined. When unboxing to a PropertyDescriptor, map this back to a JS undefined value.
8820 * runtime/GetterSetter.h:
8821 (JSC::GetterSetter::setGetter):
8822 (JSC::GetterSetter::setSetter):
8823 - Allow the getter/setter to be cleared.
8824 * runtime/JSArray.cpp:
8825 (JSC::JSArray::putDescriptor):
8826 - Changed to call getterObject/setterObject.
8827 (JSC::JSArray::defineOwnNumericProperty):
8829 * runtime/JSObject.cpp:
8830 (JSC::putDescriptor):
8831 (JSC::JSObject::defineOwnProperty):
8832 - Changed to call getterObject/setterObject.
8833 * runtime/ObjectConstructor.cpp:
8834 (JSC::objectConstructorGetOwnPropertyDescriptor):
8835 - getter/setter values read from properties on object are never missing, they will now be set as undefined by 'setDescriptor'.
8836 (JSC::toPropertyDescriptor):
8837 - Do not translate undefined->empty, this loses an important distinction between a get/set property being absent, or being explicitly set to undefined.
8838 * runtime/PropertyDescriptor.cpp:
8839 (JSC::PropertyDescriptor::getterObject):
8840 (JSC::PropertyDescriptor::setterObject):
8841 - Accessors to convert the get/set property to an object pointer, converting undefined to 0.
8842 (JSC::PropertyDescriptor::setDescriptor):
8843 (JSC::PropertyDescriptor::setAccessorDescriptor):
8844 - Translate a getter/setter internally represented at 0 to undefined, indicating that it is present.
8845 * runtime/PropertyDescriptor.h:
8846 - Declare getterObject/setterObject.
8848 2012-01-11 Gavin Barraclough <barraclough@apple.com>
8850 Merge 'Getter'/'Setter' attributes into 'Accessor'
8851 https://bugs.webkit.org/show_bug.cgi?id=76141
8853 Reviewed by Filip Pizlo.
8855 These are currently ambiguous (and used inconsistently). It would logically appear
8856 that either being bit set implies that the corresponding type of accessor is present
8857 but (a) we don't correctly enforce this, and (b) this means the attributes would not
8858 be able to distinguish between a data descriptor and an accessor descriptor with
8859 neither a getter nor setter defined (which is a descriptor permissible under the spec).
8860 This ambiguity would lead to unsafe property caching behavior (though this does not
8861 represent an actual current bug, since we are currently unable to create descriptors
8862 that have neither a getter nor setter, it just prevents us from doing so).
8864 * runtime/Arguments.cpp:
8865 (JSC::Arguments::createStrictModeCallerIfNecessary):
8866 (JSC::Arguments::createStrictModeCalleeIfNecessary):
8867 * runtime/JSArray.cpp:
8868 (JSC::SparseArrayValueMap::put):
8869 (JSC::JSArray::putDescriptor):
8870 * runtime/JSBoundFunction.cpp:
8871 (JSC::JSBoundFunction::finishCreation):
8872 * runtime/JSFunction.cpp:
8873 (JSC::JSFunction::getOwnPropertySlot):
8874 (JSC::JSFunction::getOwnPropertyDescriptor):
8875 * runtime/JSObject.cpp:
8876 (JSC::JSObject::defineGetter):
8877 (JSC::JSObject::initializeGetterSetterProperty):
8878 (JSC::JSObject::defineSetter):
8879 (JSC::putDescriptor):
8880 (JSC::JSObject::defineOwnProperty):
8881 * runtime/JSObject.h:
8882 * runtime/ObjectConstructor.cpp:
8883 (JSC::objectConstructorDefineProperty):
8884 * runtime/PropertyDescriptor.cpp:
8885 (JSC::PropertyDescriptor::setDescriptor):
8886 (JSC::PropertyDescriptor::setAccessorDescriptor):
8887 (JSC::PropertyDescriptor::setSetter):
8888 (JSC::PropertyDescriptor::setGetter):
8889 (JSC::PropertyDescriptor::attributesOverridingCurrent):
8891 2012-01-11 Gavin Barraclough <barraclough@apple.com>
8893 Object.defineProperty([], 'length', {}) should not make length read-only
8894 https://bugs.webkit.org/show_bug.cgi?id=76097
8896 Reviewed by Oliver Hunt.
8898 * runtime/JSArray.cpp:
8899 (JSC::JSArray::defineOwnProperty):
8900 - We should be checking writablePresent().
8902 2012-01-10 Gavin Barraclough <barraclough@apple.com>
8906 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
8908 2012-01-10 Gavin Barraclough <barraclough@apple.com>
8910 Use SameValue to compare property descriptor values
8911 https://bugs.webkit.org/show_bug.cgi?id=75975
8913 Reviewed by Sam Weinig.
8915 Rather than strictEqual.
8917 * runtime/JSArray.cpp:
8918 (JSC::JSArray::defineOwnNumericProperty):
8919 - Missing configurablePresent() check.
8920 * runtime/JSObject.cpp:
8921 (JSC::JSObject::defineOwnProperty):
8923 * runtime/PropertyDescriptor.cpp:
8925 - Moved from JSArray.cpp, fix NaN comparison.
8926 (JSC::PropertyDescriptor::equalTo):
8928 * runtime/PropertyDescriptor.h:
8929 - Added declaration for sameValue.
8930 2011-12-26 Gavin Barraclough <barraclough@apple.com>
8932 Build fix following https://bugs.webkit.org/show_bug.cgi?id=75935
8936 * runtime/JSArray.cpp:
8937 (JSC::JSArray::getOwnPropertyNames):
8938 (JSC::JSArray::setLength):
8940 2012-01-10 Gavin Barraclough <barraclough@apple.com>
8942 Do not allow Array length to be set if it is non-configurable
8943 https://bugs.webkit.org/show_bug.cgi?id=75935
8945 Reviewed by Sam Weinig.
8947 Do not allow Array length to be set if it is non-configurable, and if the new
8948 length is less than the old length then intervening properties should removed
8949 in reverse order. Removal of properties should cease if an intervening indexed
8950 property being removed is non-configurable.
8952 * JavaScriptCore.exp:
8953 - Removed export for setLength.
8954 * runtime/ArrayPrototype.cpp:
8955 (JSC::arrayProtoFuncConcat):
8956 - JSArray::setLength now takes an ExecState*
8957 (JSC::arrayProtoFuncSlice):
8958 - JSArray::setLength now takes an ExecState*
8959 * runtime/JSArray.cpp:
8960 (JSC::JSArray::defineOwnProperty):
8961 - JSArray::setLength now takes an ExecState*
8962 (JSC::JSArray::put):
8963 - JSArray::setLength now takes an ExecState*
8964 (JSC::compareKeysForQSort):
8965 - Keys extracted from the map can be stored as unsigneds.
8966 (JSC::JSArray::getOwnPropertyNames):
8967 - Keys extracted from the map can be stored as unsigneds.
8968 (JSC::JSArray::setLength):
8969 - Check lengthIsReadOnly(), rather than copying the entire map to iterate
8970 over to determine which keys to remove, instead just copy the keys from
8971 the map to a Vector. When inSparseMode sort the keys in the Vector so
8972 that we can remove properties in reverse order.
8973 * runtime/JSArray.h:
8974 - JSArray::setLength now takes an ExecState*
8976 2012-01-11 Geoffrey Garen <ggaren@apple.com>
8978 Merged TOT revision 104770.
8980 2012-01-11 Geoffrey Garen <ggaren@apple.com>
8982 Bytecode dumping is broken for call opcodes (due to two new operands)
8983 https://bugs.webkit.org/show_bug.cgi?id=75886
8985 Reviewed by Oliver Hunt.
8987 * bytecode/CodeBlock.cpp:
8988 (JSC::CodeBlock::printCallOp): Made a helper function, so I wouldn't have
8989 to fix this more than once. The helper function skips the extra two operands
8990 at the end of the opcode, used for optimization.
8992 (JSC::CodeBlock::dump): Used the helper function.
8994 2012-01-09 Geoffrey Garen <ggaren@apple.com>
8996 Merged TOT revision 104762.
8998 2012-01-09 Geoffrey Garen <ggaren@apple.com>
9000 REGRESSION: d3 Bullet Charts demo doesn't work (call with argument assignment is broken)
9001 https://bugs.webkit.org/show_bug.cgi?id=75911
9003 * bytecompiler/BytecodeGenerator.h:
9004 (JSC::BytecodeGenerator::emitNodeForLeftHandSide): Cleanup: No need to
9005 explicitly cast to our return type in C++.
9007 * bytecompiler/NodesCodegen.cpp:
9008 (JSC::FunctionCallResolveNode::emitBytecode):
9009 (JSC::ApplyFunctionCallDotNode::emitBytecode): Make sure to copy our function
9010 into a temporary register before evaluating our arguments, since argument
9011 evaluation might include function calls or assignments that overwrite our callee by name.
9013 2012-01-11 Michael Saboff <msaboff@apple.com>
9015 Merged ToT revision 104751
9017 2012-01-11 Michael Saboff <msaboff@apple.com>
9019 v8-regexp spends 35% of its time allocating and copying internal regexp results data
9020 https://bugs.webkit.org/show_bug.cgi?id=76079
9022 Reviewed by Geoffrey Garen.
9024 Added a new RegExpResults struct that has the input string, the number of
9025 subexpressions and the output vector. Changed RegExpConstructor to
9026 include a RegExpConstructorPrivate instead of having a reference to one.
9027 Changed RegExpMatchesArray to include a RegExpResults instead of a
9028 reference to a RegExpConstructorPrivate. Created an overloaded assignment
9029 operator to assign a RegExpConstructorPrivate to a RegExpResults.
9030 Collectively this change is worth 24% performance improvement to v8-regexp.
9032 * runtime/RegExpConstructor.cpp:
9033 (JSC::RegExpResult::operator=):
9034 (JSC::RegExpConstructor::RegExpConstructor):
9035 (JSC::RegExpMatchesArray::RegExpMatchesArray):
9036 (JSC::RegExpMatchesArray::finishCreation):
9037 (JSC::RegExpMatchesArray::~RegExpMatchesArray):
9038 (JSC::RegExpMatchesArray::fillArrayInstance):
9039 (JSC::RegExpConstructor::arrayOfMatches):
9040 (JSC::RegExpConstructor::getBackref):
9041 (JSC::RegExpConstructor::getLastParen):
9042 (JSC::RegExpConstructor::getLeftContext):
9043 (JSC::RegExpConstructor::getRightContext):
9044 (JSC::RegExpConstructor::setInput):
9045 (JSC::RegExpConstructor::input):
9046 (JSC::RegExpConstructor::setMultiline):
9047 (JSC::RegExpConstructor::multiline):
9048 * runtime/RegExpConstructor.h:
9049 (JSC::RegExpResult::RegExpResult):
9050 (JSC::RegExpConstructor::performMatch):
9051 * runtime/RegExpMatchesArray.h:
9052 (JSC::RegExpMatchesArray::create):
9053 (JSC::RegExpMatchesArray::getOwnPropertySlot):
9054 (JSC::RegExpMatchesArray::getOwnPropertySlotByIndex):
9055 (JSC::RegExpMatchesArray::getOwnPropertyDescriptor):
9056 (JSC::RegExpMatchesArray::put):
9057 (JSC::RegExpMatchesArray::putByIndex):
9058 (JSC::RegExpMatchesArray::deleteProperty):
9059 (JSC::RegExpMatchesArray::deletePropertyByIndex):
9060 (JSC::RegExpMatchesArray::getOwnPropertyNames):
9062 2012-01-10 Filip Pizlo <fpizlo@apple.com>
9064 Merged ToT revision r103023.
9066 2011-12-15 Filip Pizlo <fpizlo@apple.com>
9068 Value profiling should distinguished between NaN and non-NaN doubles
9069 https://bugs.webkit.org/show_bug.cgi?id=74682
9071 Reviewed by Gavin Barraclough.
9073 Added PredictDoubleReal and PredictDoubleNaN. PredictDouble is now the union
9076 * bytecode/PredictedType.cpp:
9077 (JSC::predictionToString):
9078 (JSC::predictionFromValue):
9079 * bytecode/PredictedType.h:
9080 (JSC::isDoubleRealPrediction):
9081 (JSC::isDoublePrediction):
9083 2012-01-10 Filip Pizlo <fpizlo@apple.com>
9085 Merged ToT revision r104630.
9087 2012-01-10 Filip Pizlo <fpizlo@apple.com>
9089 CodeBlock::m_numParameters should be encapsulated
9090 https://bugs.webkit.org/show_bug.cgi?id=75985
9091 <rdar://problem/10671020>
9093 Reviewed by Oliver Hunt.
9095 Encapsulated CodeBlock::m_numParameters and hooked argument profile creation
9096 into it. This appears to be performance neutral.
9098 * bytecode/CodeBlock.cpp:
9099 (JSC::CodeBlock::CodeBlock):
9100 (JSC::CodeBlock::setNumParameters):
9101 (JSC::CodeBlock::addParameter):
9102 * bytecode/CodeBlock.h:
9103 (JSC::CodeBlock::numParameters):
9104 (JSC::CodeBlock::addressOfNumParameters):
9105 (JSC::CodeBlock::offsetOfNumParameters):
9106 (JSC::CodeBlock::numberOfArgumentValueProfiles):
9107 * bytecompiler/BytecodeGenerator.cpp:
9108 (JSC::BytecodeGenerator::BytecodeGenerator):
9109 (JSC::BytecodeGenerator::addParameter):
9110 (JSC::BytecodeGenerator::emitReturn):
9111 * dfg/DFGAbstractState.cpp:
9112 (JSC::DFG::AbstractState::AbstractState):
9113 * dfg/DFGByteCodeParser.cpp:
9114 (JSC::DFG::ByteCodeParser::ByteCodeParser):
9115 (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
9117 (JSC::DFG::Graph::predictArgumentTypes):
9118 * dfg/DFGJITCompiler.cpp:
9119 (JSC::DFG::JITCompiler::compileFunction):
9120 * dfg/DFGOperations.cpp:
9121 * dfg/DFGSpeculativeJIT.cpp:
9122 (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
9123 * dfg/DFGSpeculativeJIT.h:
9124 (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
9125 * interpreter/Interpreter.cpp:
9126 (JSC::Interpreter::slideRegisterWindowForCall):
9127 (JSC::Interpreter::dumpRegisters):
9128 (JSC::Interpreter::execute):
9129 (JSC::Interpreter::prepareForRepeatCall):
9131 (JSC::JIT::privateCompile):
9133 (JSC::arityCheckFor):
9135 * runtime/Executable.cpp:
9136 (JSC::FunctionExecutable::compileForCallInternal):
9137 (JSC::FunctionExecutable::compileForConstructInternal):
9139 2012-01-9 Michael Saboff <msaboff@apple.com>
9141 Merged ToT WebKit r104429
9143 2012-01-08 Ryosuke Niwa <rniwa@webkit.org>
9145 WinCE build fix after r104415.
9147 * jit/JITExceptions.cpp:
9148 * jit/JITExceptions.h:
9150 2012-01-08 Filip Pizlo <fpizlo@apple.com>
9152 Merged ToT WebKit r104415.
9154 2012-01-08 Filip Pizlo <fpizlo@apple.com>
9156 The JIT's protocol for exception handling should be available to other parts of the system
9157 https://bugs.webkit.org/show_bug.cgi?id=75808
9158 <rdar://problem/10661025>
9160 Reviewed by Oliver Hunt.
9163 * GNUmakefile.list.am:
9164 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
9165 * JavaScriptCore.xcodeproj/project.pbxproj:
9167 * jit/JITExceptions.cpp: Added.
9168 (JSC::genericThrow):
9170 * jit/JITExceptions.h: Added.
9172 * runtime/JSGlobalData.h:
9174 2012-01-08 Filip Pizlo <fpizlo@apple.com>
9176 Merged ToT WebKit r104349.
9178 2012-01-06 Filip Pizlo <fpizlo@apple.com>
9180 JIT stub slow paths that would be identical to that of an interpreter should be factored out
9181 https://bugs.webkit.org/show_bug.cgi?id=75743
9182 <rdar://problem/10657024>
9184 Reviewed by Geoff Garen.
9186 * GNUmakefile.list.am:
9187 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
9188 * JavaScriptCore.xcodeproj/project.pbxproj:
9190 (JSC::DEFINE_STUB_FUNCTION):
9191 * runtime/CommonSlowPaths.h: Added.
9192 (JSC::CommonSlowPaths::opInstanceOfSlow):
9193 (JSC::CommonSlowPaths::opIn):
9194 (JSC::CommonSlowPaths::opResolve):
9195 (JSC::CommonSlowPaths::opResolveSkip):
9196 (JSC::CommonSlowPaths::opResolveWithBase):
9197 (JSC::CommonSlowPaths::opResolveWithThis):
9199 2012-01-06 Filip Pizlo <fpizlo@apple.com>
9201 Fixing jsc so that it will run without crashing on device.
9203 Reviewed by Gavin Barraclough.
9208 2012-01-05 Michael Saboff <msaboff@apple.com>
9210 Merged ToT WebKit JavaScriptCore Changes up to r104219
9212 This change includes merges from OpenSource from the following JavaScriptCore
9213 changes sets and corresponding changes in other parts of WebCore where needed.
9214 It also includes the proposed fix for bugzilla bug 75595.
9215 r100006 r100030 r100031 r100037 r100039 r100080 r100081 r100082 r100095 r100165
9216 r100166 r100167 r100168 r100171 r100175 r100195 r100197 r100200 r100202 r100205
9217 r100205 r100208 r100219 r100221 r100223 r100224 r100227 r100242 r100244 r100260
9218 r100310 r100314 r100315 r100320 r100363 r100375 r100385 r100391 r100405 r100412
9219 r100417 r100418 r100462 r100469 r100493 r100510 r100514 r100516 r100518 r100521
9220 r100523 r100527 r100537 r100540 r100544 r100556 r100672 r100729 r100810 r100820
9221 r100822 r100829 r100876 r100878 r100879 r100880 r100881 r100883 r100888 r100972
9222 r100975 r101042 r101054 r101147 r101148 r101151 r101152 r101186 r101187 r101217
9223 r101278 r101283 r101291 r101295 r101298 r101304 r101305 r101324 r101332 r101334
9224 r101426 r101443 r101447 r101448 r101450 r101457 r101473 r101521 r101528 r101539
9225 r101582 r101598 r101604 r101615 r101639 r101693 r101713 r101729 r101747 r101806
9226 r101886 r101910 r101942 r101945 r101946 r101964 r102011 r102017 r102028 r102038
9227 r102042 r102057 r102059 r102061 r102065 r102082 r102084 r102146 r102167 r102169
9228 r102179 r102182 r102194 r102200 r102220 r102261 r102293 r102295 r102298 r102302
9229 r102380 r102442 r102459 r102475 r102485 r102489 r102508 r102509 r102522 r102534
9230 r102545 r102546 r102547 r102549 r102550 r102623 r102629 r102631 r102692 r102694
9231 r102707 r102709 r102723 r102728 r102743 r102811 r102831 r102869 r102917 r102931
9232 r103023 r103028 r103083 r103127 r103144 r103202 r103218 r103243 r103287 r103292
9233 r103294 r103299 r103306 r103356 r103364 r103380 r103384 r103390 r103392 r103482
9234 r103522 r103587 r103594 r103598 r103599 r103604 r103626 r103636 r103637 r103641
9235 r103665 r103672 r103674 r103689 r103691 r103697 r103698 r103699 r103728 r103758
9236 r103792 r103818 r103823 r103887 r103921 r103922 r103924 r103926 r103958 r103960
9237 r103964 r103981 r104016 r104086 r104090 r104094 r104105 r104107 r104119 r104120
9238 r104184 r104212 r104219
9240 2011-12-19 Gavin Barraclough <barraclough@apple.com>
9242 <rdar://problem/10537229> MERGE2: Crash on http://alibaba.com/
9244 Merged ToT WebKit r102200, r102811, and r103294.
9246 2011-12-06 Filip Pizlo <fpizlo@apple.com>
9248 DFG 32_64 call linking does not handle non-cell callees correctly
9249 https://bugs.webkit.org/show_bug.cgi?id=73965
9251 Reviewed by Sam Weinig.
9253 * dfg/DFGSpeculativeJIT32_64.cpp:
9254 (JSC::DFG::SpeculativeJIT::emitCall):
9256 2011-12-14 Gavin Barraclough <barraclough@apple.com>
9258 DFG relies on returning a struct in registers
9259 https://bugs.webkit.org/show_bug.cgi?id=74527
9261 Reviewed by Geoff Garen.
9263 This will not work on all platforms. Returning a uint64_t will more reliably achieve
9264 what we want, on 32-bit platforms (on 64-bit, stick with the struct return).
9266 * dfg/DFGOperations.cpp:
9267 * dfg/DFGOperations.h:
9268 (JSC::DFG::DFGHandler::dfgHandlerEncoded):
9270 2011-12-19 Gavin Barraclough <barraclough@apple.com>
9272 https://bugs.webkit.org/show_bug.cgi?id=74903
9273 Exceptions not thrown correctly from DFG JIT on 32bit
9275 Reviewed by Oliver Hunt.
9277 Arguments for lookupExceptionHandler are not setup correctly.
9278 In the case of ARMv7 we rely on lr being preserved over a call,
9279 this in invalid. On x86 we don't should be poking the arguments onto the stack!
9281 * bytecode/CodeBlock.h:
9282 (JSC::CodeBlock::bytecodeOffsetForCallAtIndex):
9283 * dfg/DFGAssemblyHelpers.h:
9284 (JSC::DFG::AssemblyHelpers::restoreReturnAddressBeforeReturn):
9286 * dfg/DFGJITCompiler.cpp:
9287 (JSC::DFG::JITCompiler::compileBody):
9288 * dfg/DFGJITCompiler.h:
9289 (JSC::DFG::JITCompiler::addExceptionCheck):
9290 (JSC::DFG::JITCompiler::addFastExceptionCheck):
9291 * dfg/DFGOperations.cpp:
9292 * dfg/DFGOperations.h:
9294 2011-12-18 Benjamin Poulain <bpoulain@apple.com>
9296 De-virtualize iOS methods of for JSObjects
9298 Reviewed by NOBODY (OOPS!).
9300 The patches r98203 and r99997 remove the virtual functions from JSObjects.
9302 After r103083, the iOS virtual functions break the build because the virtual
9303 destructors are removed.
9305 This patch implement shouldInterruptScriptBeforeTimeout() in a non-virtual way,
9306 similarly to what was done in r99997.
9308 * runtime/JSGlobalObject.cpp:
9309 * runtime/JSGlobalObject.h:
9310 (JSC::JSGlobalObject::shouldInterruptScriptBeforeTimeout):
9311 * runtime/TimeoutChecker.cpp:
9312 (JSC::TimeoutChecker::didTimeOut):
9314 2011-12-09 Joseph Pecoraro <pecoraro@apple.com>
9316 <rdar://problem/9878650> Remove WebInspectorServer*HTTP code
9318 Reviewed by David Kilzer.
9320 * Configurations/FeatureDefines.xcconfig: Remove ENABLE_HTTP_INSPECTOR_SERVER
9322 2011-12-09 Joseph Pecoraro <pecoraro@apple.com>
9324 Merged ToT WebKit r102011.
9326 2011-12-06 Filip Pizlo <fpizlo@apple.com>
9328 Zapping a block that is Marked leads to dead objects being mistaken for live ones
9329 https://bugs.webkit.org/show_bug.cgi?id=73982
9331 Reviewed by Geoff Garen.
9333 Changed the zapping code to ignore blocks that are Marked or Zapped. Additionally,
9334 the code asserts that:
9336 - If we zap a Marked or Zapped block then the free list is empty, because this
9337 can only happen if the block was never free-listed.
9339 - Zapping can only happen for Marked, Zapped, or FreeListed blocks, since Allocated
9340 blocks are those that cannot be referred to by SizeClass::currentBlock (since
9341 SizeClass::currentBlock only refers to blocks that are candidates for allocation,
9342 and Allocated blocks are those who have been exhausted by allocation and will not
9343 be allocated from again), and New blocks cannot be referred to by anything except
9344 during a brief window inside the allocation slow-path.
9346 * heap/MarkedBlock.cpp:
9347 (JSC::MarkedBlock::zapFreeList):
9349 2011-11-29 Jer Noble <jer.noble@apple.com>
9351 iOS: Enable the Web Audio API
9352 <rdar://problem/10388394>
9354 Reviewed by NOBODY (OOPS!).
9356 Define the ENABLE_WEB_AUDIO macro in PLATFORM(IOS).
9358 * Configurations/FeatureDefines.xcconfig:
9361 2011-12-06 Joseph Pecoraro <pecoraro@apple.com>
9363 Merged ToT WebKit r102011.
9365 2011-12-01 Gavin Barraclough <barraclough@apple.com>
9367 https://bugs.webkit.org/show_bug.cgi?id=73624
9368 JIT + INTERPRETER builds are broken
9370 Reviewed by Geoff Garen, Sam Weinig.
9372 These don't fallback to the interpreter correctly.
9373 Thunk creation assumes that is the JIT is compiled in, then it is enabled.
9376 (JSC::JITThunks::JITThunks):
9377 * runtime/Executable.h:
9378 (JSC::NativeExecutable::create):
9379 (JSC::NativeExecutable::finishCreation):
9380 * runtime/JSGlobalData.cpp:
9381 (JSC::JSGlobalData::getHostFunction):
9383 2011-12-06 Joseph Pecoraro <pecoraro@apple.com>
9385 Merged ToT WebKit r102011.
9387 2011-12-01 Gavin Barraclough <barraclough@apple.com>
9389 https://bugs.webkit.org/show_bug.cgi?id=73624
9390 JIT + INTERPRETER builds are broken
9392 Reviewed by Geoff Garen, Sam Weinig.
9394 These don't fallback to the interpreter correctly.
9395 Thunk creation assumes that is the JIT is compiled in, then it is enabled.
9398 (JSC::JITThunks::JITThunks):
9399 * runtime/Executable.h:
9400 (JSC::NativeExecutable::create):
9401 (JSC::NativeExecutable::finishCreation):
9402 * runtime/JSGlobalData.cpp:
9403 (JSC::JSGlobalData::getHostFunction):
9405 2011-12-05 David Kilzer <ddkilzer@apple.com>
9407 <rdar://problem/10525873> Homebrew: JavaScriptCore-1009 failed to build ( #error Target architecture was not detected as supported by Double-Conversion. )
9409 Reviewed by Ian Henderson and Cameron "Nobody would design an FPU like Intel did these days" Zwarich.
9411 * wtf/dtoa/utils.h: Define
9412 DOUBLE_CONVERSION_CORRECT_DOUBLE_OPERATIONS for CPU(ARM64).
9414 2011-12-03 Benjamin Poulain <bpoulain@apple.com>
9416 Merge WebKit ToT 100518.
9418 2011-11-16 Patrick Gansterer <paroga@webkit.org>
9420 Unreviewed. Build fix for !ENABLE(JIT) after r100363.
9422 * bytecode/CodeBlock.h:
9424 2011-11-14 Joseph Pecoraro <pecoraro@apple.com>
9426 Remove unused StringImpl::wordCount.
9428 Reviewed by Paul Knight.
9430 * wtf/text/StringImpl.cpp:
9431 * wtf/text/StringImpl.h:
9433 2011-11-10 David Kilzer <ddkilzer@apple.com>
9435 <rdar://problem/10423071> /System/Library/Frameworks/JavaScriptCore.framework should not exist, but does (72049)
9437 Merged ToT WebKit r99906.
9439 2011-11-10 David Kilzer <ddkilzer@apple.com>
9441 <http://webkit.org/b/72049> Specify testapi.js install path using JAVASCRIPTCORE_FRAMEWORKS_DIR
9443 Reviewed by Joseph Pecoraro.
9445 * JavaScriptCore.xcodeproj/project.pbxproj: The testapi.js
9446 script should use JAVASCRIPTCORE_FRAMEWORKS_DIR in its dstPath
9447 for installation. Also removed "Versions/A/" from the path
9448 since this is unneeded due the default symlinks present in the
9451 2011-11-04 Pratik Solanki <psolanki@apple.com>
9453 Merged ToT WebKit r99333 to fix compiler warning in debug builds.
9455 2011-11-04 Pratik Solanki <psolanki@apple.com>
9457 sqrtDouble and andnotDouble should be declared noreturn
9458 https://bugs.webkit.org/show_bug.cgi?id=71592
9460 Reviewed by Sam Weinig.
9462 * assembler/MacroAssemblerARMv7.h:
9464 2011-10-16 David Kilzer <ddkilzer@apple.com>
9466 <rdar://problem/10291619> Fix arm64 build of JavaScriptCore, WebCore, WebKit
9468 Reviewed by Cameron Zwarich.
9470 * Configurations/Base.xcconfig: Don't use -Wshorten-64-to-32
9471 when building arm64. This matches Mac OS X 64-bit builds.
9472 * Configurations/JavaScriptCore.xcconfig: Set
9473 JSVALUE_MODEL_arm64 so the correct export file is found.
9474 * heap/MachineStackMarker.cpp: Update for arm64.
9475 (JSC::getPlatformThreadRegisters):
9476 (JSC::otherThreadStackPointer):
9477 * wtf/Platform.h: Define CPU(ARM64) and WTF_ARM_ARCH_VERSION for
9478 arm64 architecture. Disable the JIT on arm64 because it does
9479 not exist. Set WTF_USE_JSVALUE64 for arm64.
9481 2011-10-14 David Kilzer <ddkilzer@apple.com>
9483 <rdar://problem/10255213> JavaScriptCore_Sim fails to build for x86_64
9485 Reviewed by Joseph Pecoraro.
9487 * Configurations/Base.xcconfig: Don't use -Wshorten-64-to-32
9488 when building the 64-bit simulator. Matches Mac OS X 64-bit
9490 * wtf/Platform.h: Removed IOS_4_3_OR_LATER macro. Updated
9491 interpreter/JIT/YARR settings to separate iOS Simulator from
9492 current hardware, and removed old iOS and armv6 settings. This
9493 fixes a bug where WTF_USE_JSVALUE32_64 was being set for the
9494 simulator regardless of architecture.
9496 2011-09-30 Dan Bernstein <mitz@apple.com>
9498 Reviewed by Dave Kilzer.
9500 Renamed iPhone.xcconfig to iOS.xcconfig
9502 * Configurations/iOS.xcconfig: Copied from Source/JavaScriptCore/Configurations/iPhone.xcconfig.
9503 * Configurations/iPhone.xcconfig: Removed.
9504 * JavaScriptCore.xcodeproj/project.pbxproj:
9506 2011-09-22 Dan Bernstein <mitz@apple.com>
9508 Reviewed by Sam Weinig.
9510 Renamed directories and groups in the Xcode project from "iphone" to "ios".
9512 * JavaScriptCore.xcodeproj/project.pbxproj:
9513 * wtf/CrossThreadRefCounted.h:
9514 * wtf/MainThread.cpp:
9515 * wtf/ios: Copied from Source/JavaScriptCore/wtf/iphone.
9516 * wtf/iphone: Removed.
9517 * wtf/iphone/WebCoreThread.cpp: Removed.
9518 * wtf/iphone/WebCoreThread.h: Removed.
9520 2011-09-01 David Kilzer <ddkilzer@apple.com>
9522 Part 2 of 2: <rdar://problem/9139206> Build iOS WebKit with clang
9524 Reviewed by David Carson.
9526 * Configurations/CompilerVersion.xcconfig: Switch to using clang
9527 for both iphoneos and iphonesimulator platforms.
9529 2011-08-24 Matt Lilek <mlilek@apple.com>
9531 <rdar://problem/10018843> iOS: CVE-2011-2788: Buffer overrun in WebCore::InspectorBasicValue::writeJSON (52791)
9533 Merge OpenSource r88444.
9535 2011-06-08 Mikołaj Małecki <m.malecki@samsung.com>
9537 Reviewed by Pavel Feldman.
9539 Web Inspector: Crash by buffer overrun crash when serializing inspector object tree.
9540 https://bugs.webkit.org/show_bug.cgi?id=52791
9542 No new tests. The problem can be reproduced by trying to create InspectorValue
9543 from 1.0e-100 and call ->toJSONString() on this.
9545 * JavaScriptCore.exp:
9546 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
9547 export 2 functions DecimalNumber::bufferLengthForStringExponential and
9548 DecimalNumber::toStringExponential.
9550 2011-08-19 David Kilzer <ddkilzer@apple.com>
9552 <rdar://problem/9987571> iOS: REGRESSION: crash in JSC::setUpStaticFunctionSlot, found on jsfunfuzz
9554 Merged ToT WebKit r93048.
9556 2011-08-15 Gavin Barraclough <barraclough@apple.com>
9558 Crash accessing static property on sealed object
9559 https://bugs.webkit.org/show_bug.cgi?id=66242
9561 Reviewed by Sam Weinig.
9563 * runtime/JSObject.h:
9564 (JSC::JSObject::putDirectInternal):
9565 - should only check isExtensible if checkReadOnly.
9567 2011-08-16 Michael Saboff <msaboff@apple.com>
9569 <rdar://problem/9931094> REGRESSION (9A294-9A296): Crash in Structure::visitChildren running iAd.js regression test suite under memory pressure
9570 https://bugs.webkit.org/show_bug.cgi?id=66351
9572 Merge OpenSource r93189.
9574 2011-08-16 Michael Saboff <msaboff@apple.com>
9576 Crash in Structure::visitChildren running iAd.js regression test suite under memory pressure
9577 https://bugs.webkit.org/show_bug.cgi?id=66351
9579 JIT::privateCompilePutByIdTransition expects that regT0 and regT1
9580 have the basePayload and baseTag respectively. In some cases,
9581 we may get to this generated code with one or both of these
9582 registers trash. One know case is that regT0 on ARM may be
9583 trashed as regT0 (r0) is also arg0 and can be overrun with sp due
9584 to calls to JIT::restoreReturnAddress(). This patch uses the
9585 values on the stack. A longer term solution is to work out all
9586 cases so that the register entry assumptions can assured.
9588 While fixing this, also determined that the additional stack offset
9589 of sizeof(void*) is not needed for ARM.
9591 Reviewed by Gavin Barraclough.
9593 * jit/JITPropertyAccess32_64.cpp:
9594 (JSC::JIT::privateCompilePutByIdTransition):
9596 2011-07-31 Matt Lilek <mlilek@apple.com>
9598 <rdar://problem/9778751> iOS: CSSPrimitiveValue::getIntValue() and getFloatValue() should clamp to avoid overflow (53449)
9600 Merge OpenSource r89705.
9602 2011-06-24 Abhishek Arya <inferno@chromium.org>
9604 Reviewed by Darin Adler.
9606 Match other clampTo* functions in style with clampToInteger(float)
9608 https://bugs.webkit.org/show_bug.cgi?id=53449
9613 (clampToPositiveInteger):
9615 2011-07-31 Matt Lilek <mlilek@apple.com>
9617 <rdar://problem/9739105> iOS: Crash running regexp /(?:(?=g))|(?:m).{2147483648,}/ (61585)
9619 Merge OpenSource r89614.
9621 2011-06-23 Gavin Barraclough <barraclough@apple.com>
9623 Reviewed by Oliver Hunt.
9625 https://bugs.webkit.org/show_bug.cgi?id=61585
9626 Crash running regexp /(?:(?=g))|(?:m).{2147483648,}/
9628 This is due to use of int instead of unsigned, bad math around
9631 * yarr/YarrInterpreter.cpp:
9632 (JSC::Yarr::ByteCompiler::emitDisjunction):
9633 - Change some uses of int to unsigned, refactor compare logic to
9634 restrict to the range 0..2^32-1 (rather than -2^32-1..2^32-1).
9636 (JSC::Yarr::YarrGenerator::generate):
9637 (JSC::Yarr::YarrGenerator::backtrack):
9640 2011-07-31 Matt Lilek <mlilek@apple.com>
9642 <rdar://problem/9739059> iOS: CVE-2011-2354: REGRESSION (r82516): SecuritySaver: *exploitable* OOB read in WebCore::ImageBufferData::getData (61135)
9644 Merge OpenSource r87103.
9646 2011-05-23 Matthew Delaney <mdelaney@apple.com>
9648 Reviewed by Simon Fraser.
9650 Remove safeFloatToInt() in FloatRect.cpp and replace with working version of clampToInteger()
9651 https://bugs.webkit.org/show_bug.cgi?id=58216
9655 (clampToPositiveInteger):
9657 2011-08-10 Oliver Hunt <oliver@apple.com>
9659 <rdar://problem/9913449> REGRESSION: stringByEvaluatingJavaScriptFromString returns parameter passed to function instead of return value
9661 Merge WebKit TOT r92785
9663 2011-08-10 Oliver Hunt <oliver@apple.com>
9665 JSEvaluteScript does not return the correct object when given JSONP data
9666 https://bugs.webkit.org/show_bug.cgi?id=66003
9668 Reviewed by Gavin Barraclough.
9670 Make sure we propagate the result of the function call rather than the
9673 * interpreter/Interpreter.cpp:
9674 (JSC::Interpreter::execute):
9676 2011-08-08 Oliver Hunt <oliver@apple.com>
9678 <rdar://problem/9910251> Unable to free up JIT code due to guard pages
9680 Marge WebKit TOT r92635
9682 2011-08-08 Oliver Hunt <oliver@apple.com>
9684 Using mprotect to create guard pages breaks our use of madvise to release executable memory
9685 https://bugs.webkit.org/show_bug.cgi?id=65870
9687 Reviewed by Gavin Barraclough.
9689 Use mmap rather than mprotect to clear guard page permissions.
9691 * wtf/OSAllocatorPosix.cpp:
9692 (WTF::OSAllocator::reserveAndCommit):
9694 2011-08-07 Pratik Solanki <psolanki@apple.com>
9696 <rdar://problem/9884604> Should clean up JIT code when we get a memory warning
9698 Reviewed by Oliver Hunt.
9700 * JavaScriptCore.exp: Export JSGlobalData::recompileAllJSFunctions
9702 2011-08-06 Dan Bernstein <mitz@apple.com>
9704 Reviewed by Andy Estes.
9706 <rdar://problem/9909069> AtomicString::fromUTF8Internal() is not taking the AtomicString table lock
9708 * wtf/text/AtomicString.cpp:
9709 (WTF::AtomicString::fromUTF8Internal): Take the lock before calling addToStringTable().
9711 2011-08-04 Joseph Pecoraro <joepeck@webkit.org>
9713 Reviewed by David Carson.
9715 <rdar://problem/9795993> Remote Inspector: breakpoint hit inside touchend event prevents Safari from refreshing
9717 * wtf/MainThread.cpp:
9718 (WTF::setMainThreadCallbacksPaused): This is called when pausing
9719 JavaScript and is fine to call as long as the WebThread is locked.
9721 2011-07-28 Oliver Hunt <oliver@apple.com>
9723 <rdar://problem/9897283> Interpreter can potentially GC in the middle of initializing a structure chain (https://bugs.webkit.org/show_bug.cgi?id=65638)
9725 Merge WebKit TOT r92393
9727 2011-08-04 Mark Hahnenberg <mhahnenberg@apple.com>
9729 Interpreter can potentially GC in the middle of initializing a structure chain
9730 https://bugs.webkit.org/show_bug.cgi?id=65638
9732 Reviewed by Oliver Hunt.
9734 Moved the allocation of a prototype StructureChain before the initialization of
9735 the structure chain within the interpreter that was causing intermittent GC crashes.
9737 * interpreter/Interpreter.cpp:
9738 (JSC::Interpreter::tryCachePutByID):
9740 2011-08-02 Dan Bernstein <mitz@apple.com>
9742 Reviewed by Simon Fraser.
9744 <rdar://problem/9394430> WebKit can't show these emoji glyphs 1⃣2⃣3⃣4⃣5⃣6⃣7⃣ correctly unless proper font is being specified
9746 * wtf/unicode/CharacterNames.h: Added a constant for U+20E3 COMBINING ENCLOSING KEYCAP.
9748 2011-07-29 David Kilzer <ddkilzer@apple.com>
9750 <rdar://problem/9864012> Clean up compiler settings (ANGLE project doesn't specify compiler correctly)
9752 Reviewed by Joseph Pecoraro.
9754 * Configurations/CompilerVersion.xcconfig: Build Development
9755 and Development_Hardware configurations using clang.
9756 Deployment, Deployment_Hardware, Production_Deployment and
9757 Production_Hardware configurations still use llvm-gcc-4.2.
9759 2011-07-28 Oliver Hunt <oliver@apple.com>
9761 Reviewed by Joe Pecoraro.
9763 <rdar://problem/9859981> Remove accidentally committed ASSERT from interpreter
9765 Remove bogus assertion.
9767 * interpreter/Interpreter.cpp:
9768 (JSC::Interpreter::execute):
9770 2011-07-27 Oliver Hunt <oliver@apple.com>
9772 <rdar://problem/9826969> CRASH after running out of executable memory @ washingtonpost.com
9774 Merge WebKit TOT r91871
9776 2011-07-27 Oliver Hunt <oliver@apple.com>
9778 Handle callback oriented JSONP
9779 https://bugs.webkit.org/show_bug.cgi?id=65271
9781 Reviewed by Gavin Barraclough.
9783 Handle the callback oriented versions of JSONP. The Literal parser
9784 now handles <Identifier> (. <Identifier>)* (jsonData).
9786 * interpreter/Interpreter.cpp:
9787 (JSC::Interpreter::execute):
9788 * runtime/LiteralParser.cpp:
9789 (JSC::LiteralParser::tryJSONPParse):
9790 (JSC::LiteralParser::Lexer::lex):
9791 * runtime/LiteralParser.h:
9793 2011-07-26 Oliver Hunt <oliver@apple.com>
9795 <rdar://problem/9844317> preventExtensions on host functions crashes
9797 Merge WebKit TOT r90402 and r90404
9799 2011-07-05 Gavin Barraclough <barraclough@apple.com>
9801 Build fix following last patch.
9803 * runtime/JSFunction.cpp:
9804 (JSC::createPrototypeProperty):
9806 2011-07-05 Gavin Barraclough <barraclough@apple.com>
9808 https://bugs.webkit.org/show_bug.cgi?id=63947
9809 ASSERT running Object.preventExtensions(Math.sin)
9811 Reviewed by Oliver Hunt.
9813 This is due to calling scope() on a hostFunction as a part of
9814 calling createPrototypeProperty to reify the prototype property.
9815 But host functions don't have a prototype property anyway!
9817 Prevent callling createPrototypeProperty on a host function.
9819 * runtime/JSFunction.cpp:
9820 (JSC::JSFunction::createPrototypeProperty):
9821 (JSC::JSFunction::preventExtensions):
9824 2011-07-25 Andy Estes <aestes@apple.com>
9826 Reviewed by Darin Adler.
9828 <rdar://problem/9827302> Add a compile-time option to enable the HTTP inspector server on the device.
9830 * Configurations/FeatureDefines.xcconfig: Add ENABLE_HTTP_INSPECTOR_SERVER.
9832 2011-07-25 Pratik Solanki <psolanki@apple.com>
9834 <rdar://problem/8727143> Investigate moving to the C CFNetwork APIs
9836 Reviewed by David Carson.
9838 Re-enable USE(CFNETWORK) on iOS. The issues with gmail are not as severe as I had initially
9843 2011-07-25 Oliver Hunt <oliver@apple.com>
9845 <rdar://problem/9837878> export JSContextCreateBacktrace as SPI in JSContextRefPrivate.h
9847 Merge WebKit TOT r91627
9849 2011-07-22 Sommer Panage <panage@apple.com>
9851 Reviewed by Oliver Hunt.
9853 export JSContextCreateBacktrace as SPI in JSContextRefPrivate.h
9854 https://bugs.webkit.org/show_bug.cgi?id=64981
9856 UIAutomation for iOS would like to support a Javascript backtrace in our error logs.
9857 Currently, the C API does not provide the tools to do this. However, the private API
9858 does expose the necessary functionality to get a backtrace
9859 (via Interpreter::retrieveLastCaller). We recognize this information may result in
9860 failure in the cases of programs run by 'eval', stack frames beneath host function
9861 call frames, and in programs run from other programs. Thus, we propose exporting our
9862 JSContextCreateBacktrace in JSContextRefPrivate.h. This will provide us with the tools
9863 we need while not advertising an API that isn't really ready for full use.
9865 * API/JSContextRef.cpp:
9866 * API/JSContextRefPrivate.h:
9867 * JavaScriptCore.exp:
9869 2011-07-25 Jon Lee <jonlee@apple.com>
9871 Assertion called in ExecutableBase::generatedJITCodeForCall() when JIT is not available
9872 https://bugs.webkit.org/show_bug.cgi?id=65132
9873 <rdar://problem/9836297>
9875 Merge WebKit TOT r91706
9877 2011-07-25 Jon Lee <jonlee@apple.com>
9879 Reviewed by Oliver Hunt.
9881 Make sure the JIT is available to use before running the following calls:
9883 * bytecode/CodeBlock.cpp:
9884 (JSC::CodeBlock::unlinkCalls): Added check, return early if JIT is not available.
9885 * bytecode/CodeBlock.h:
9886 (JSC::CodeBlock::addMethodCallLinkInfos): Added assertion.
9888 2011-07-22 Pratik Solanki <psolanki@apple.com>
9890 Unreviewed. Disable USE(CFNETWORK) until we can fix issues with gmail <rdar://9826491>.
9894 2011-07-22 Pratik Solanki <psolanki@apple.com>
9896 <rdar://problem/8727143> Investigate moving to the C CFNetwork APIs
9898 Reviewed by David Carson.
9900 Enable USE(CFNETWORK) on iOS. Instead of using the Foundation based network loader in
9901 WebCore, we now use the CF based loader. This gives us around 3% perf win on the PLT power
9902 pages. While this is a big change, I have been living on versions of this change for over a
9903 week now. I have also run the stress test and not seen any issues related to this change.
9907 2011-07-19 Oliver Hunt <oliver@apple.com>
9909 <rdar://problem/9804094> API GC throws away compiled code; can cause pathological compilation churn
9911 Merge WebKit TOT r91401
9913 2011-07-20 Oliver Hunt <oliver@apple.com>
9915 Don't throw away code when JSGarbageCollect API is called
9916 https://bugs.webkit.org/show_bug.cgi?id=64894
9918 Reviewed by Sam Weinig.
9920 Just call collectAllGarbage. That will clean up all unneeded
9921 code without causing any pathological recompilation problems.
9926 2011-07-19 Oliver Hunt <oliver@apple.com>
9928 <rdar://problem/9734627> MarketDash crashed in JSC::slowValidateCell
9930 Merge WebKit TOT r91394
9932 2011-07-20 Oliver Hunt <oliver@apple.com>
9934 Codeblock doesn't visit cached structures in global resolve instructions
9935 https://bugs.webkit.org/show_bug.cgi?id=64889
9937 Reviewed by Sam Weinig.
9939 Visit the global resolve instructions. This fixes a couple
9940 of random crashes seen in the jquery tests when using the
9943 * bytecode/CodeBlock.cpp:
9944 (JSC::CodeBlock::visitAggregate):
9946 2011-07-19 Oliver Hunt <oliver@apple.com>
9948 <rdar://problem/9652614> Turn GC Validation off again
9950 Reviewed by Gavin Barraclough.
9952 Return GC validation to its normal debug only mode.
9956 2011-07-14 Michael Saboff <msaboff@apple.com>
9958 <rdar://problem/9776826> Optimise performance of .*string.* regexps in browser mark
9960 Merge WebKit TOT r90962
9962 2011-07-13 Michael Saboff <msaboff@apple.com>
9964 https://bugs.webkit.org/show_bug.cgi?id=64202
9965 Enh: Improve handling of RegExp in the form of /.*blah.*/
9967 Reviewed by Gavin Barraclough.
9969 Added code to both the Yarr interpreter and JIT to handle
9970 these expressions a little differently. First off, the terms
9971 in between the leading and trailing .*'s cannot capture and
9972 also this enhancement is limited to single alternative expressions.
9973 If an expression is of the right form with the aforementioned
9974 restrictions, we process the inner terms and then look for the
9975 beginning of the string and end of the string. There is handling
9976 for multiline expressions to allow the beginning and end to be
9977 right after and right before newlines.
9979 This enhancement speeds up expressions of this type 12x on
9982 Cleaned up 'case' statement indentation.
9984 A new set of tests was added as LayoutTests/fast/regex/dotstar.html
9986 * yarr/YarrInterpreter.cpp:
9987 (JSC::Yarr::Interpreter::InputStream::end):
9988 (JSC::Yarr::Interpreter::matchDotStarEnclosure):
9989 (JSC::Yarr::Interpreter::matchDisjunction):
9990 (JSC::Yarr::ByteCompiler::assertionDotStarEnclosure):
9991 (JSC::Yarr::ByteCompiler::emitDisjunction):
9992 * yarr/YarrInterpreter.h:
9993 (JSC::Yarr::ByteTerm::DotStarEnclosure):
9995 (JSC::Yarr::YarrGenerator::generateDotStarEnclosure):
9996 (JSC::Yarr::YarrGenerator::backtrackDotStarEnclosure):
9997 (JSC::Yarr::YarrGenerator::generateTerm):
9998 (JSC::Yarr::YarrGenerator::backtrackTerm):
9999 * yarr/YarrPattern.cpp:
10000 (JSC::Yarr::YarrPatternConstructor::setupAlternativeOffsets):
10001 (JSC::Yarr::YarrPatternConstructor::containsCapturingTerms):
10002 (JSC::Yarr::YarrPatternConstructor::optimizeDotStarWrappedExpressions):
10003 (JSC::Yarr::YarrPattern::compile):
10004 * yarr/YarrPattern.h:
10005 (JSC::Yarr::PatternTerm::PatternTerm):
10007 2011-07-12 Oliver Hunt <oliver@apple.com>
10009 <rdar://problem/9760209> ASSERT_GC_OBJECT_INHERITS failure loading sportscheck.com
10011 Marge TOT WebKit r90875
10013 2011-07-12 Oliver Hunt <oliver@apple.com>
10015 Overzealous type validation in method_check
10016 https://bugs.webkit.org/show_bug.cgi?id=64415
10018 Reviewed by Gavin Barraclough.
10020 method_check is essentially just a value look up
10021 optimisation, but it internally stores the value
10022 as a JSFunction, even though it never relies on
10023 this fact. Under GC validation however we end up
10024 trying to enforce that assumption. The fix is
10025 simply to store the value as a correct supertype.
10027 * bytecode/CodeBlock.h:
10028 * dfg/DFGRepatch.cpp:
10029 (JSC::DFG::dfgRepatchGetMethodFast):
10030 (JSC::DFG::tryCacheGetMethod):
10032 * jit/JITPropertyAccess.cpp:
10033 (JSC::JIT::patchMethodCallProto):
10034 * jit/JITStubs.cpp:
10035 (JSC::DEFINE_STUB_FUNCTION):
10037 2011-07-08 Dan Bernstein <mitz@apple.com>
10039 Some preparation for <rdar://problem/9394430> WebKit can't show these emoji glyphs correctly unless proper font is being specified
10041 Merged TOT WebKit r88477.
10043 2011-06-09 Dan Bernstein <mitz@apple.com>
10045 Reviewed by Anders Carlsson.
10047 Add Vector::reverse()
10048 https://bugs.webkit.org/show_bug.cgi?id=62393
10051 (WTF::Vector::reverse): Added
10053 2011-07-07 Oliver Hunt <oliver@apple.com>
10055 <rdar://problem/9147974> 12% of nytimes.com uncached page load spent beneath JIT::privateCompile
10057 Merge WebKit TOT r90586
10059 2011-07-07 Oliver Hunt <oliver@apple.com>
10061 Encode jump and link sizes into the appropriate enums
10062 https://bugs.webkit.org/show_bug.cgi?id=64123
10064 Reviewed by Sam Weinig.
10066 Finally kill off the out of line jump and link size arrays,
10067 so we can avoid icky loads and constant fold the linking arithmetic.
10069 * assembler/ARMv7Assembler.cpp:
10070 * assembler/ARMv7Assembler.h:
10071 (JSC::ARMv7Assembler::jumpSizeDelta):
10072 (JSC::ARMv7Assembler::computeJumpType):
10074 2011-07-06 Oliver Hunt <oliver@apple.com>
10076 Reviewed by Pratik Solanki.
10078 <rdar://problem/9723249> core.caseware.com does not run correctly in telluride.
10080 The 32bit path for call code generation was not correctly setting
10081 the call type flag on its call info. This then caused us to link
10082 the wrong linking thunk when we unlinked a call site. This broke
10083 core.caseware.com due to memory pressure triggering our unlinking
10084 logic. After the fix for rdar://problem/9722210 we ended up
10085 using this unlinking logic much more often, so breaking a variety
10088 This isn't a ToT WebKit merge as ToT WebKit has some substantial
10089 refactoring to the call logic so a straight merge would be pointless.
10091 Equivalent ToT WebKit change was part of
10092 https://bugs.webkit.org/show_bug.cgi?id=63980
10093 http://trac.webkit.org/changeset/90443
10095 * jit/JITCall32_64.cpp:
10096 (JSC::JIT::compileOpCall):
10098 2011-07-05 David Kilzer <ddkilzer@apple.com>
10100 Switch to using llvm-gcc-4.2 when compiling for the iOS Simulator
10102 Reviewed by Paul Knight.
10104 Fixes: <rdar://problem/9723537> SWB: JavaScriptCore_Sim hardcodes use of (soon-to-be-obsolete) gcc-4.2
10106 * Configurations/CompilerVersion.xcconfig:
10107 (TARGET_GCC_VERSION_iphonesimulator): Switched to LLVM_GCC_42.
10109 2011-07-05 Oliver Hunt <oliver@apple.com>
10111 <rdar://problem/9147974> 12% of nytimes.com uncached page load spent beneath JIT::privateCompile
10113 Merge WebKit TOT r90426
10115 2011-07-05 Oliver Hunt <oliver@apple.com>
10117 Force inlining of simple functions that show up as not being inlined
10118 https://bugs.webkit.org/show_bug.cgi?id=63964
10120 Reviewed by Gavin Barraclough.
10122 Looking at profile data indicates the gcc is failing to inline a
10123 number of trivial functions. This patch hits the ones that show
10124 up in profiles with the ALWAYS_INLINE hammer.
10126 We also replace the memcpy() call in linking with a manual loop.
10127 Apparently memcpy() is almost never faster than an inlined loop.
10129 * assembler/ARMv7Assembler.h:
10130 (JSC::ARMv7Assembler::add):
10131 (JSC::ARMv7Assembler::add_S):
10132 (JSC::ARMv7Assembler::ARM_and):
10133 (JSC::ARMv7Assembler::asr):
10134 (JSC::ARMv7Assembler::b):
10135 (JSC::ARMv7Assembler::blx):
10136 (JSC::ARMv7Assembler::bx):
10137 (JSC::ARMv7Assembler::clz):
10138 (JSC::ARMv7Assembler::cmn):
10139 (JSC::ARMv7Assembler::cmp):
10140 (JSC::ARMv7Assembler::eor):
10141 (JSC::ARMv7Assembler::it):
10142 (JSC::ARMv7Assembler::ldr):
10143 (JSC::ARMv7Assembler::ldrCompact):
10144 (JSC::ARMv7Assembler::ldrh):
10145 (JSC::ARMv7Assembler::ldrb):
10146 (JSC::ARMv7Assembler::lsl):
10147 (JSC::ARMv7Assembler::lsr):
10148 (JSC::ARMv7Assembler::movT3):
10149 (JSC::ARMv7Assembler::mov):
10150 (JSC::ARMv7Assembler::movt):
10151 (JSC::ARMv7Assembler::mvn):
10152 (JSC::ARMv7Assembler::neg):
10153 (JSC::ARMv7Assembler::orr):
10154 (JSC::ARMv7Assembler::orr_S):
10155 (JSC::ARMv7Assembler::ror):
10156 (JSC::ARMv7Assembler::smull):
10157 (JSC::ARMv7Assembler::str):
10158 (JSC::ARMv7Assembler::sub):
10159 (JSC::ARMv7Assembler::sub_S):
10160 (JSC::ARMv7Assembler::tst):
10161 (JSC::ARMv7Assembler::linkRecordSourceComparator):
10162 (JSC::ARMv7Assembler::link):
10163 (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp5Reg3Imm8):
10164 (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp5Imm5Reg3Reg3):
10165 (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp7Reg3Reg3Reg3):
10166 (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp8Imm8):
10167 (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp8RegReg143):
10168 (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp9Imm7):
10169 (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp10Reg3Reg3):
10170 (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp12Reg4FourFours):
10171 (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp16FourFours):
10172 (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp16Op16):
10173 (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp5i6Imm4Reg4EncodedImm):
10174 (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp12Reg4Reg4Imm12):
10175 (JSC::ARMv7Assembler::ARMInstructionFormatter::vfpOp):
10176 (JSC::ARMv7Assembler::ARMInstructionFormatter::vfpMemOp):
10177 * assembler/LinkBuffer.h:
10178 (JSC::LinkBuffer::linkCode):
10179 * assembler/MacroAssemblerARMv7.h:
10180 (JSC::MacroAssemblerARMv7::nearCall):
10181 (JSC::MacroAssemblerARMv7::call):
10182 (JSC::MacroAssemblerARMv7::ret):
10183 (JSC::MacroAssemblerARMv7::moveWithPatch):
10184 (JSC::MacroAssemblerARMv7::branchPtrWithPatch):
10185 (JSC::MacroAssemblerARMv7::storePtrWithPatch):
10186 (JSC::MacroAssemblerARMv7::tailRecursiveCall):
10187 (JSC::MacroAssemblerARMv7::makeTailRecursiveCall):
10188 (JSC::MacroAssemblerARMv7::jump):
10189 (JSC::MacroAssemblerARMv7::makeBranch):
10191 2011-07-05 Oliver Hunt <oliver@apple.com>
10193 <rdar://problem/9722210> Don't recompile repeatedly during page loading
10195 Merge WebKit TOT r90415
10197 2011-07-05 Oliver Hunt <oliver@apple.com>
10199 Don't throw out compiled code repeatedly
10200 https://bugs.webkit.org/show_bug.cgi?id=63960
10202 Reviewed by Gavin Barraclough.
10204 Stop throwing away all compiled code every time
10205 we're told to do a full GC. Instead unlink all
10206 callsites during such GC passes to maximise the
10207 number of collectable functions, but otherwise
10208 leave compiled functions alone.
10211 (JSGarbageCollect):
10212 * bytecode/CodeBlock.cpp:
10213 (JSC::CodeBlock::visitAggregate):
10215 (JSC::Heap::collectAllGarbage):
10216 * heap/MarkStack.h:
10217 (JSC::MarkStack::shouldUnlinkCalls):
10218 (JSC::MarkStack::setShouldUnlinkCalls):
10219 * runtime/JSGlobalData.cpp:
10220 (JSC::JSGlobalData::recompileAllJSFunctions):
10221 (JSC::JSGlobalData::releaseExecutableMemory):
10222 * runtime/RegExp.cpp:
10223 (JSC::RegExp::compile):
10224 (JSC::RegExp::invalidateCode):
10225 * runtime/RegExp.h:
10227 2011-07-01 Oliver Hunt <oliver@apple.com>
10229 <rdar://problem/9706758> IE Web Workers demo crashes in JSC::SlotVisitor::visitChildren() (63732)
10231 Merge WebKit ToT r90282
10233 2011-07-01 Oliver Hunt <oliver@apple.com>
10235 IE Web Workers demo crashes in JSC::SlotVisitor::visitChildren()
10236 https://bugs.webkit.org/show_bug.cgi?id=63732
10238 Reviewed by Gavin Barraclough.
10240 Initialise the memory at the head of the new storage so that
10241 GC is safe if triggered by reportExtraMemoryCost.
10243 * runtime/JSArray.cpp:
10244 (JSC::JSArray::increaseVectorPrefixLength):
10246 2011-07-01 Oliver Hunt <oliver@apple.com>
10248 <rdar://problem/9655973> GC allocation sequencing can be incorrect
10250 Merge WebKit ToT r90273
10252 2011-07-01 Oliver Hunt <oliver@apple.com>
10254 GC sweep can occur before an object is completely initialised
10255 https://bugs.webkit.org/show_bug.cgi?id=63836
10257 Reviewed by Gavin Barraclough.
10259 In rare cases it's possible for a GC sweep to occur while a
10260 live, but not completely initialised object is on the stack.
10261 In such a case we may incorrectly choose to mark it, even
10262 though it has no children that need marking.
10264 We resolve this by always zeroing out the structure of any
10265 value returned from JSCell::operator new(), and making the
10266 markstack tolerant of a null structure.
10268 * runtime/JSCell.h:
10269 (JSC::JSCell::JSCell::~JSCell):
10270 (JSC::JSCell::JSCell::operator new):
10271 * runtime/Structure.h:
10272 (JSC::MarkStack::internalAppend):
10274 2011-07-01 David Kilzer <ddkilzer@apple.com>
10276 <rdar://problem/9674091> JavaScriptCore should build for armv7f and armv7s
10278 Reviewed by David Carson.
10280 Original patch by Denis Palmans <dpalmans@apple.com>.
10282 * Configurations/Base.xcconfig: Don't override VALID_ARCHS when
10283 building for iphoneos or iphonesimulator SDKs. This keeps the
10284 original value of VALID_ARCHS and only adds platform-specific
10286 * Configurations/JavaScriptCore.xcconfig: Added support for
10287 armv7f and armv7s when setting JSVALUE_MODEL.
10288 * wtf/Platform.h: Make sure WTF_ARM_ARCH_VERSION and
10289 WTF_THUMB_ARCH_VERSION are set for armv7f and armv7s.
10291 2011-07-01 Oliver Hunt <oliver@apple.com>
10293 Debug build fix. Apparently I didn't do a debug build
10294 following one of yesterdays merges.
10297 (JSC::Heap::getConservativeRegisterRoots):
10299 2011-07-01 David Kilzer <ddkilzer@apple.com>
10301 Fix clang build error in JITOpcodes32_64.cpp
10303 Merge ToT WebKit r90232.
10305 2011-07-01 David Kilzer <ddkilzer@apple.com>
10307 <http://webkit.org/b/63814> Fix clang build error in JITOpcodes32_64.cpp
10309 Fixes the following build error in clang:
10311 JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36:{741:9-741:35}: error: operator '?:' has lower precedence than '+'; '+' will be evaluated first [-Werror,-Wparentheses,3]
10312 map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0);
10313 ~~~~~~~~~~~~~~~~~~~~~~~~~~ ^
10314 JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36: note: place parentheses around the '+' expression to silence this warning [3]
10315 map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0);
10318 fix-it:"JavaScriptCore/jit/JITOpcodes32_64.cpp":{741:9-741:9}:"("
10319 fix-it:"JavaScriptCore/jit/JITOpcodes32_64.cpp":{741:35-741:35}:")"
10320 JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36:{741:28-741:94}: note: place parentheses around the '?:' expression to evaluate it first [3]
10321 map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0);
10322 ~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
10325 * jit/JITOpcodes32_64.cpp:
10326 (JSC::JIT::emit_op_resolve_global): Add parenthesis to make the
10327 tertiary expression evaluate first.
10329 2011-06-30 Oliver Hunt <oliver@apple.com>
10331 <rdar://problem/9665160> ASSERT in JSC::JITCode::size() when running non-JIT enabled scripter
10333 Merge WebKit ToT r89964
10335 2011-06-28 Oliver Hunt <oliver@apple.com>
10337 Reviewed by Gavin Barraclough.
10339 ASSERT when launching debug builds with interpreter and jit enabled
10340 https://bugs.webkit.org/show_bug.cgi?id=63566
10342 Add appropriate guards to the various Executable's memory reporting
10345 * runtime/Executable.cpp:
10346 (JSC::EvalExecutable::compileInternal):
10347 (JSC::ProgramExecutable::compileInternal):
10348 (JSC::FunctionExecutable::compileForCallInternal):
10349 (JSC::FunctionExecutable::compileForConstructInternal):
10351 2011-06-30 Oliver Hunt <oliver@apple.com>
10353 <rdar://problem/8961198> Crashes seen after running out of executable memory
10355 Merge WebKit ToT r89630, r89885, r89887
10357 2011-06-27 Ryosuke Niwa <rniwa@webkit.org>
10359 Build fix attempt after r89885.
10361 * JavaScriptCore.exp:
10364 2011-06-27 Oliver Hunt <oliver@apple.com>
10366 Reviewed by Geoffrey Garen.
10368 Support throwing away non-running code even while other code is running
10369 https://bugs.webkit.org/show_bug.cgi?id=63485
10371 Add a function to CodeBlock to support unlinking direct linked callsites,
10372 and then with that in place add logic to discard code from any function
10373 that is not currently on the stack.
10375 The unlinking completely reverts any optimized call sites, such that they
10376 may be relinked again in future.
10378 * JavaScriptCore.exp:
10379 * bytecode/CodeBlock.cpp:
10380 (JSC::CodeBlock::unlinkCalls):
10381 (JSC::CodeBlock::clearEvalCache):
10382 * bytecode/CodeBlock.h:
10383 (JSC::CallLinkInfo::CallLinkInfo):
10384 (JSC::CallLinkInfo::unlink):
10385 * bytecode/EvalCodeCache.h:
10386 (JSC::EvalCodeCache::clear):
10388 (JSC::Heap::getConservativeRegisterRoots):
10391 (JSC::JIT::privateCompile):
10394 (JSC::JIT::compileOpCall):
10395 * jit/JITWriteBarrier.h:
10396 (JSC::JITWriteBarrierBase::clear):
10398 (GlobalObject::GlobalObject):
10399 (functionReleaseExecutableMemory):
10400 * runtime/Executable.cpp:
10401 (JSC::EvalExecutable::unlinkCalls):
10402 (JSC::ProgramExecutable::unlinkCalls):
10403 (JSC::FunctionExecutable::discardCode):
10404 (JSC::FunctionExecutable::unlinkCalls):
10405 * runtime/Executable.h:
10406 * runtime/JSGlobalData.cpp:
10407 (JSC::SafeRecompiler::returnValue):
10408 (JSC::SafeRecompiler::operator()):
10409 (JSC::JSGlobalData::releaseExecutableMemory):
10411 2011-06-23 Oliver Hunt <oliver@apple.com>
10413 Reviewed by Gavin Barraclough.
10415 Add the ability to dynamically modify linked call sites
10416 https://bugs.webkit.org/show_bug.cgi?id=63291
10418 Add JITWriteBarrier as a writebarrier class that allows
10419 reading and writing directly into the code stream.
10421 This required adding logic to all the assemblers to allow
10422 us to read values back out of the instruction stream.
10424 * JavaScriptCore.xcodeproj/project.pbxproj:
10425 * assembler/ARMAssembler.h:
10426 (JSC::ARMAssembler::readPointer):
10427 * assembler/ARMv7Assembler.h:
10428 (JSC::ARMv7Assembler::readPointer):
10429 (JSC::ARMv7Assembler::readInt32):
10430 (JSC::ARMv7Assembler::decodeTwoWordOp5i6Imm4Reg4EncodedImmFirst):
10431 (JSC::ARMv7Assembler::decodeTwoWordOp5i6Imm4Reg4EncodedImmSecond):
10432 * assembler/AbstractMacroAssembler.h:
10433 (JSC::AbstractMacroAssembler::readPointer):
10434 * assembler/MIPSAssembler.h:
10435 (JSC::MIPSAssembler::readInt32):
10436 (JSC::MIPSAssembler::readPointer):
10437 * assembler/MacroAssemblerCodeRef.h:
10438 (JSC::MacroAssemblerCodePtr::operator!):
10439 * assembler/SH4Assembler.h:
10440 (JSC::SH4Assembler::readPCrelativeAddress):
10441 (JSC::SH4Assembler::readPointer):
10442 (JSC::SH4Assembler::readInt32):
10443 * assembler/X86Assembler.h:
10444 (JSC::X86Assembler::readPointer):
10445 * bytecode/CodeBlock.cpp:
10446 (JSC::CodeBlock::visitAggregate):
10447 * bytecode/CodeBlock.h:
10448 (JSC::MethodCallLinkInfo::seenOnce):
10449 (JSC::MethodCallLinkInfo::setSeen):
10450 * heap/MarkStack.h:
10452 (JSC::JIT::privateCompile):
10453 (JSC::JIT::linkCall):
10454 (JSC::JIT::linkConstruct):
10455 * jit/JITPropertyAccess.cpp:
10456 (JSC::JIT::patchMethodCallProto):
10457 * jit/JITPropertyAccess32_64.cpp:
10458 * jit/JITWriteBarrier.h: Added.
10459 (JSC::JITWriteBarrierBase::operator UnspecifiedBoolType*):
10460 (JSC::JITWriteBarrierBase::operator!):
10461 (JSC::JITWriteBarrierBase::setFlagOnBarrier):
10462 (JSC::JITWriteBarrierBase::isFlagged):
10463 (JSC::JITWriteBarrierBase::setLocation):
10464 (JSC::JITWriteBarrierBase::location):
10465 (JSC::JITWriteBarrierBase::JITWriteBarrierBase):
10466 (JSC::JITWriteBarrierBase::set):
10467 (JSC::JITWriteBarrierBase::get):
10468 (JSC::JITWriteBarrier::JITWriteBarrier):
10469 (JSC::JITWriteBarrier::set):
10470 (JSC::JITWriteBarrier::get):
10471 (JSC::MarkStack::append):
10473 2011-06-30 Oliver Hunt <oliver@apple.com>
10475 <rdar://problem/8913432> Crash after running out of executable memory @ syntensity.com python simulator (requires 33.7MB for large array literals)
10477 Merge WebKit ToT r89954, r89959
10479 2011-06-28 Oliver Hunt <oliver@apple.com>
10481 Fix interpreter build.
10483 * interpreter/Interpreter.cpp:
10484 (JSC::Interpreter::privateExecute):
10486 2011-06-28 Oliver Hunt <oliver@apple.com>
10488 Reviewed by Gavin Barraclough.
10490 Make constant array optimisation less strict about what constitutes a constant
10491 https://bugs.webkit.org/show_bug.cgi?id=63554
10493 Now allow string constants in array literals to actually be considered constant,
10494 and so avoid codegen in array literals with strings in them.
10496 * bytecode/CodeBlock.h:
10497 (JSC::CodeBlock::addConstantBuffer):
10498 (JSC::CodeBlock::constantBuffer):
10499 * bytecompiler/BytecodeGenerator.cpp:
10500 (JSC::BytecodeGenerator::addConstantBuffer):
10501 (JSC::BytecodeGenerator::addStringConstant):
10502 (JSC::BytecodeGenerator::emitNewArray):
10503 * bytecompiler/BytecodeGenerator.h:
10504 * interpreter/Interpreter.cpp:
10505 (JSC::Interpreter::privateExecute):
10506 * jit/JITStubs.cpp:
10507 (JSC::DEFINE_STUB_FUNCTION):
10509 2011-06-30 Oliver Hunt <oliver@apple.com>
10511 <rdar://problem/8940085> Stress Test Crash: JavaScriptCore: JSC::RegExp::match(JSC::UString const&, int, WTF::Vector<int, 32ul>*) (RefPtr.h:60)
10513 Merge WebKit TOT r89729
10515 2011-06-24 Michael Saboff <msaboff@apple.com>
10517 Reviewed by Gavin Barraclough.
10519 Arm Assembler, Immediate stack offset values truncated to 8 bits for add & sub
10520 https://bugs.webkit.org/show_bug.cgi?id=63345
10522 The methods ARMThumbImmediate::getUInt9 and ARMThumbImmediate::getUInt10
10523 return 9 and 10 bit quantities, therefore changed their return type from
10524 uint8_t to uint16_t. Also casted the places where they are used as they
10525 are currently shifted and used as 7 or 8 bit values.
10527 These methods are currently used for literals for stack offsets,
10528 including creating and destroying stack frames. The prior truncation of
10529 the upper bits caused stack frames to be too small, thus allowing a
10530 JIT'ed function to access and overwrite stack space outside of the
10531 incorrectly sized stack frame.
10533 * assembler/ARMv7Assembler.h:
10534 (JSC::ARMThumbImmediate::getUInt9):
10535 (JSC::ARMThumbImmediate::getUInt10):
10536 (JSC::ARMv7Assembler::add):
10537 (JSC::ARMv7Assembler::ldr):
10538 (JSC::ARMv7Assembler::str):
10539 (JSC::ARMv7Assembler::sub):
10540 (JSC::ARMv7Assembler::sub_S):
10542 2011-06-21 Oliver Hunt <oliver@apple.com>
10544 Reviewed by Dave Carson and Geoff Garen.
10546 <rdar://problem/9473586> Crash in JSC::Structure::visitChildren running AdSheet tests
10548 Enabling GC validation for all builds to once again try
10549 to track down some of GC crashers.
10551 Turning validation off again is tracked by:
10552 <rdar://problem/9652614> Turn GC Validation off again
10556 2011-06-20 Oliver Hunt <oliver@apple.com>
10558 <rdar://problem/8938997> Crash after running out of executable memory @ apidock.com (requires 13.1MB for JSONP)
10560 Merge WebKit TOT r89219, r89226, r89228
10562 2011-06-19 Oliver Hunt <oliver@apple.com>
10564 Reviewed by Sam Weinig.
10566 Correct logic for putting errors on the correct line when handling JSONP
10567 https://bugs.webkit.org/show_bug.cgi?id=62962
10569 Minor fix for the minor fix. *sigh*
10571 * interpreter/Interpreter.cpp:
10572 (JSC::Interpreter::execute):
10574 2011-06-19 Oliver Hunt <oliver@apple.com>
10576 Minor fix to correct layout test results.
10578 * interpreter/Interpreter.cpp:
10579 (JSC::Interpreter::execute):
10581 2011-06-17 Oliver Hunt <oliver@apple.com>
10583 Reviewed by Gavin Barraclough.
10585 JSONP is unnecessarily slow
10586 https://bugs.webkit.org/show_bug.cgi?id=62920
10588 JSONP has unfortunately become a fairly common idiom online, yet
10589 it triggers very poor performance in JSC as we end up doing codegen
10590 for a large number of property accesses that will
10591 * only be run once, so the vast amount of logic we dump to handle
10592 caching of accesses is unnecessary.
10593 * We are doing codegen that is directly proportional to just
10594 creating the object in the first place.
10596 This patch extends the use of the literal parser to JSONP-like structures
10597 in global code, handling a number of different forms I have seen online.
10598 In an extreme case this improves performance of JSONP by more than 2x
10599 due to removal of code generation and execution time, and a few optimisations
10600 that I made to the parser itself.
10602 * API/JSValueRef.cpp:
10603 (JSValueMakeFromJSONString):
10604 * interpreter/Interpreter.cpp:
10605 (JSC::Interpreter::callEval):
10606 (JSC::Interpreter::execute):
10607 * parser/Lexer.cpp:
10608 (JSC::Lexer::isKeyword):
10610 * runtime/JSGlobalObjectFunctions.cpp:
10611 (JSC::globalFuncEval):
10612 * runtime/JSONObject.cpp:
10613 (JSC::JSONProtoFuncParse):
10614 * runtime/LiteralParser.cpp:
10615 (JSC::LiteralParser::tryJSONPParse):
10616 (JSC::LiteralParser::makeIdentifier):
10617 (JSC::LiteralParser::Lexer::lex):
10618 (JSC::LiteralParser::Lexer::next):
10619 (JSC::isSafeStringCharacter):
10620 (JSC::LiteralParser::Lexer::lexString):
10621 (JSC::LiteralParser::Lexer::lexNumber):
10622 (JSC::LiteralParser::parse):
10623 * runtime/LiteralParser.h:
10624 (JSC::LiteralParser::LiteralParser):
10625 (JSC::LiteralParser::tryLiteralParse):
10626 (JSC::LiteralParser::Lexer::Lexer):
10628 2011-06-17 Simon Fraser <simon.fraser@apple.com>
10630 <rdar://problem/9632485> ASSERT(m_codeEnd - m_code >= maxTokenLength) loading nytimes.com
10632 Merge WebKit ToT r88082.
10634 2011-06-03 Oliver Hunt <oliver@apple.com>
10636 Whoops, fix last minute bug.
10638 * parser/Lexer.cpp:
10639 (JSC::Lexer::parseIdentifier):
10641 2011-06-16 Oliver Hunt <oliver@apple.com>
10643 <rdar://problem/9626197> JS API is too aggressive about throwing exceptions for NULL get or set operations (61678)
10645 Merged TOT WebKit r87588
10647 2011-05-27 Geoffrey Garen <ggaren@apple.com>
10649 Reviewed by Oliver Hunt.
10651 JS API is too aggressive about throwing exceptions for NULL get or set operations
10652 https://bugs.webkit.org/show_bug.cgi?id=61678
10654 * API/JSCallbackObject.h: Changed our staticValueGetter to a regular
10655 function that returns a JSValue, so it can fail and still forward to
10656 normal property lookup.
10658 * API/JSCallbackObjectFunctions.h:
10659 (JSC::::getOwnPropertySlot): Don't throw an exception when failing to
10660 access a static property -- just forward the access. This allows objects
10661 to observe get/set operations but still let the JS object manage lifetime.
10663 (JSC::::put): Ditto.
10665 (JSC::::getStaticValue): Same as JSCallbackObject.h.
10667 * API/tests/testapi.c:
10668 (MyObject_set_nullGetForwardSet):
10669 * API/tests/testapi.js: Updated tests to reflect slightly less strict
10670 behavior, which matches headerdoc claims.
10672 2011-06-16 Oliver Hunt <oliver@apple.com>
10674 <rdar://problem/9626170> Property caching is too aggressive for API objects (61677)
10676 Merged TOT WebKit r87586
10678 2011-05-27 Geoffrey Garen <ggaren@apple.com>
10680 Reviewed by Oliver Hunt.
10682 Property caching is too aggressive for API objects
10683 https://bugs.webkit.org/show_bug.cgi?id=61677
10685 * API/JSCallbackObject.h: Opt in to ProhibitsPropertyCaching, since our
10686 callback APIs allow the client to change its mind about our propertis at
10689 * API/tests/testapi.c:
10690 (PropertyCatchalls_getProperty):
10691 (PropertyCatchalls_setProperty):
10692 (PropertyCatchalls_getPropertyNames):
10693 (PropertyCatchalls_class):
10695 * API/tests/testapi.js: Some tests for dynamic API objects.
10697 * interpreter/Interpreter.cpp:
10698 (JSC::Interpreter::tryCachePutByID):
10699 (JSC::Interpreter::tryCacheGetByID):
10700 * jit/JITStubs.cpp:
10701 (JSC::JITThunks::tryCachePutByID):
10702 (JSC::JITThunks::tryCacheGetByID):
10703 (JSC::DEFINE_STUB_FUNCTION): Opt out of property caching if the client
10706 * runtime/JSTypeInfo.h:
10707 (JSC::TypeInfo::TypeInfo):
10708 (JSC::TypeInfo::isFinal):
10709 (JSC::TypeInfo::prohibitsPropertyCaching):
10710 (JSC::TypeInfo::flags): Added a flag to track opting out of property
10711 caching. Fixed an "&&" vs "&" typo that was previously harmless, but
10712 is now harmful since m_flags2 can have more than one bit set.
10714 2011-06-16 Oliver Hunt <oliver@apple.com>
10716 <rdar://problem/8913432> Crash after running out of executable memory @ syntensity.com python simulator (requires 33.7MB for large array literals)
10718 Merged TOT WebKit r88873, r88962, r89058
10720 2011-06-15 Oliver Hunt <oliver@apple.com>
10722 Reviewed by Geoffrey Garen.
10724 Reduce memory usage of resolve_global
10725 https://bugs.webkit.org/show_bug.cgi?id=62765
10727 If we have a large number of resolve_globals in a single
10728 block start planting plain resolve instructions instead
10729 whenever we aren't in a loop. This allows us to reduce
10730 the code size for extremely large functions without
10731 losing the performance benefits of op_resolve_global.
10733 * bytecode/CodeBlock.h:
10734 (JSC::CodeBlock::globalResolveInfoCount):
10735 * bytecompiler/BytecodeGenerator.cpp:
10736 (JSC::BytecodeGenerator::shouldAvoidResolveGlobal):
10737 (JSC::BytecodeGenerator::emitResolve):
10738 (JSC::BytecodeGenerator::emitResolveWithBase):
10739 * bytecompiler/BytecodeGenerator.h:
10741 2011-06-15 Oliver Hunt <oliver@apple.com>
10743 Reviewed by Sam Weinig.
10745 Reduce the size of global_resolve
10746 https://bugs.webkit.org/show_bug.cgi?id=62738
10748 Reduce the code size of global_resolve in the JIT by replacing
10749 multiple pointer loads with a single pointer move + two offset
10752 * jit/JITOpcodes.cpp:
10753 (JSC::JIT::emit_op_resolve_global):
10754 * jit/JITOpcodes32_64.cpp:
10755 (JSC::JIT::emit_op_resolve_global):
10757 2011-06-14 Oliver Hunt <oliver@apple.com>
10759 Reviewed by Gavin Barraclough.
10761 Constant array literals result in unnecessarily large amounts of code
10762 https://bugs.webkit.org/show_bug.cgi?id=62658
10764 Add a new version of op_new_array that simply copies values from a buffer
10765 we hang off of the CodeBlock, rather than generating code to place each
10766 entry into the registerfile, and then copying it from the registerfile into
10767 the array. This is a slight improvement on some sunspider tests, but no
10768 measurable overall change. That's okay though as our goal was to reduce
10769 code size without hurting performance.
10771 * bytecode/CodeBlock.cpp:
10772 (JSC::CodeBlock::dump):
10773 * bytecode/CodeBlock.h:
10774 (JSC::CodeBlock::addImmediateBuffer):
10775 (JSC::CodeBlock::immediateBuffer):
10776 * bytecode/Opcode.h:
10777 * bytecompiler/BytecodeGenerator.cpp:
10778 (JSC::BytecodeGenerator::addImmediateBuffer):
10779 (JSC::BytecodeGenerator::emitNewArray):
10780 * bytecompiler/BytecodeGenerator.h:
10781 * bytecompiler/NodesCodegen.cpp:
10782 (JSC::ArrayNode::emitBytecode):
10783 * interpreter/Interpreter.cpp:
10784 (JSC::Interpreter::privateExecute):
10786 (JSC::JIT::privateCompileMainPass):
10788 * jit/JITOpcodes.cpp:
10789 (JSC::JIT::emit_op_new_array):
10790 (JSC::JIT::emit_op_new_array_buffer):
10791 * jit/JITOpcodes32_64.cpp:
10792 * jit/JITStubs.cpp:
10793 (JSC::DEFINE_STUB_FUNCTION):
10796 2011-06-16 Oliver Hunt <oliver@apple.com>
10798 <rdar://problem/9306516> First-time JavaScript parse in app store can take ~130ms (was 160ms)
10800 Merging r87177, r87838, r88076, r88082, r88083, r88084, r88094, r88394, r88668, r88719, r88974
10802 2011-06-15 Oliver Hunt <oliver@apple.com>
10804 Reviewed by Darin Adler.
10806 REGRESSION (r88719): 5by5.tv schedule is not visible
10807 https://bugs.webkit.org/show_bug.cgi?id=62720
10809 Problem here is that the lexer wasn't considering '$' to be
10810 a valid character in an identifier.
10813 (JSC::Lexer::lexExpectIdentifier):
10815 2011-06-13 Oliver Hunt <oliver@apple.com>
10817 Reviewed by Gavin Barraclough.
10819 Fix llocp and lvalp names in the lexer to something more meaningful
10820 https://bugs.webkit.org/show_bug.cgi?id=62605
10824 * parser/Lexer.cpp:
10825 (JSC::Lexer::parseIdentifier):
10826 (JSC::Lexer::parseString):
10829 (JSC::Lexer::lexExpectIdentifier):
10831 2011-06-13 Oliver Hunt <oliver@apple.com>
10833 Reviewed by Gavin Barraclough.
10835 Make it possible to inline the common case of identifier lexing
10836 https://bugs.webkit.org/show_bug.cgi?id=62600
10838 Add a lexing function that expects to lex an "normal" alpha numeric
10839 identifier (that ignores keywords) so it's possible to inline the
10840 common parsing cases. This comes out as a reasonable parsing speed
10843 * parser/JSParser.cpp:
10844 (JSC::JSParser::nextExpectIdentifier):
10845 (JSC::JSParser::parseProperty):
10846 (JSC::JSParser::parseMemberExpression):
10847 * parser/Lexer.cpp:
10849 (JSC::Lexer::makeIdentifier):
10850 (JSC::Lexer::lexExpectIdentifier):
10852 2011-06-13 Oliver Hunt <oliver@apple.com>
10854 Reviewed by Simon Fraser.
10856 Make it possible to inline Identifier::equal
10857 https://bugs.webkit.org/show_bug.cgi?id=62584
10859 Move Identifier::equal to the Identifier header file.
10861 * runtime/Identifier.cpp:
10862 * runtime/Identifier.h:
10863 (JSC::Identifier::equal):
10865 2011-06-03 Oliver Hunt <oliver@apple.com>
10867 Reviewed by Maciej Stachowiak.
10869 Lexer needs to provide Identifier for reserved words
10870 https://bugs.webkit.org/show_bug.cgi?id=62086
10872 Alas it is necessary to provide an Identifier reference for keywords
10873 so that we can do the right thing when they're used in object literals.
10874 We now keep Identifiers for all reserved words in the CommonIdentifiers
10875 structure so that we can access them without a hash lookup.
10877 * KeywordLookupGenerator.py:
10878 * parser/Lexer.cpp:
10879 (JSC::Lexer::parseIdentifier):
10881 * runtime/CommonIdentifiers.cpp:
10882 (JSC::CommonIdentifiers::CommonIdentifiers):
10883 * runtime/CommonIdentifiers.h:
10885 2011-06-03 Oliver Hunt <oliver@apple.com>
10887 Reviewed by Gavin Barraclough.
10889 Force inlining of some hot lexer functions
10890 https://bugs.webkit.org/show_bug.cgi?id=62079
10892 Fix more GCC stupidity
10895 (JSC::Lexer::isWhiteSpace):
10896 (JSC::Lexer::isLineTerminator):
10898 2011-06-03 Oliver Hunt <oliver@apple.com>
10900 Reviewed by Gavin Barraclough.
10902 GCC not inlining some functions that it really should be
10903 https://bugs.webkit.org/show_bug.cgi?id=62075
10905 Add ALWAYS_INLINE to a number of parsing and lexing functions
10906 that should always be inlined. This gets us ~1.4% on my ad hoc
10909 * KeywordLookupGenerator.py:
10910 * parser/JSParser.cpp:
10911 (JSC::JSParser::next):
10912 (JSC::JSParser::nextTokenIsColon):
10913 (JSC::JSParser::consume):
10914 (JSC::JSParser::match):
10915 (JSC::JSParser::tokenStart):
10916 (JSC::JSParser::tokenLine):
10917 (JSC::JSParser::tokenEnd):
10918 * parser/Lexer.cpp:
10919 (JSC::isIdentPart):
10921 2011-06-05 David Kilzer <ddkilzer@apple.com>
10923 <rdar://problem/9495270> Merge iOS WebKit to Safari Jazz FCS
10925 Merged ToT WebKit r86871-r88061 on safari-534-branch branch.
10927 2011-06-02 Lucas Forschler <lforschler@apple.com>
10931 2011-05-31 Oliver Hunt <oliver@apple.com>
10933 Reviewed by Geoffrey Garen.
10935 Freezing a function and its prototype causes browser to crash.
10936 https://bugs.webkit.org/show_bug.cgi?id=61758
10938 Make JSObject::preventExtensions virtual so that we can override it
10939 and instantiate all lazy
10941 * JavaScriptCore.exp:
10942 * runtime/JSFunction.cpp:
10943 (JSC::createPrototypeProperty):
10944 (JSC::JSFunction::preventExtensions):
10945 (JSC::JSFunction::getOwnPropertySlot):
10946 * runtime/JSFunction.h:
10947 * runtime/JSObject.h:
10948 * runtime/JSObject.cpp:
10949 (JSC::JSObject::seal):
10950 (JSC::JSObject::seal):
10952 2011-05-27 Mark Rowe <mrowe@apple.com>
10956 2011-05-27 Stephanie Lewis <slewis@apple.com>
10960 Fix a typo in the order_file flag.
10962 * Configurations/Base.xcconfig:
10964 2011-05-27 Mark Rowe <mrowe@apple.com>
10968 2011-05-27 Stephanie Lewis <slewis@apple.com>
10970 Rubber Stamped by Adam Roben.
10972 Update Order Files. Use -order_file flag since it can order more of the binary.
10974 * Configurations/Base.xcconfig:
10975 * JavaScriptCore.order:
10977 2011-05-26 Lucas Forschler <lforschler@apple.com>
10981 2011-05-23 Michael Saboff <msaboff@apple.com>
10983 Reviewed by Mark Rowe.
10985 Safari often freezes when clicking "Return free memory" in Caches dialog
10986 https://bugs.webkit.org/show_bug.cgi?id=61325
10988 There are two fixes and improvement in instrumentation code used to find
10989 one of the problems.
10990 Changed ReleaseFreeList() to set the "decommitted" bit when releasing
10991 pages to the system and moving Spans from the normal list to the returned
10993 Added a "not making forward progress" check to TCMalloc_PageHeap::scavenge
10994 to eliminate an infinite loop if we can't meet the pagesToRelease target.
10995 Added a check for the decommitted bit being set properly in
10996 TCMalloc_PageHeap::CheckList.
10998 * wtf/FastMalloc.cpp:
10999 (WTF::TCMalloc_PageHeap::scavenge):
11000 (WTF::TCMalloc_PageHeap::Check):
11001 (WTF::TCMalloc_PageHeap::CheckList):
11002 (WTF::ReleaseFreeList):
11004 2011-05-23 Gavin Barraclough <barraclough@apple.com>
11008 2011-05-23 Gavin Barraclough <barraclough@apple.com>
11010 Reviewed by Geoff Garen.
11012 https://bugs.webkit.org/show_bug.cgi?id=61306
11014 The begin characters optimization currently has issues (#61129),
11015 and does not appear to still be a performance win. The prudent
11016 next step seems to be to disable while we ascertain whether this
11017 is still a useful performance optimization.
11019 * yarr/YarrInterpreter.cpp:
11020 (JSC::Yarr::Interpreter::matchDisjunction):
11021 (JSC::Yarr::Interpreter::interpret):
11022 * yarr/YarrInterpreter.h:
11023 (JSC::Yarr::BytecodePattern::BytecodePattern):
11024 * yarr/YarrPattern.cpp:
11025 (JSC::Yarr::YarrPatternConstructor::YarrPatternConstructor):
11026 (JSC::Yarr::YarrPattern::compile):
11027 (JSC::Yarr::YarrPattern::YarrPattern):
11028 * yarr/YarrPattern.h:
11029 (JSC::Yarr::YarrPattern::reset):
11031 2011-05-24 Steve Falkenburg <sfalken@apple.com>
11033 Reviewed by Adam Roben.
11035 Disable features on safari-534-branch.
11036 <rdar://problem/9261347>
11038 * Configurations/FeatureDefines.xcconfig:
11040 2011-05-22 Lucas Forschler <lforschler@apple.com>
11044 2011-05-20 Brady Eidson <beidson@apple.com>
11046 Reviewed by Sam Weinig.
11048 <rdar://problem/9472883> and https://bugs.webkit.org/show_bug.cgi?id=61203
11049 Horrendous bug in callOnMainThreadAndWait
11051 * wtf/MainThread.cpp:
11052 (WTF::dispatchFunctionsFromMainThread): Before signaling the background thread with the
11053 syncFlag condition, reacquire the mutex first.
11055 2011-05-22 Lucas Forschler <lforschler@apple.com>
11059 2011-05-18 Oliver Hunt <oliver@apple.com>
11061 Reviewed by Adam Roben.
11063 Disable gc validation in release builds
11064 https://bugs.webkit.org/show_bug.cgi?id=60680
11066 Add back the NDEBUG check
11070 2011-05-19 Lucas Forschler <lforschler@apple.com
11074 2011-05-19 Adam Roben <aroben@apple.com>
11076 Remove a redundant and broken data export
11078 Data can't be exported from JavaScriptCore.dll by listing it in the .def file. The
11079 JS_EXPORTDATA macro must be used instead. (In this case it was already being used, leading
11080 to a linker warning about multiple definitions.)
11082 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed JSGlobalData::s_info.
11084 2011-05-19 Lucas Forschler <lforschler@apple.com
11088 2011-05-18 Oliver Hunt <oliver@apple.com>
11090 Reviewed by Gavin Barraclough.
11092 Some tests crashing in JSC::MarkStack::validateValue beneath ScriptController::clearWindowShell on SnowLeopard Intel Release (WebKit2 Tests)
11093 https://bugs.webkit.org/show_bug.cgi?id=61064
11095 Switch NonFinalObject to using WriteBarrier<> rather than WriteBarrierBase<>
11096 for its inline storage. This resolves the problem of GC occurring before
11097 a subclass has initialised its anonymous storage.
11099 * runtime/JSObject.h:
11101 2011-05-19 Lucas Forschler <lforschler@apple.com
11105 2011-05-18 Oliver Hunt <oliver@apple.com>
11107 Reviewed by Sam Weinig.
11109 JSGlobalObject and some others do GC allocation during initialization, which can cause heap corruption
11110 https://bugs.webkit.org/show_bug.cgi?id=61090
11112 Remove the Structure-free JSGlobalObject constructor and instead always
11113 pass the structure into the JSGlobalObject constructor.
11114 Stop DebuggerActivation creating a new structure every time, and simply
11115 use a single shared structure held by the GlobalData.
11117 * API/JSContextRef.cpp:
11118 * debugger/DebuggerActivation.cpp:
11119 (JSC::DebuggerActivation::DebuggerActivation):
11121 (GlobalObject::GlobalObject):
11124 * runtime/JSGlobalData.cpp:
11125 (JSC::JSGlobalData::JSGlobalData):
11126 (JSC::JSGlobalData::clearBuiltinStructures):
11127 * runtime/JSGlobalData.h:
11128 * runtime/JSGlobalObject.h:
11130 2011-05-19 Lucas Forschler <lforschler@apple.com>
11134 2011-05-16 Geoffrey Garen <ggaren@apple.com>
11136 Rolling back in r86653 with build fixed.
11138 Reviewed by Gavin Barraclough and Oliver Hunt.
11140 Global object initialization is expensive
11141 https://bugs.webkit.org/show_bug.cgi?id=60933
11143 Changed a bunch of globals to allocate their properties lazily, and changed
11144 the global object to allocate a bunch of its globals lazily.
11146 This reduces the footprint of a global object from 287 objects with 58
11147 functions for 24K to 173 objects with 20 functions for 15K.
11149 Large patch, but it's all mechanical.
11151 * DerivedSources.make:
11152 * JavaScriptCore.exp: Build!
11154 * create_hash_table: Added a special case for fromCharCode, since it uses
11155 a custom "thunk generator".
11158 (JSC::TypeCounter::operator()): Fixed a bug where the type counter would
11159 overcount objects that were owned through more than one mechanism because
11160 it was getting in the way of counting the results for this patch.
11162 * interpreter/CallFrame.h:
11163 (JSC::ExecState::arrayConstructorTable):
11164 (JSC::ExecState::arrayPrototypeTable):
11165 (JSC::ExecState::booleanPrototypeTable):
11166 (JSC::ExecState::dateConstructorTable):
11167 (JSC::ExecState::errorPrototypeTable):
11168 (JSC::ExecState::globalObjectTable):
11169 (JSC::ExecState::numberConstructorTable):
11170 (JSC::ExecState::numberPrototypeTable):
11171 (JSC::ExecState::objectPrototypeTable):
11172 (JSC::ExecState::regExpPrototypeTable):
11173 (JSC::ExecState::stringConstructorTable): Added new tables.
11175 * runtime/ArrayConstructor.cpp:
11176 (JSC::ArrayConstructor::ArrayConstructor):
11177 (JSC::ArrayConstructor::getOwnPropertySlot):
11178 (JSC::ArrayConstructor::getOwnPropertyDescriptor):
11179 * runtime/ArrayConstructor.h:
11180 (JSC::ArrayConstructor::createStructure):
11181 * runtime/ArrayPrototype.cpp:
11182 (JSC::ArrayPrototype::getOwnPropertySlot):
11183 (JSC::ArrayPrototype::getOwnPropertyDescriptor):
11184 * runtime/ArrayPrototype.h:
11185 * runtime/BooleanPrototype.cpp:
11186 (JSC::BooleanPrototype::BooleanPrototype):
11187 (JSC::BooleanPrototype::getOwnPropertySlot):
11188 (JSC::BooleanPrototype::getOwnPropertyDescriptor):
11189 * runtime/BooleanPrototype.h:
11190 (JSC::BooleanPrototype::createStructure):
11191 * runtime/DateConstructor.cpp:
11192 (JSC::DateConstructor::DateConstructor):
11193 (JSC::DateConstructor::getOwnPropertySlot):
11194 (JSC::DateConstructor::getOwnPropertyDescriptor):
11195 * runtime/DateConstructor.h:
11196 (JSC::DateConstructor::createStructure):
11197 * runtime/ErrorPrototype.cpp:
11198 (JSC::ErrorPrototype::ErrorPrototype):
11199 (JSC::ErrorPrototype::getOwnPropertySlot):
11200 (JSC::ErrorPrototype::getOwnPropertyDescriptor):
11201 * runtime/ErrorPrototype.h:
11202 (JSC::ErrorPrototype::createStructure): Standardized these objects
11203 to use static tables for function properties.
11205 * runtime/JSGlobalData.cpp:
11206 (JSC::JSGlobalData::JSGlobalData):
11207 (JSC::JSGlobalData::~JSGlobalData):
11208 * runtime/JSGlobalData.h: Added new tables.
11210 * runtime/JSGlobalObject.cpp:
11211 (JSC::JSGlobalObject::reset):
11212 (JSC::JSGlobalObject::addStaticGlobals):
11213 (JSC::JSGlobalObject::getOwnPropertySlot):
11214 (JSC::JSGlobalObject::getOwnPropertyDescriptor):
11215 * runtime/JSGlobalObject.h:
11216 * runtime/JSGlobalObjectFunctions.cpp:
11217 * runtime/JSGlobalObjectFunctions.h: Changed JSGlobalObject to use a
11218 static table for its global functions. This required uninlining some
11219 things to avoid a circular header dependency. However, those things
11220 probably shouldn't have been inlined in the first place.
11222 Even more global object properties can be made lazy, but that requires
11223 more in-depth changes.
11225 * runtime/MathObject.cpp:
11226 * runtime/NumberConstructor.cpp:
11227 (JSC::NumberConstructor::getOwnPropertySlot):
11228 (JSC::NumberConstructor::getOwnPropertyDescriptor):
11229 * runtime/NumberPrototype.cpp:
11230 (JSC::NumberPrototype::NumberPrototype):
11231 (JSC::NumberPrototype::getOwnPropertySlot):
11232 (JSC::NumberPrototype::getOwnPropertyDescriptor):
11233 * runtime/NumberPrototype.h:
11234 (JSC::NumberPrototype::createStructure):
11235 * runtime/ObjectPrototype.cpp:
11236 (JSC::ObjectPrototype::ObjectPrototype):
11237 (JSC::ObjectPrototype::put):
11238 (JSC::ObjectPrototype::getOwnPropertySlot):
11239 (JSC::ObjectPrototype::getOwnPropertyDescriptor):
11240 * runtime/ObjectPrototype.h:
11241 (JSC::ObjectPrototype::createStructure):
11242 * runtime/RegExpPrototype.cpp:
11243 (JSC::RegExpPrototype::RegExpPrototype):
11244 (JSC::RegExpPrototype::getOwnPropertySlot):
11245 (JSC::RegExpPrototype::getOwnPropertyDescriptor):
11246 * runtime/RegExpPrototype.h:
11247 (JSC::RegExpPrototype::createStructure):
11248 * runtime/StringConstructor.cpp:
11249 (JSC::StringConstructor::StringConstructor):
11250 (JSC::StringConstructor::getOwnPropertySlot):
11251 (JSC::StringConstructor::getOwnPropertyDescriptor):
11252 * runtime/StringConstructor.h:
11253 (JSC::StringConstructor::createStructure): Standardized these objects
11254 to use static tables for function properties.
11256 2011-06-05 David Kilzer <ddkilzer@apple.com>
11258 <rdar://problem/9556885> iOS: Disable C++ exceptions when building with clang
11260 Reviewed by Anders Carlsson.
11262 Set GCC_ENABLE_CPP_EXCEPTIONS_LLVM_COMPILER to NO.
11264 * Configurations/Base.xcconfig:
11266 2011-05-27 Oliver Hunt <oliver@apple.com>
11270 * runtime/JSGlobalData.cpp:
11272 2011-05-27 Oliver Hunt <oliver@apple.com>
11278 2011-05-27 Patrick Gansterer <paroga@webkit.org>
11280 Unreviewed. Build fix for !ENABLE(ASSEMBLER) after r87527.
11282 * runtime/JSGlobalData.cpp:
11283 (JSGlobalData::JSGlobalData):
11285 2011-05-27 Oliver Hunt <oliver@apple.com>
11287 <rdar://problem/8943166> Crash after running out of executable memory @ palmbrasil.com.br (requires 22.2MB)
11289 Merging r87327, r87436, r87445, and r87527
11291 2011-05-27 Oliver Hunt <oliver@apple.com>
11293 Reviewed by Geoffrey Garen.
11295 Try to release unused executable memory when the FixedVMPool allocator is under pressure
11296 https://bugs.webkit.org/show_bug.cgi?id=61651
11298 Rather than crashing when full the FixedVMPool allocator now returns a null
11299 allocation. We replace the code that used to CRASH() on null allocations
11300 with logic that asks the provided globalData to release any executable memory
11301 that it can. Currently this just means throwing away all regexp code, but
11302 in future we'll try to be more aggressive.
11304 * assembler/ARMAssembler.cpp:
11305 (JSC::ARMAssembler::executableCopy):
11306 * assembler/ARMAssembler.h:
11307 * assembler/AssemblerBuffer.h:
11308 (JSC::AssemblerBuffer::executableCopy):
11309 * assembler/AssemblerBufferWithConstantPool.h:
11310 * assembler/LinkBuffer.h:
11311 (JSC::LinkBuffer::LinkBuffer):
11312 (JSC::LinkBuffer::linkCode):
11313 * assembler/MIPSAssembler.h:
11314 (JSC::MIPSAssembler::executableCopy):
11315 * assembler/SH4Assembler.h:
11316 (JSC::SH4Assembler::executableCopy):
11317 * assembler/X86Assembler.h:
11318 (JSC::X86Assembler::executableCopy):
11319 (JSC::X86Assembler::X86InstructionFormatter::executableCopy):
11320 * dfg/DFGJITCompiler.cpp:
11321 (JSC::DFG::JITCompiler::compileFunction):
11322 * jit/ExecutableAllocator.h:
11323 (JSC::ExecutablePool::create):
11324 (JSC::ExecutablePool::alloc):
11325 (JSC::ExecutableAllocator::ExecutableAllocator):
11326 (JSC::ExecutableAllocator::poolForSize):
11327 (JSC::ExecutablePool::ExecutablePool):
11328 (JSC::ExecutablePool::poolAllocate):
11329 * jit/ExecutableAllocatorFixedVMPool.cpp:
11330 (JSC::FixedVMPoolAllocator::alloc):
11332 (JSC::JIT::privateCompile):
11333 * jit/JITOpcodes.cpp:
11334 (JSC::JIT::privateCompileCTIMachineTrampolines):
11335 * jit/JITOpcodes32_64.cpp:
11336 (JSC::JIT::privateCompileCTIMachineTrampolines):
11337 (JSC::JIT::privateCompileCTINativeCall):
11338 * jit/JITPropertyAccess.cpp:
11339 (JSC::JIT::stringGetByValStubGenerator):
11340 (JSC::JIT::privateCompilePutByIdTransition):
11341 (JSC::JIT::privateCompilePatchGetArrayLength):
11342 (JSC::JIT::privateCompileGetByIdProto):
11343 (JSC::JIT::privateCompileGetByIdSelfList):
11344 (JSC::JIT::privateCompileGetByIdProtoList):
11345 (JSC::JIT::privateCompileGetByIdChainList):
11346 (JSC::JIT::privateCompileGetByIdChain):
11347 * jit/JITPropertyAccess32_64.cpp:
11348 (JSC::JIT::stringGetByValStubGenerator):
11349 (JSC::JIT::privateCompilePutByIdTransition):
11350 (JSC::JIT::privateCompilePatchGetArrayLength):
11351 (JSC::JIT::privateCompileGetByIdProto):
11352 (JSC::JIT::privateCompileGetByIdSelfList):
11353 (JSC::JIT::privateCompileGetByIdProtoList):
11354 (JSC::JIT::privateCompileGetByIdChainList):
11355 (JSC::JIT::privateCompileGetByIdChain):
11356 * jit/SpecializedThunkJIT.h:
11357 (JSC::SpecializedThunkJIT::finalize):
11358 * jit/ThunkGenerators.cpp:
11359 (JSC::charCodeAtThunkGenerator):
11360 (JSC::charAtThunkGenerator):
11361 (JSC::fromCharCodeThunkGenerator):
11362 (JSC::sqrtThunkGenerator):
11363 (JSC::powThunkGenerator):
11364 * runtime/JSGlobalData.cpp:
11365 (JSC::JSGlobalData::JSGlobalData):
11366 (JSC::JSGlobalData::releaseExecutableMemory):
11367 (JSC::releaseExecutableMemory):
11368 * runtime/JSGlobalData.h:
11369 * runtime/RegExpCache.cpp:
11370 (JSC::RegExpCache::invalidateCode):
11371 * runtime/RegExpCache.h:
11372 * yarr/YarrJIT.cpp:
11373 (JSC::Yarr::YarrGenerator::compile):
11375 2011-05-26 Oliver Hunt <oliver@apple.com>
11377 Reviewed by Geoffrey Garen.
11379 Make RegExpCache a weak map
11380 https://bugs.webkit.org/show_bug.cgi?id=61554
11382 Switch to a weak map for the regexp cache, and hide that
11383 behaviour behind RegExp::create.
11385 When a RegExp is compiled it attempts to add itself to
11386 the "strong" cache. This cache is a simple round-robin
11387 buffer as was the old strong cache. Happily this can
11388 be smaller than the old strong cache as RegExps are only
11389 added when they're compiled so it is under less pressure
11392 * bytecompiler/NodesCodegen.cpp:
11393 (JSC::RegExpNode::emitBytecode):
11394 * runtime/RegExp.cpp:
11395 (JSC::RegExp::RegExp):
11396 (JSC::RegExp::create):
11397 (JSC::RegExp::match):
11398 * runtime/RegExp.h:
11399 (JSC::RegExp::gcShouldInvalidateCode):
11400 (JSC::RegExp::hasCode):
11401 (JSC::RegExp::key):
11402 * runtime/RegExpCache.cpp:
11403 (JSC::RegExpCache::lookupOrCreate):
11404 (JSC::RegExpCache::RegExpCache):
11405 (JSC::RegExpCache::isReachableFromOpaqueRoots):
11406 (JSC::RegExpCache::finalize):
11407 * runtime/RegExpCache.h:
11408 * runtime/RegExpConstructor.cpp:
11409 (JSC::constructRegExp):
11410 * runtime/RegExpPrototype.cpp:
11411 (JSC::regExpProtoFuncCompile):
11412 * runtime/StringPrototype.cpp:
11413 (JSC::stringProtoFuncMatch):
11414 (JSC::stringProtoFuncSearch):
11416 2011-05-25 Oliver Hunt <oliver@apple.com>
11418 Reviewed by Geoffrey Garen.
11420 Make RegExp GC allocated
11421 https://bugs.webkit.org/show_bug.cgi?id=61490
11423 Make RegExp GC allocated. Basically mechanical change to replace
11424 most use of [Pass]RefPtr<RegExp> with RegExp* or WriteBarrier<RegExp>
11425 where actual ownership happens.
11427 Made the RegExpCache use Strong<> references currently to avoid any
11428 changes in behaviour.
11430 * JavaScriptCore.exp:
11431 * bytecode/CodeBlock.cpp:
11432 (JSC::CodeBlock::visitAggregate):
11433 * bytecode/CodeBlock.h:
11434 (JSC::CodeBlock::addRegExp):
11435 * bytecompiler/BytecodeGenerator.cpp:
11436 (JSC::BytecodeGenerator::addRegExp):
11437 (JSC::BytecodeGenerator::emitNewRegExp):
11438 * bytecompiler/BytecodeGenerator.h:
11439 * runtime/JSCell.h:
11440 * runtime/JSGlobalData.cpp:
11441 (JSC::JSGlobalData::JSGlobalData):
11442 (JSC::JSGlobalData::clearBuiltinStructures):
11443 (JSC::JSGlobalData::addRegExpToTrace):
11444 * runtime/JSGlobalData.h:
11445 * runtime/JSGlobalObject.cpp:
11446 (JSC::JSGlobalObject::reset):
11447 * runtime/RegExp.cpp:
11448 (JSC::RegExp::RegExp):
11449 (JSC::RegExp::create):
11450 (JSC::RegExp::invalidateCode):
11451 * runtime/RegExp.h:
11452 (JSC::RegExp::createStructure):
11453 * runtime/RegExpCache.cpp:
11454 (JSC::RegExpCache::lookupOrCreate):
11455 (JSC::RegExpCache::create):
11456 * runtime/RegExpCache.h:
11457 * runtime/RegExpConstructor.cpp:
11458 (JSC::constructRegExp):
11459 * runtime/RegExpObject.cpp:
11460 (JSC::RegExpObject::RegExpObject):
11461 (JSC::RegExpObject::visitChildren):
11462 * runtime/RegExpObject.h:
11463 (JSC::RegExpObject::setRegExp):
11464 (JSC::RegExpObject::RegExpObjectData::RegExpObjectData):
11465 * runtime/RegExpPrototype.cpp:
11466 (JSC::RegExpPrototype::RegExpPrototype):
11467 (JSC::regExpProtoFuncCompile):
11468 * runtime/RegExpPrototype.h:
11469 * runtime/StringPrototype.cpp:
11470 (JSC::stringProtoFuncMatch):
11471 (JSC::stringProtoFuncSearch):
11473 2011-05-25 Oliver Hunt <oliver@apple.com>
11475 Reviewed by Geoffrey Garen.
11477 Generate regexp code lazily
11478 https://bugs.webkit.org/show_bug.cgi?id=61476
11480 RegExp construction now simply validates the RegExp, it does
11481 not perform actual codegen.
11483 * runtime/RegExp.cpp:
11484 (JSC::RegExp::RegExp):
11485 (JSC::RegExp::recompile):
11486 (JSC::RegExp::compile):
11487 (JSC::RegExp::match):
11488 * runtime/RegExp.h:
11489 (JSC::RegExp::recompileIfNecessary):
11490 * runtime/RegExpConstructor.h:
11491 (JSC::RegExpConstructor::performMatch):
11492 * runtime/RegExpObject.cpp:
11493 (JSC::RegExpObject::match):
11494 * runtime/StringPrototype.cpp:
11495 (JSC::stringProtoFuncReplace):
11496 (JSC::stringProtoFuncMatch):
11497 (JSC::stringProtoFuncSearch):
11498 (JSC::stringProtoFuncSplit):
11500 2011-05-25 Oliver Hunt <oliver@apple.com>
11502 <rdar://problem/9501227> REGRESSION(r1024836): Crash in JSC::JIT::privateCompileCTIMachineTrampolines in many apps on resume
11504 Merge ToT WebKit r87308
11506 2011-05-25 Oliver Hunt <oliver@apple.com>
11508 Reviewed by Geoffrey Garen.
11510 Make allocations with guard pages ensure that the allocation succeeded
11511 https://bugs.webkit.org/show_bug.cgi?id=61453
11513 Add null checks, and make PageBlock's operator bool() use
11514 the realbase, rather than the start of usable memory.
11516 * wtf/OSAllocatorPosix.cpp:
11517 (WTF::OSAllocator::reserveAndCommit):
11519 (WTF::PageBlock::operator bool):
11520 (WTF::PageBlock::PageBlock):
11522 2011-05-24 Oliver Hunt <oliver@apple.com>
11524 Remove accidental change to Source/JavaScriptCore/ChangeLog
11526 * ChangeLog: revert accidentally committed change
11528 2011-05-24 Oliver Hunt <oliver@apple.com>
11530 <rdar://problem/9231233> exception handler being called incorrectly in Interpreter
11532 Merged ToT WebKit r86960
11534 2011-05-20 Oliver Hunt <oliver@apple.com>
11536 Reviewed by Sam Weinig.
11538 Interpreter uses wrong bytecode offset for determining exception handler
11539 https://bugs.webkit.org/show_bug.cgi?id=61191
11541 The bytecode offset given for the returnPC from the JIT is
11542 actually the offset for the start of the instruction triggering
11543 the call, whereas in the interpreter it is the actual return
11544 VPC. This means if the next instruction following a call was
11545 in an exception region we would incorrectly redirect to its
11546 handler. Long term we want to completely redo how exceptions
11547 are handled anyway so the simplest and lowest risk fix here is
11548 to simply subtract one from the return vPC so that we have an
11549 offset in the triggering instruction.
11551 It turns out this is caught by a couple of tests already.
11553 * interpreter/Interpreter.cpp:
11554 (JSC::Interpreter::unwindCallFrame):
11556 2011-05-24 Oliver Hunt <oliver@apple.com>
11558 <rdar://problem/8887771> Add a guard page on each side of the JIT executable region
11560 Merged ToT WebKit r86906
11562 2011-05-19 Oliver Hunt <oliver@apple.com>
11564 Reviewed by Gavin Barraclough.
11566 Add guard pages to each end of the memory region used by the fixedvm allocator
11567 https://bugs.webkit.org/show_bug.cgi?id=61150
11569 Add mechanism to notify the OSAllocator that pages at either end of an
11570 allocation should be considered guard pages. Update PageReservation,
11571 PageAllocation, etc to handle this.
11573 * JavaScriptCore.exp:
11574 * jit/ExecutableAllocatorFixedVMPool.cpp:
11575 (JSC::FixedVMPoolAllocator::FixedVMPoolAllocator):
11576 * wtf/OSAllocator.h:
11577 * wtf/OSAllocatorPosix.cpp:
11578 (WTF::OSAllocator::reserveUncommitted):
11579 (WTF::OSAllocator::reserveAndCommit):
11580 * wtf/PageAllocation.h:
11581 (WTF::PageAllocation::PageAllocation):
11582 * wtf/PageAllocationAligned.h:
11583 (WTF::PageAllocationAligned::PageAllocationAligned):
11585 (WTF::PageBlock::PageBlock):
11586 * wtf/PageReservation.h:
11587 (WTF::PageReservation::reserve):
11588 (WTF::PageReservation::reserveWithGuardPages):
11589 Add a new function to make a reservation that will add guard
11590 pages to the ends of an allocation.
11591 (WTF::PageReservation::PageReservation):
11593 2011-05-24 Oliver Hunt <oliver@apple.com>
11595 <rdar://problem/9470482> GC allocated executables are destroyed lazily, so release executable memory slowly
11597 Merged ToT WebKit r86883
11599 2011-05-19 Oliver Hunt <oliver@apple.com>
11601 Reviewed by Geoffrey Garen.
11603 Make Executables release their JIT code as soon as they become dead
11604 https://bugs.webkit.org/show_bug.cgi?id=61134
11606 Add an ability to clear an Executable's jit code without requiring
11607 it to be destroyed, and then call that from a finalizer.
11613 (JSC::JITCode::clear):
11614 * runtime/Executable.cpp:
11615 (JSC::ExecutableFinalizer::finalize):
11616 (JSC::ExecutableBase::executableFinalizer):
11617 * runtime/Executable.h:
11618 (JSC::ExecutableBase::ExecutableBase):
11619 (JSC::ExecutableBase::clearExecutableCode):
11621 2011-05-24 Oliver Hunt <oliver@apple.com>
11623 <rdar://problem/9240218> Consider removing branchConvertDoubleToInt32
11625 Merged ToT WebKit r86968
11627 2011-05-20 Oliver Hunt <oliver@apple.com>
11629 Reviewed by Sam Weinig.
11631 Remove unnecessary double->int conversion at the end of op_div
11632 https://bugs.webkit.org/show_bug.cgi?id=61198
11634 We don't attempt this conversion on 64bit, removing it actually speeds
11635 up sunspider and v8 slightly, and it reduces code size.
11637 * jit/JITArithmetic32_64.cpp:
11638 (JSC::JIT::emit_op_div):
11640 2011-05-24 Oliver Hunt <oliver@apple.com>
11642 <rdar://problem/8881410> Investigation: Harden against JIT spraying attacks
11644 Merged ToT WebKit r86919
11646 2011-05-19 Oliver Hunt <oliver@apple.com>
11648 Reviewed by Gavin Barraclough.
11650 Randomise code starting location a little
11651 https://bugs.webkit.org/show_bug.cgi?id=61161
11653 Add a nop() function to the Assemblers so that we
11654 can randomise code offsets slightly at no real cost.
11656 * assembler/ARMAssembler.h:
11657 (JSC::ARMAssembler::nop):
11658 * assembler/ARMv7Assembler.h:
11659 (JSC::ARMv7Assembler::nop):
11660 * assembler/MacroAssemblerARM.h:
11661 (JSC::MacroAssemblerARM::nop):
11662 * assembler/MacroAssemblerARMv7.h:
11663 (JSC::MacroAssemblerARMv7::nop):
11664 * assembler/MacroAssemblerMIPS.h:
11665 (JSC::MacroAssemblerMIPS::nop):
11666 * assembler/MacroAssemblerSH4.h:
11667 (JSC::MacroAssemblerSH4::nop):
11668 * assembler/MacroAssemblerX86Common.h:
11669 (JSC::MacroAssemblerX86Common::nop):
11670 * assembler/X86Assembler.h:
11671 (JSC::X86Assembler::nop):
11674 (JSC::JIT::privateCompile):
11676 * runtime/WeakRandom.h:
11677 (JSC::WeakRandom::getUint32):
11679 2011-05-24 Oliver Hunt <oliver@apple.com>
11681 <rdar://problem/8247576> JSC should limit inline PIC offsets to fit in single instruction loads on ARMv7
11683 Merged ToT WebKit r86999
11685 2011-05-20 Oliver Hunt <oliver@apple.com>
11687 Reviewed by Gavin Barraclough.
11689 Reduce size of inline cache path of get_by_id on ARMv7
11690 https://bugs.webkit.org/show_bug.cgi?id=61221
11692 This reduces the code size of get_by_id by 20 bytes
11694 * assembler/ARMv7Assembler.h:
11695 (JSC::ARMv7Assembler::ldrCompact):
11696 (JSC::ARMv7Assembler::repatchCompact):
11697 (JSC::ARMv7Assembler::setUInt7ForLoad):
11698 * assembler/MacroAssemblerARMv7.h:
11699 (JSC::MacroAssemblerARMv7::load32WithCompactAddressOffsetPatch):
11702 2011-05-24 Oliver Hunt <oliver@apple.com>
11704 <rdar://problem/9493374> scripter crashing in JavaScriptCore: JSC::slowValidateCell
11706 Merged ToT WebKit r87190
11708 2011-05-24 Oliver Hunt <oliver@apple.com>
11710 Reviewed by Gavin Barraclough.
11712 Interpreter crashes with gc validation enabled due to failure to mark initial cache structure
11713 https://bugs.webkit.org/show_bug.cgi?id=61385
11715 The interpreter uses the structure slot of get_by_id and put_by_id to hold
11716 the initial structure it encountered so that it can identify whether a
11717 given access is stable.
11719 When marking though we only visit the slot when we've decided to cache, and
11720 so this value could die. This was "safe" as the value was only used for a
11721 pointer compare, but it was incorrect. We now just mark the slot like we
11722 should have been doing already.
11724 * bytecode/CodeBlock.cpp:
11725 (JSC::CodeBlock::visitStructures):
11727 2011-05-16 Pratik Solanki <psolanki@apple.com>
11729 <rdar://problem/9449255> No need to explicitly cleanup JIT code when handling memory warning
11731 Reviewed by Geoffrey Garen.
11733 Revert changes made for <rdar://problem/9392975> since we now clean up JIT code on
11734 JavaScript garbage collection. This behavior was added in the merge of opensource r86510.
11736 * JavaScriptCore.exp:
11738 2011-05-16 Pratik Solanki <psolanki@apple.com>
11740 Part of <rdar://problem/9449162> REGRESSION: SunSpider ~7% slower in browser than on command line (was 17%)
11742 Merged ToT WebKit r86510.
11744 2011-05-15 Geoffrey Garen <ggaren@apple.com>
11746 Reviewed by Maciej Stachowiak.
11748 Partial fix for <rdar://problem/9417875> REGRESSION: SunSpider ~17% slower
11749 in browser than on command line
11751 This patch fixes a few issues in generated code that could unreasonably
11752 prolong object lifetimes.
11755 (JSC::Heap::collectAllGarbage): Throw away all function code before doing
11756 a major collection. We want to clear polymorphic caches, since they can
11757 keep alive large object graphs that have gone "stale". For the same reason,
11758 but to a lesser extent, we also want to clear linked functions and other
11761 This has the side-benefit of reducing memory footprint from run-once
11762 functions, and of allowing predictions and caches that have failed to
11765 Eventually, if compilation costs rise far enough, we may want a more
11766 limited strategy for de-specializing code without throwing it away
11767 completely, but this works for now, and it's the simplest solution.
11769 * jit/JITStubs.cpp:
11770 (JSC::JITThunks::hostFunctionStub):
11772 * runtime/JSFunction.cpp: Made the host function stub cache weak --
11773 otherwise it's effectively a memory leak that can seriously fragment the
11776 (JSC::JSFunction::JSFunction):
11777 (JSC::JSFunction::visitChildren): Cleared up some comments that confused
11778 me when working with this code.
11780 2011-05-16 David Kilzer <ddkilzer@apple.com>
11782 <rdar://problem/9446250> Exceptions not disabled in ARM builds
11784 Merged ToT WebKit r86598.
11786 2011-05-16 David Kilzer <ddkilzer@apple.com>
11788 <http://webkit.org/b/60913> C++ exceptions should not be enabled when building with llvm-gcc-4.2
11789 <rdar://problem/9446430>
11791 Reviewed by Mark Rowe.
11793 * Configurations/Base.xcconfig: Fixed typo.
11795 2011-05-05 Joseph Pecoraro <joepeck@webkit.org>
11797 Reviewed by Simon Fraser.
11799 Remove ENABLE(RANGETYPE_AS_TEXT).
11803 2011-05-09 Pratik Solanki <psolanki@apple.com>
11805 <rdar://problem/9392975> Should clean up JIT code when we get a memory warning
11807 Reviewed by Oliver Hunt and David Kilzer.
11809 * JavaScriptCore.exp: Export JSGlobalData::recompileAllJSFunctions
11811 2011-05-02 Oliver Hunt <oliver@apple.com>
11813 Rubber stamped by Gavin Barraclough.
11815 <rdar://problem/9344858> Crash in Scripter beneath Structure::materializePropertyMap running URL stress test
11817 Merge <http://trac.webkit.org/changeset/85523>.
11819 2011-05-02 Oliver Hunt <oliver@apple.com>
11821 Reviewed by Gavin Barraclough.
11823 Correct marking of interpreter data in mixed mode builds
11824 https://bugs.webkit.org/show_bug.cgi?id=59962
11826 We had a few places in mixed mode builds where we would not
11827 track data used by the interpreter for marking. This patch
11828 corrects the problem and adds a number of assertions to catch
11829 live Structures being collected.
11831 * JavaScriptCore.exp:
11832 * assembler/ARMv7Assembler.h:
11833 (JSC::ARMv7Assembler::ARMInstructionFormatter::debugOffset):
11834 * bytecode/CodeBlock.cpp:
11835 (JSC::CodeBlock::dump):
11836 * bytecode/CodeBlock.h:
11837 (JSC::CodeBlock::addPropertyAccessInstruction):
11838 (JSC::CodeBlock::addGlobalResolveInstruction):
11839 (JSC::CodeBlock::addStructureStubInfo):
11840 (JSC::CodeBlock::addGlobalResolveInfo):
11841 * bytecompiler/BytecodeGenerator.cpp:
11842 (JSC::BytecodeGenerator::emitResolve):
11843 (JSC::BytecodeGenerator::emitResolveWithBase):
11844 (JSC::BytecodeGenerator::emitGetById):
11845 (JSC::BytecodeGenerator::emitPutById):
11846 (JSC::BytecodeGenerator::emitDirectPutById):
11847 * runtime/Structure.cpp:
11848 (JSC::Structure::materializePropertyMap):
11849 * runtime/Structure.h:
11850 (JSC::Structure::typeInfo):
11851 (JSC::Structure::previousID):
11852 (JSC::Structure::propertyStorageCapacity):
11853 (JSC::Structure::propertyStorageSize):
11854 (JSC::Structure::get):
11855 (JSC::Structure::materializePropertyMapIfNecessary):
11857 2011-04-29 Andy Estes <aestes@apple.com>
11859 Rubber-stamped by Simon Fraser.
11861 Merge <http://trac.webkit.org/changeset/85361>.
11863 2011-04-29 Gavin Barraclough <barraclough@apple.com>
11865 Reviewed by Oliver Hunt & Geoff Garen.
11867 https://bugs.webkit.org/show_bug.cgi?id=59221
11868 [RegexFuzz] Regression blocking testing
11870 Okay, so the bug here is that when, in the case of a TypeParentheticalAssertion
11871 node, emitDisjunction recursively calls to itself to emit the nested disjunction
11872 the value of parenthesesInputCountAlreadyChecked is bogus (doesn't take into
11873 account the uncheck that has just taken place).
11875 Also, the special handling given to countToCheck in the case of parenthetical
11876 assertions is nonsense, delete it, along with the isParentheticalAssertion argument.
11878 * yarr/YarrInterpreter.cpp:
11879 (JSC::Yarr::ByteCompiler::emitDisjunction):
11881 2011-04-27 Yongjun Zhang <yongjun_zhang@apple.com>
11883 Reviewed by NOBODY (OOPS!).
11885 <rdar://problem/9349760> Merge Stabilization: Merge iOS WebKit up to ToT WebKit r84942
11887 Filed open source bug https://bugs.webkit.org/show_bug.cgi?id=59770, will remove this change if open source
11888 change gets landed.
11890 ToT WebKit r81135 added WTF_EXPORT_PRIVATE to wtf/Assertions. The macro is defined in JavaScriptCore's or
11891 WebCore's config.h which is included as the first header file for each source file. However, for projects like
11892 UIKit or MobileSafari, config.h doesn't exist and compiler complains the undefined WTF_EXPORT_PRIVATE. Since
11893 WTF_EXPORT_PRIVATE only makes sense when compiling JavaScriptCore, we can always turn it to empty macro if
11896 * wtf/Assertions.h:
11898 2011-04-15 Joseph Pecoraro <joepeck@webkit.org>
11900 Reviewed by NOBODY (OOPS!).
11902 <rdar://problem/6591720> Support Web Inspector on iPhone Simulator using MobileSafari/Web.app
11904 * Configurations/FeatureDefines.xcconfig: Add REMOTE_INSPECTOR Feature.
11906 2011-03-28 Joseph Pecoraro <joepeck@webkit.org>
11908 <rdar://problem/9197849> Leaked JSC::PropertyTable seen in AppStore
11910 Merged ToT WebKit r81420.
11912 2011-03-17 Geoffrey Garen <ggaren@apple.com>
11914 Reviewed by Mark Rowe.
11916 Fixed some string leaks seen on the buildbot
11917 https://bugs.webkit.org/show_bug.cgi?id=56619
11919 * runtime/PropertyMapHashTable.h:
11920 (JSC::PropertyTable::~PropertyTable): DEref!
11922 2011-03-24 Geoffrey Garen <ggaren@apple.com>
11924 Reviewed by Oliver Hunt.
11926 <rdar://problem/9083011> REGRESSION (Telluride): CRASH beneath JSC::call @ yahoo.com, redfin.com, and others
11928 Merged ToT WebKit r81904.
11930 2011-03-23 Oliver Hunt <oliver@apple.com>
11932 Reviewed by Geoff Garen.
11934 <rdar://problem/9123439> Crash in JSC::JSParser::Scope::declareParameter loading google.com
11936 Export function for registering a thread from JSC so that it can be used from WebCore.
11938 * JavaScriptCore.exp:
11940 2011-03-23 Geoffrey Garen <ggaren@apple.com>
11942 Rubber-stamped by David Kilzer.
11944 Fixed one case of <rdar://problem/9083011> REGRESSION (Telluride): CRASH
11945 beneath JSC::call when tapping on links or activating Reader @ yahoo.com
11947 Merged OpenSource trunk r81751.
11949 * debugger/Debugger.cpp:
11950 * runtime/JSGlobalData.cpp:
11951 (WTF::Recompiler::operator()):
11953 2011-03-22 Pratik Solanki <psolanki@apple.com>
11955 <rdar://problem/8772865> Webkit should use no-copy-cache CFNetwork SPI
11957 Reviewed by David Kilzer.
11959 * wtf/Platform.h: Enable HAVE_CFNETWORK_DATA_ARRAY_CALLBACK on iOS.
11961 2011-02-25 Joseph Pecoraro <joepeck@webkit.org>
11963 Reviewed by Yongjun Zhang.
11965 WebKit Merge Stabilization.
11967 We were reaching the MaxLargeThreadReentryDepth on the WebThread
11968 when running fast/xmlhttprequest/xmlhttprequest-recursive-sync-event.html.
11969 The WebThread's stack size, defined in WebCore/wak/WebCoreThread.mm,
11970 is 800kb. Rather than increase that size, we will slightly decrease
11971 the maximum recursion depth to 93. For this test case, 94 works,
11972 but 95 doesn't. Setting it a little lower allows for some leeway
11973 for future changes.
11975 * interpreter/Interpreter.h: decrease MaxLargeThreadReentryDepth from 100 to 93.
11977 2011-02-23 Yongjun Zhang <yongjun_zhang@apple.com>
11979 Reviewed by Joseph Pecoraro.
11981 WebKit Merge Stabilization.
11983 Revert back to old behavior which used to return 0 instead of
11984 CRASHing when checking if we can allocate executable memory.
11985 This is because on iOS isValid() mmap will only return successfully
11986 when the JIT is enabled and allowed for an application, but
11987 fail when the JIT is not allowed for an application; yet, all
11988 applications will take this path and check isValid before
11989 we know if we are allowed to use the JIT or not.
11991 * wtf/OSAllocatorPosix.cpp:
11992 (WTF::OSAllocator::reserveAndCommit): return 0 instead of crashing
11993 when checking if the allocating executable memory works.
11995 2011-02-23 Yongjun Zhang <yongjun_zhang@apple.com>
11997 Reviewed by Joseph Pecoraro.
11999 WebKit Merge Stabilization.
12001 Instead of using StackBounds cached in JSGlobalData, we need to retrieve the current StackBounds from
12002 thread local storage, because in iOS WebKit both main thread and web thread could access the same JSGlobalData.
12003 We also need to skip consistency check in StackBounds if the current thread is not the thread that initially
12004 created this stack.
12006 * runtime/JSGlobalData.h:
12007 (JSC::JSGlobalData::stack): use StackBounds cached in thread local storage.
12008 * wtf/StackBounds.cpp:
12009 (WTF::StackBounds::checkConsistency): don't check consistency if the current thread is not the thread created this stack.
12010 * wtf/StackBounds.h:
12011 * wtf/WTFThreadData.cpp: initialize StackBounds for the current thread in iOS.
12012 (WTF::WTFThreadData::WTFThreadData):
12014 2011-02-24 David Kilzer <ddkilzer@apple.com>
12016 Part 3 of 3: <rdar://problem/9000689> Symlink JavaScriptCore.framework/Resources/jsc to /usr/local/bin/jsc
12018 Reviewed by David Carson.
12020 * JavaScriptCore.xcodeproj/project.pbxproj:
12021 (Copy Into Framework): For Production builds, create a relative
12022 symlink from JavaScriptCore.framework/Resources/jsc to
12023 /usr/local/bin/jsc.
12025 2011-02-24 David Kilzer <ddkilzer@apple.com>
12027 Part 2 of 3: <rdar://problem/9000689> Symlink JavaScriptCore.framework/Resources/jsc to /usr/local/bin/jsc
12029 Merged ToT WebKit r79131.
12031 * JavaScriptCore.xcodeproj/project.pbxproj: Set the INSTALL_PATH
12032 for the Production_Hardware configuration of jsc target and
12033 INSTALL_PATH_ACTUAL for the Production_Deployment confifguration.
12035 2011-02-19 David Kilzer <ddkilzer@apple.com>
12037 <http://webkit.org/b/54808> Change jsc target to build directly into JavaScriptCore.framework/Resources/jsc
12039 Reviewed by Dan Bernstein.
12041 * Configurations/Base.xcconfig: Added
12042 JAVASCRIPTCORE_FRAMEWORKS_DIR variable.
12043 * Configurations/JavaScriptCore.xcconfig: Used
12044 JAVASCRIPTCORE_FRAMEWORKS_DIR to define INSTALL_PATH.
12045 * JavaScriptCore.xcodeproj/project.pbxproj: Set the INSTALL_PATH
12046 for Production configuration of jsc target.
12047 (Copy Into Framework): Removed old build phase.
12048 (Fix Framework Reference): Renamed build phase to "Copy Into
12049 Framework". Added "set -x" call to make the script print the
12050 commands it is running. Added code to exit early for Production
12051 builds since this was never intended for them. Added code to
12052 copy jsc into the JavaScriptCore.framework/Resources directory.
12054 2011-02-24 David Kilzer <ddkilzer@apple.com>
12056 Part 1 of 3: <rdar://problem/9000689> Symlink JavaScriptCore.framework/Resources/jsc to /usr/local/bin/jsc
12058 Revert iOS WebKit r999313.
12060 * JavaScriptCore.xcodeproj/project.pbxproj:
12061 (Codesign jsc in Framework Bundle): Remove build phase script.
12063 2011-02-17 David Kilzer <ddkilzer@apple.com>
12065 <rdar://problem/8969982> Enable 3D_CANVAS once ANGLE is in the builds
12067 Reviewed by Joseph Pecoraro.
12069 Backed out puzzlebox svn r998105 plus fixes.
12071 * wtf/Platform.h: Re-enable 3D_CANVAS for iOS (but not armv6).
12073 2011-02-15 Pratik Solanki <psolanki@apple.com>
12075 <rdar://problem/9005073> INSTALL_PATH set incorrectly for Development_Hardware and other configurations
12077 Reviewed by David Kilzer.
12079 Do not set INSTALL_PATH to $(BUILT_PRODUCTS_DIR) - it sets the wrong install_name on
12080 frameworks and breaks loading.
12082 * JavaScriptCore.xcodeproj/project.pbxproj:
12084 2011-02-14 David Kilzer <ddkilzer@apple.com>
12086 <rdar://problem/9000068> Define INSTALL_PATH_ACTUAL for all iOS Simulator targets
12088 Reviewed by Joseph Pecoraro.
12090 INSTALL_PATH_ACTUAL must be defined for all iOS Simulator
12091 targets since it's used in more than just INSTALL_PATH.
12093 * Configurations/JavaScriptCore.xcconfig: Changed
12094 INSTALL_PATH_iphonesimulator to be defined as it is in
12095 IndigoSDK.xcconfig. Added INSTALL_PATH_ACTUAL and
12096 INSTALL_PATH_ACTUAL_iphonesimulator definitions to cover
12097 Development, Deployment and Production_Deployment configurations
12098 of the JavaScriptCore target.
12099 * JavaScriptCore.xcodeproj/project.pbxproj: Removed
12100 INSTALL_PATH_ACTUAL for the Production_Deployment configuration
12101 of the JavaScriptCore target. Added/updated INSTALL_PATH and
12102 INSTALL_PATH_ACTUAL definitions for Development, Deployment and
12103 Production_Deployment configurations of jsc, minidom and testapi
12106 2011-02-14 Pratik Solanki <psolanki@apple.com>
12108 <rdar://problem/8995444> Project file changes for Xcode 4
12110 Rubber-stamped by David Kilzer.
12112 Add SUPPORTED_PLATFORMS to indicate the platforms supported for each
12113 configuration. Also set the Base SDK to internal iPhoneOS for all iOS
12116 * JavaScriptCore.xcodeproj/project.pbxproj:
12118 2011-02-12 David Kilzer <ddkilzer@apple.com>
12120 <rdar://problem/8977538> /System/Library/PrivateFrameworks/JavaScriptCore.framework/Resources/jsc is missing JIT entitlement
12122 Rubber-stamped by David Carson.
12124 * JavaScriptCore.xcodeproj/project.pbxproj: Add a
12125 "Codesign jsc in Framework Bundle" build phase script.
12127 2011-02-11 Joseph Pecoraro <joepeck@webkit.org>
12129 Reviewed by David Kilzer.
12131 <rdar://problem/8992976> r999053 causes WebCore to have the wrong install_name
12133 Restore INSTALL_PATH_ACTUAL to prevent breaking
12134 LD_DYLIB_INSTALL_NAME_mh_dylib for Production_Deployment
12137 * JavaScriptCore.xcodeproj/project.pbxproj:
12139 2011-02-11 David Kilzer <ddkilzer@apple.com>
12141 <rdar://problem/8984033> Clean up INSTALL_PATH and INSTALL_PATH_ACUTAL in JavaScriptCore/WebCore/WebKit
12143 Reviewed by Joseph Pecoraro.
12145 There are two main fixes here:
12147 1. Define INSTALL_PATH in ProjectName.xcconfig for all
12148 platforms (iphoneos, iphonesimulator, macosx).
12150 2. Clean up the Xcode project file to define INSTALL_PATH only
12151 when the Mac OS X configurations (Debug, Release, Production)
12152 define it, or when a target doesn't use ProjectName.xcconfig to
12153 define INSTALL_PATH.
12155 In all cases we eschew INSTALL_PATH_ACTUAL in favor of using
12156 INDIGO_INSTALL_PATH_PREFIX for iOS Simulator configurations. The
12157 only exceptions are Development and Deployment configurations
12158 which always build into BUILT_PRODUCTS_DIR.
12160 * Configurations/JavaScriptCore.xcconfig: Define INSTALL_PATH
12162 * JavaScriptCore.xcodeproj/project.pbxproj: Clean up use of
12163 INSTALL_PATH and INSTALL_PATH_ACTUAL to match Mac OS X
12166 2011-02-11 Joseph Pecoraro <joepeck@webkit.org>
12168 Reviewed by Pratik Solanki.
12170 <rdar://problem/8967636> Re-enable JIT support for Telluride
12172 Re-enable the JIT. Patch by Gavin Barraclough.
12173 mmap won't normally allow RWX memory on iOS, if you request
12174 RWX it'll actually just give you RW. By passing MAP_JIT we
12177 * wtf/PageAllocation.h:
12178 (WTF::PageAllocation::systemAllocateAt): pass MAP_JIT when we want executable memory.
12181 2011-02-10 Joseph Pecoraro <joepeck@webkit.org>
12183 Reviewed by Geoffrey Garen.
12185 <rdar://problem/8978376> REGRESSION(9A126): Crash in JSC::DefaultGCActivityCallback::DefaultGCActivityCallback running jsc and scripter
12187 Normal DefaultGCActivity should happen on the runloop of the thread that creates
12188 the Heap. That way when timer based Garbage Collection needs to happen, it can
12189 safely happen on the runloop of the single thread that has access to that Heap.
12191 In r998045 I attempted to schedule all DefaultGCActivityCallback timers on a
12192 WebThreadRunLoop. This was incorrect because it did not correctly handle
12193 Workers that create separate Heaps on Worker threads, and also direct users
12194 of JavaScriptCore who don't even have WebThreads! That change is reverted here.
12196 This solution leaves the general case alone and more directly schedules Garbage
12197 Collection of WebCore's shared JSGlobalData (commonJSGlobalData) Heap on the
12198 WebThread's runloop. It does this by implementing a custom WebSafeGCActivityCallback,
12199 and sets that as the activity callback when the commonJSGlobalData is created.
12200 This custom callback is scheduled on the WebThread's run loop.
12202 I've tested this with scripter on a device (main thread using JSC without WebCore),
12203 and verified that this does not regress the Worker thread case which had an
12204 attempted fixed in r998436.
12206 Many of the changes here landed in ToT WebKit r78291 and r78292.
12208 * JavaScriptCore.exp: export the protected GCActivityCallback pieces.
12209 * JavaScriptCore.xcodeproj/project.pbxproj: export GCActivityCallback.h so WebCore can access it.
12210 * runtime/GCActivityCallback.h:
12211 * runtime/GCActivityCallbackCF.cpp:
12212 (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback): added a constructor that can specify the CFRunLoop.
12213 (JSC::DefaultGCActivityCallback::commonConstructor): common initialization with a heap and run loop.
12214 (JSC::DefaultGCActivityCallback::operator()):
12215 * wtf/iphone/WebCoreThread.cpp: no longer need access to WebThreadRunLoop.
12216 * wtf/iphone/WebCoreThread.h: no longer need access to WebThreadRunLoop.
12218 2011-02-08 Pratik Solanki <psolanki@apple.com>
12220 <rdar://problem/8972084> LayoutTest: DRT crash on fast/workers/worker-cloneport.html
12222 Reviewed by David Carson.
12224 GC triggered on Worker threads needs to occur on that thread. The code would try schedule
12225 all GCs on the web thread which caused assertions to be triggered when worker threads were
12226 used. Updated the code so that GC from main thread gets scheduled on the web thread but in
12227 all other cases GC runs on the same thread.
12229 * runtime/GCActivityCallbackCF.cpp:
12230 (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback):
12232 2011-02-07 Joseph Pecoraro <joepeck@webkit.org>
12234 Reviewed by David Carson.
12236 <rdar://problem/8969648> Disable 3D_CANVAS until ANGLE is in the builds
12238 * wtf/Platform.h: temporarily disable 3D_CANVAS.
12240 2011-02-07 Joseph Pecoraro <joepeck@webkit.org>
12242 Reviewed by Yongjun Zhang.
12244 WebKit Merge Stabilization
12246 Temporarily disable the JIT on Telluride.
12250 2011-02-04 Joseph Pecoraro <joepeck@webkit.org>
12252 Reviewed by Yongjun Zhang.
12254 WebKit Merge Stabilization
12256 Garbage collection happens on a CFRunLoop. We want to ensure
12257 that it happens on the WebThread's run loop, because otherwise
12258 there could be conflicts if the WebThread was doing work
12259 with the objects being collected.
12261 * JavaScriptCore.exp: export the function to be filled.
12262 * runtime/GCActivityCallbackCF.cpp:
12263 (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback): use the WebThreadRunLoop for Garbage Collection events.
12264 * wtf/iphone/WebCoreThread.cpp: expose a function to be filled by WebCore to get the WebThreadRunLoop.
12265 * wtf/iphone/WebCoreThread.h: expose a function to be filled by WebCore to get the WebThreadRunLoop.
12267 2011-02-04 Joseph Pecoraro <joepeck@webkit.org>
12269 Merge ToT WebKit r69096.
12271 2010-10-05 Oliver Hunt <oliver@apple.com>
12273 Reviewed by Darin Adler.
12275 REGRESSION(r68338): JavaScript error on PowerPC only (crashes on Interpreter built for x86_64)
12276 https://bugs.webkit.org/show_bug.cgi?id=46690
12278 Use the correct register value when initialising the arguments
12279 object in the interpreter. This is covered by existing tests.
12281 * interpreter/Interpreter.cpp:
12282 (JSC::Interpreter::privateExecute):
12284 2011-01-29 Cameron Zwarich <zwarich@apple.com>
12286 Remove a comment that suggests removing a call to strncpy(). strncpy() is the safe one!
12288 Reviewed by David Kilzer.
12290 * runtime/NumberPrototype.cpp:
12291 (JSC::integerPartNoExp):
12293 2011-01-29 Cameron Zwarich <zwarich@apple.com>
12297 Merge ToT WebKit r77065.
12299 2011-01-29 Cameron Zwarich <zwarich@apple.com>
12301 Reviewed by Oliver Hunt.
12303 JavaScriptCoreUseJIT environment variable broken
12304 https://bugs.webkit.org/show_bug.cgi?id=53372
12306 * runtime/JSGlobalData.cpp:
12307 (JSC::JSGlobalData::JSGlobalData): Check the actual value in the string returned
12308 by getenv() rather than just doing a NULL check on the return value.
12310 2011-01-28 Gavin Barraclough <barraclough@apple.com>
12312 Reviewed by Geoff Garen.
12314 <rdar://problem/8902297> REGRESSION: After loading ~100 websites,
12315 Safari often crashes due to executable memory limit (8F162)
12317 The crashes here seem to come from external fragmentation in the
12318 FixedVMPoolAllocator. Switch from best fit to first fit.
12320 * jit/ExecutableAllocatorFixedVMPool.cpp:
12321 (JSC::AllocationTableSizeClass::AllocationTableSizeClass):
12322 (JSC::AllocationTableSizeClass::blockSize):
12323 (JSC::AllocationTableSizeClass::blockCount):
12324 (JSC::AllocationTableSizeClass::blockAlignment):
12325 (JSC::AllocationTableSizeClass::size):
12326 (JSC::AllocationTableLeaf::AllocationTableLeaf):
12327 (JSC::AllocationTableLeaf::~AllocationTableLeaf):
12328 (JSC::AllocationTableLeaf::allocate):
12329 (JSC::AllocationTableLeaf::free):
12330 (JSC::AllocationTableLeaf::isEmpty):
12331 (JSC::AllocationTableLeaf::isFull):
12332 (JSC::AllocationTableLeaf::size):
12333 (JSC::AllocationTableLeaf::classForSize):
12334 (JSC::AllocationTableLeaf::dump):
12335 (JSC::LazyAllocationTable::LazyAllocationTable):
12336 (JSC::LazyAllocationTable::~LazyAllocationTable):
12337 (JSC::LazyAllocationTable::allocate):
12338 (JSC::LazyAllocationTable::free):
12339 (JSC::LazyAllocationTable::isEmpty):
12340 (JSC::LazyAllocationTable::isFull):
12341 (JSC::LazyAllocationTable::size):
12342 (JSC::LazyAllocationTable::dump):
12343 (JSC::LazyAllocationTable::classForSize):
12344 (JSC::AllocationTableDirectory::AllocationTableDirectory):
12345 (JSC::AllocationTableDirectory::~AllocationTableDirectory):
12346 (JSC::AllocationTableDirectory::allocate):
12347 (JSC::AllocationTableDirectory::free):
12348 (JSC::AllocationTableDirectory::isEmpty):
12349 (JSC::AllocationTableDirectory::isFull):
12350 (JSC::AllocationTableDirectory::size):
12351 (JSC::AllocationTableDirectory::classForSize):
12352 (JSC::AllocationTableDirectory::dump):
12353 (JSC::FixedVMPoolAllocator::FixedVMPoolAllocator):
12354 (JSC::FixedVMPoolAllocator::alloc):
12355 (JSC::FixedVMPoolAllocator::free):
12356 (JSC::FixedVMPoolAllocator::isValid):
12357 (JSC::FixedVMPoolAllocator::release):
12358 (JSC::FixedVMPoolAllocator::reuse):
12359 (JSC::FixedVMPoolAllocator::classForSize):
12360 (JSC::FixedVMPoolAllocator::offsetToPointer):
12361 (JSC::FixedVMPoolAllocator::pointerToOffset):
12362 (JSC::ExecutableAllocator::isValid):
12363 (JSC::ExecutablePool::systemAlloc):
12364 (JSC::ExecutablePool::underMemoryPressure):
12366 2011-01-21 David Kilzer <ddkilzer@apple.com>
12368 <rdar://problem/8098953> Use PLATFORM(IOS) instead of PLATFORM(IPHONE) in WebKit
12370 Reviewed by Joseph Pecoraro.
12372 The following macros have been renamed:
12374 ENABLE(IPHONE_PPT) => ENABLE(IOS_PPT)
12375 OS(IPHONE_OS) => OS(IOS)
12376 PLATFORM(IPHONE) => PLATFORM(IOS)
12377 PLATFORM(IPHONE_SIMULATOR) => PLATFORM(IOS_SIMULATOR)
12379 The following Xcode variable (in FeatureDefines.xcconfig and
12380 elsewhere) has been renamed:
12382 ENABLE_IOS_PPT => ENABLE_IOS_PPT
12383 WTF_PLATFORM_IPHONE => WTF_PLATFORM_IOS
12385 [File list elided.]
12387 2011-01-05 Gavin Barraclough <barraclough@apple.com>
12389 Reviewed by Darin Adler.
12391 <rdar://problem/8810722>
12392 MobileSafari: chews up all memory when loading maps.google.com due to ARM codegen bug
12394 The bug here is that zeroDouble was working inforrectly,
12395 leading to op_loop_if_true failing - specifically in the
12396 case where the value being checked is 0.0 encoded as a
12397 double (rather than an integer immediate).
12399 This was resulting in an infinite loop pushing to an array
12400 on maps.google.com, and ultimately memory exhaustion.
12402 Additionally this patch removes a redundant duplicate compare
12403 in some (many) case.
12405 * assembler/ARMv7Assembler.h:
12406 (JSC::ARMv7Assembler::vcmp_F64):
12407 (JSC::ARMv7Assembler::vcmpz_F64):
12408 Added support for VCMPZ.
12409 * assembler/MacroAssemblerARM.h:
12410 (JSC::MacroAssemblerARM::branchDoubleNotEqual):
12411 Changing the interface to benefit ARMv7.
12412 (JSC::MacroAssemblerARM::branchDoubleEqualOrUnordered):
12413 Changing the interface to benefit ARMv7.
12414 * assembler/MacroAssemblerARMv7.h:
12415 (JSC::MacroAssemblerARMv7::branchDoubleNotEqual):
12416 Combine these operations, to make use of VMCPZ.
12417 (JSC::MacroAssemblerARMv7::branchDoubleEqualOrUnordered):
12418 Combine these operations, to make use of VMCPZ.
12419 (JSC::MacroAssemblerARMv7::compare32):
12420 remove redundant duplicate compare.
12421 * assembler/MacroAssemblerX86Common.h:
12422 (JSC::MacroAssemblerX86Common::branchDoubleNotEqual):
12423 Changing the interface to benefit ARMv7.
12424 (JSC::MacroAssemblerX86Common::branchDoubleEqualOrUnordered):
12425 Changing the interface to benefit ARMv7.
12426 * jit/JITOpcodes32_64.cpp:
12427 (JSC::JIT::emit_op_jfalse):
12428 Switch to use branchDoubleEqualOrUnordered.
12429 (JSC::JIT::emit_op_jtrue):
12430 Switch to use branchDoubleNotEqual.
12432 2010-12-17 Gavin Barraclough <barraclough@apple.com>
12434 Reviewed by Geoff Garen.
12436 <rdar://problem/8781129>
12437 Deeply nested JS expressions can exhaust the stack
12438 (jsc-tests js1_5/Regress/regress-96526-002.js)
12440 The stack recursion limit is too high for iOS.
12441 For now, fix this bug by adjusting the limits and accelerating
12442 the rate we increment in certain functions which require large
12443 frames. In the longer term we should actually check stack usage.
12445 * bytecompiler/BytecodeGenerator.h:
12446 (JSC::IncreaseEmitNodeDepth::IncreaseEmitNodeDepth):
12447 (JSC::IncreaseEmitNodeDepth::~IncreaseEmitNodeDepth):
12448 * bytecompiler/NodesCodegen.cpp:
12449 (JSC::BinaryOpNode::emitStrcat):
12450 (JSC::ForInNode::emitBytecode):
12451 (JSC::TryNode::emitBytecode):
12453 2010-12-16 Pratik Solanki <psolanki@apple.com>
12455 <rdar://problem/8737284> Investigate time spent in sys_icache_invalidate and sys_dcache_flush
12457 Merged ToT WebKit r74210.
12459 2010-12-16 Pratik Solanki <psolanki@apple.com>
12461 Reviewed by Geoffrey Garen.
12463 https://bugs.webkit.org/show_bug.cgi?id=51166
12464 ExecutableAllocator::cacheFlush should call sys_cache_control
12466 * jit/ExecutableAllocator.h:
12467 (JSC::ExecutableAllocator::cacheFlush): Use the more correct and forward looking API -
12468 sys_cache_control(kCacheFunctionPrepareForExecution,...).
12470 2010-12-15 Geoffrey Garen <ggaren@apple.com>
12472 Reviewed by Pratik Solanki.
12474 Fixed incorrect #ifdef in Gavin's last patch.
12476 * runtime/RegExpCache.h: Use PLATFORM(IPHONE), since PLATFORM(IOS) doesn't
12477 exist on the Durango branch.
12479 2010-12-14 Pratik Solanki <psolanki@apple.com>
12481 <rdar://problem/8771026> Merge r68764 - Remove unnecessary cacheFlush calls from thumb-2
12483 Merged ToT WebKit r68764.
12485 2010-09-30 Gabor Loki <loki@webkit.org>
12487 Reviewed by Csaba Osztrogonác.
12489 Remove unnecessary cacheFlush calls from Thumb-2
12490 https://bugs.webkit.org/show_bug.cgi?id=46702
12492 * assembler/ARMv7Assembler.h:
12493 (JSC::ARMv7Assembler::relinkCall):
12494 (JSC::ARMv7Assembler::repatchInt32):
12495 (JSC::ARMv7Assembler::repatchPointer):
12497 2010-12-14 Gavin Barraclough <barraclough@apple.com>
12499 Reviewed by Geoff Garen.
12501 <rdar://problem/8765333> CRASH running out of executable memory, loading io9.com
12503 The problem here is that each page uses a reasonable amount of memory, (~4Mb),
12504 and that when miultiple pages are open we keep all JIT code for all functions
12505 in all pages alive.
12507 Add a check to detect high memory pressure situations in the executable allocator
12508 (>50% of available memory allocated), and upon a top level entry into JSC (no code
12509 running on the stack) in this situation throw away all JIT code.
12511 * JavaScriptCore.exp:
12512 * debugger/Debugger.cpp:
12513 (JSC::Debugger::recompileAllJSFunctions): stop passing exec to recompile.
12514 * jit/ExecutableAllocator.h:
12515 * jit/ExecutableAllocatorFixedVMPool.cpp:
12516 (JSC::ExecutablePool::systemAlloc): Count allocations.
12517 (JSC::ExecutablePool::systemRelease): Count deallocations.
12518 (JSC::ExecutablePool::underMemoryPressure): Check memory pressure.
12519 * jit/ExecutableAllocatorPosix.cpp:
12520 (JSC::ExecutablePool::underMemoryPressure): Stub out; only meaningful with FixedVMPool.
12521 * jit/ExecutableAllocatorWin.cpp:
12522 (JSC::ExecutablePool::underMemoryPressure): Stub out; only meaningful with FixedVMPool.
12523 * runtime/Executable.cpp:
12524 (JSC::FunctionExecutable::recompile): Remove ExecState argument to recompile.
12525 * runtime/Executable.h:
12526 * runtime/JSGlobalData.cpp:
12527 (JSC::JSGlobalData::recompileAllJSFunctions): throws away all JIT code.
12528 * runtime/JSGlobalData.h:
12529 * runtime/JSGlobalObject.h:
12530 (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope): add check / call to throw away.
12532 2010-12-14 Gavin Barraclough <barraclough@apple.com>
12534 Reviewed by Geoff Garen.
12536 <rdar://problem/8241425> JIT executable memory excessive usage due to regex caching
12538 Reduce the amount of memory the RegExpCache can hold on to.
12539 Currently the RegExpCache can hold 256 RegExp objects. If each falls into a separate
12540 ExecutablePool, with a common size of 16Kb, this means we end up holding onto 4Mb of
12541 memory. Firstly, we can reduce this by simply reducing the size of the cache to 32
12542 entries. Secondly, we can use a separate set of ExecutablePools for JIT code generated
12543 from RegExp objects. This helps in two ways (1) it increases the probability that
12544 RegExps in the cache share the same pool, and (2) it means that a RegExp can't end
12545 up holding on to a large ExecutablePool containing a translation of JS code.
12546 (A RegExp could end up keeping a larger RegExp alive that happened to be sharing the
12547 same pool, but large RegExp patterns are less common).
12549 * runtime/JSGlobalData.h:
12550 * runtime/RegExpCache.h:
12551 * yarr/RegexJIT.cpp:
12552 (JSC::Yarr::RegexGenerator::compile):
12554 2010-12-14 Cameron Zwarich <zwarich@apple.com>
12556 <rdar://problem/8762579> JavaScriptCore should build successfully with Clang
12560 Merge Clang build fix r74029 from Open Source.
12562 2010-12-13 Cameron Zwarich <zwarich@apple.com>
12564 Reviewed by Eric Seidel.
12566 Clang fails to build the JSC interpreter
12567 https://bugs.webkit.org/show_bug.cgi?id=51016
12569 Clang does not allow indirect gotos out of scopes with cleanup. GCC 4.2 allows
12570 them, but it does not correctly generate the cleanup, causing a leak if the
12571 cleanup decrements a reference count.
12573 * interpreter/Interpreter.cpp:
12574 (JSC::Interpreter::privateExecute): Put an Identifier into its own scope.
12576 * interpreter/Interpreter.cpp:
12577 (JSC::Interpreter::privateExecute):
12579 2010-12-13 Cameron Zwarich <zwarich@apple.com>
12581 <rdar://problem/8762579> JavaScriptCore should build successfully with Clang
12585 Merge Clang build fix r73981 from Open Source.
12587 2010-12-13 Cameron Zwarich <zwarich@apple.com>
12589 Reviewed by Gavin Barraclough.
12591 JavaScriptCore should not use "asm volatile" outside of a function
12592 https://bugs.webkit.org/show_bug.cgi?id=50991
12594 * jit/JITStubs.cpp: Remove the volatile keyword from asm statements.
12596 * jit/JITStubs.cpp:
12598 2010-12-13 Cameron Zwarich <zwarich@apple.com>
12600 <rdar://problem/8762579> JavaScriptCore should build successfully with Clang
12604 Merge Clang build fix r61203 from Open source.
12606 2010-06-15 Anders Carlsson <andersca@apple.com>
12608 Reviewed by Sam Weinig.
12610 Make JavaScriptCore build with clang++.
12612 * jit/JITInlineMethods.h:
12613 (JSC::JIT::emitPutVirtualRegister):
12614 Explicitly cast to an int.
12616 * yarr/RegexCompiler.cpp:
12617 (JSC::Yarr::compileRegex):
12618 Return 0 instead of false.
12620 * jit/JITInlineMethods.h:
12621 (JSC::JIT::emitPutVirtualRegister):
12622 * yarr/RegexCompiler.cpp:
12623 (JSC::Yarr::compileRegex):
12625 2010-12-13 Cameron Zwarich <zwarich@apple.com>
12627 <rdar://problem/8762579> JavaScriptCore should build successfully with Clang
12631 Merge Clang build fixes r63578, r73465, and r73467 from Open Source.
12633 2010-07-16 Anders Carlsson <andersca@apple.com>
12635 Reviewed by Sam Weinig.
12637 clang++ build fixes for JavaScriptCore and WebCore
12638 https://bugs.webkit.org/show_bug.cgi?id=42478
12640 * runtime/RegExpKey.h:
12642 Move the RegExpKey equals operator into the JSC namespace so it can be found by ADL.
12644 2010-12-07 Anders Carlsson <andersca@apple.com>
12646 Reviewed by Darin Adler.
12649 https://bugs.webkit.org/show_bug.cgi?id=50645
12651 Explicitly cast offset to int.
12653 * pcre/pcre_ucp_searchfuncs.cpp:
12654 (jsc_pcre_ucp_othercase):
12656 2010-12-07 Anders Carlsson <andersca@apple.com>
12658 Build fix follow up build fix.
12660 * pcre/pcre_ucp_searchfuncs.cpp:
12661 (jsc_pcre_ucp_othercase):
12663 * pcre/pcre_ucp_searchfuncs.cpp:
12664 (jsc_pcre_ucp_othercase):
12665 * runtime/RegExpKey.h:
12668 2010-12-05 David Kilzer <ddkilzer@apple.com>
12670 <rdar://problem/8185630> jsc, minidom and testapi should be built with the entitlement that allows the JIT
12672 Reviewed by Cameron Zwarich.
12674 * JavaScriptCore.xcodeproj/project.pbxproj: Added entitlement to
12675 jsc, minidom and testapi targets for the Development_Hardware,
12676 Deployment_Hardware and Production_Hardware configurations.
12677 * entitlements.plist: Added.
12679 2010-11-17 Pratik Solanki <psolanki@apple.com>
12681 <rdar://problem/6264399> Connect WebKit to memory notifications for all apps
12683 Reviewed by David Kilzer.
12685 * JavaScriptCore.exp: Add JSGlobalData::sharedInstanceExists to export list.
12687 2010-11-12 David Kilzer <ddkilzer@apple.com>
12689 <rdar://problem/8655073> Default to armv7 for JavaScriptCore, WebCore, WebKitSystemInterface, WebKit hardware builds
12691 Reviewed by David Carson.
12693 * Configurations/DebugRelease.xcconfig: Make armv7 the default
12694 for hardware builds.
12696 2010-10-28 Joseph Pecoraro <joepeck@webkit.org>
12698 Reviewed by Pratik Solanki, David Kilzer, Ian Henderson, and Yongjun Zhang.
12700 <rdar://problem/5900435> Image limiting in WebKit is too aggressive
12702 Add a new ENABLE flag for a DISK_IMAGE_CACHE feature. This feature
12703 will allow us to memory map images that are taking up a large
12704 amount of memory on the page and in the Cache. It is disabled by
12705 default and enabled for iOS.
12709 2010-11-02 David Kilzer <ddkilzer@apple.com>
12711 <rdar://problem/8620879> contenteditable support should only be enabled for Telluride or later
12713 Reviewed by Ian Henderson.
12715 Renamed ENABLE_CONTENTEDITABLE to ENABLE_IOS_CONTENTEDITABLE
12716 since this macro is only used on iOS WebKit.
12718 * wtf/Platform.h: Added IOS_5_0_OR_LATER macro. Changed
12719 ENABLE_IOS_CONTENTEDITABLE to only be enabled for iOS 5.0 or
12722 2010-10-19 Pratik Solanki <psolanki@apple.com>
12724 <rdar://problem/6592830> Enable HTML5 Worker threads
12726 Reviewed by David Kilzer.
12728 * Configurations/FeatureDefines.xcconfig: Enable WORKERS, SHARED_WORKERS and
12730 * JavaScriptCore.exp:
12731 * wtf/ThreadSpecific.h:
12732 (WTF::::replace): Added. Allows caller to replace the thread-specific data with
12735 2010-10-10 Pratik Solanki <psolanki@apple.com>
12737 <rdar://problem/8502487> Seed: Safari consistently crashes when using .pac file for proxy
12739 Reviewed by Geoff Garen and Alexey Proskuryakov.
12741 We need a per-thread WTFThreadData so that JavaScript executing on a
12742 different thread does not use the IdentifierTable for the main thread.
12743 Otherwise pac file processing on the CFNetwork thread can result in a
12744 crash when JavaScript is running on the WebThread.
12746 But we have to take care that JavaScript running on the main thread and
12747 the web thread access a shared IdentifierTable. Similarly for
12748 AtomicStringTable - we have a shared AtomicStringTable between the two
12751 * wtf/MainThread.h:
12752 * wtf/WTFThreadData.cpp:
12753 (WTF::WTFThreadData::WTFThreadData):
12754 * wtf/WTFThreadData.h:
12755 * wtf/mac/MainThreadMac.mm:
12756 (WTF::isWebThread):
12757 * wtf/text/AtomicString.cpp:
12758 (WebCore::AtomicStringTable::create):
12760 2010-10-08 David Kilzer <ddkilzer@apple.com>
12762 Move *.order files into the SDKROOT for iOS
12764 Reviewed by David Carson.
12766 Fixes: <rdar://problem/8454660> JavaScriptCore: Move order files to AppleInternal/OrderFiles
12768 * Configurations/Base.xcconfig: Updated SECTORDER_FLAGS_iphoneos
12769 to point to JavaScriptCore.order in the SDKROOT. Removed
12770 SECTORDER_FLAGS_iphonesimulator since the *.order files are only
12771 installed in the iPhoneOS.Internal SDK and we don't care about
12772 Simluator performace.
12773 * JavaScriptCore.iPhone.order: Removed.
12775 2010-10-03 David Kilzer <ddkilzer@apple.com>
12777 <rdar://problem/8507290> iOS: [INTERPRETER] Two tests fail with SputnikError: #1.1: if argArray is neither an array nor an arguments object (see 10.1.8), a TypeError exception is thrown (44245)
12779 Merged ToT WebKit r68076.
12781 2010-09-22 Oliver Hunt <oliver@apple.com>
12783 Reviewed by Gavin Barraclough.
12785 [INTERPRETER] Two tests fail with SputnikError: #1.1: if argArray is neither an array nor an arguments object (see 10.1.8), a TypeError exception is thrown
12786 https://bugs.webkit.org/show_bug.cgi?id=44245
12788 Remove incorrect code from op_load_varargs in the interpreter.
12790 * interpreter/Interpreter.cpp:
12791 (JSC::Interpreter::privateExecute):
12793 2010-10-01 David Kilzer <ddkilzer@apple.com>
12795 <rdar://problem/7826910> iOS: Integer overflows in WebCore: StringBuffer.h
12797 Merged ToT WebKit r68812.
12799 2010-09-29 Sam Weinig <sam@webkit.org>
12801 Reviewed by Darin Adler.
12803 Add additional checks to StringBuffer.
12804 <rdar://problem/7756381>
12806 * wtf/text/StringBuffer.h:
12807 (WTF::StringBuffer::StringBuffer):
12808 (WTF::StringBuffer::resize):
12810 2010-10-01 Pratik Solanki <psolanki@apple.com>
12812 <rdar://problem/8498709> ALWAYS_INLINE should be specified on the function declaration
12816 2010-10-01 Pratik Solanki <psolanki@apple.com>
12818 Reviewed by Geoffrey Garen.
12819 Specify ALWAYS_INLINE at function declaration not function definition
12820 https://bugs.webkit.org/show_bug.cgi?id=46960
12822 For functions defined with ALWAYS_INLINE, add the attribute to the declaration as well.
12824 * bytecompiler/BytecodeGenerator.h:
12825 * wtf/FastMalloc.cpp:
12827 2010-09-27 Gavin Barraclough <barraclough@apple.com>
12829 Reviewed by Darin Adler.
12831 <rdar://problem/8362752> REGRESSION: ~6.4% sunspider regression in interpreter on iphone due to 54925
12832 Random fluctuations in interpreter performance due to function inlining. :-(
12833 Stop inlining some functions to make the interpreter build happier.
12835 This change tracked in opensource by https://bugs.webkit.org/show_bug.cgi?id=46680 (landed in r68455).
12837 * interpreter/Interpreter.cpp:
12838 (JSC::concatenateStrings):
12839 (JSC::Interpreter::privateExecute):
12841 2010-09-24 David Kilzer <ddkilzer@apple.com>
12843 <rdar://problem/8362956> REGRESSION: ~9.6% sunspider regression in interpreter on iphone due to 55564
12845 Merged ToT WebKit r68212.
12847 This merges the changes made to open source WebKit back to iOS
12848 WebKit. There is no change in functionality.
12850 2010-09-23 David Kilzer <ddkilzer@apple.com>
12852 <rdar://problem/8460731> ~9.9% speedup when compiling interpreter with llvm-gcc-4.2
12853 https://bugs.webkit.org/show_bug.cgi?id=46423
12855 Reviewed by Oliver Hunt.
12857 * interpreter/Interpreter.cpp:
12858 (JSC::Interpreter::privateExecute): Disable the gcc computed
12859 goto hacks added in r55564 when compiling with llvm-gcc-4.2.
12861 2010-09-22 Pratik Solanki <psolanki@apple.com>
12863 Reviewed by Cameron Zwarich.
12865 <rdar://problem/8338046> Use _pthread_getspecific_direct in FastMalloc for 1.3% JS iBench speed boost.
12867 * wtf/Platform.h: Enable pthread_getspecific for all iOS versions now
12868 that the blocking radar is fixed.
12870 2010-09-21 David Kilzer <ddkilzer@apple.com>
12872 <rdar://problem/8459236> iOS: REGRESSION: ~1.4% sunspider regression in interpreter on iphone due to 54724 and 54596
12874 Merged ToT WebKit r67972.
12876 2010-09-21 Geoffrey Garen <ggaren@apple.com>
12878 Reviewed by Oliver Hunt.
12880 <rdar://problem/8363003> REGRESSION: ~1.4% sunspider regression in
12881 interpreter due to 54724 and 54596
12883 Fixed a typo (using "UNLIKELY" instead of "LIKELY").
12885 * wtf/PassRefPtr.h:
12886 (WTF::refIfNotNull):
12887 (WTF::derefIfNotNull): It is likely that m_ptr != 0 because most RefPtrs
12888 hold real data. Also, in cases where they do not hold real data, the
12889 compiler usually sees a call to release() right before the call to the
12890 destructor, so it can probably optimize out the test completely.
12892 2010-09-15 David Kilzer <ddkilzer@apple.com>
12894 Remove unnecessary HEADER_SEARCH_PATHS variables from Xcode project
12896 Reviewed by Paul Knight.
12898 * JavaScriptCore.xcodeproj/project.pbxproj: Removed
12899 HEADER_SEARCH_PATHS variables that overrode the value in
12900 Configurations/Base.xcconfig.
12902 2010-09-10 Dean Jackson <dino@apple.com>
12904 Reviewed by David Carson.
12906 <rdar://problem/8414203> Turn WebGL on in compile, but only enable via private API
12908 Add ENABLE_CANVAS_3D to FeatureDefines for iOS.
12909 Also, turned on compilation for armv7 but off for armv6 in Platform.h. This
12910 will stop hardware that doesn't support GLES 2.0 from compiling the code in.
12912 * Configurations/FeatureDefines.xcconfig:
12915 2010-09-02 Yongjun Zhang <yongjun_zhang@apple.com>
12917 <rdar://problem/8347745> iOS: REGRESSION (r62896): Interpreter incorrectly excludes prototype chain when validating put_by_id_transition (44240)
12919 Merged ToT WebKit r65847.
12921 2010-08-23 Oliver Hunt <oliver@apple.com>
12923 Reviewed by Darin Adler.
12925 [REGRESSION] Interpreter incorrectly excludes prototype chain when validating put_by_id_transition
12926 https://bugs.webkit.org/show_bug.cgi?id=44240
12927 <rdar://problem/8328995>
12929 Fix an error I introduced when cleaning up the interpreter side of the logic
12930 to prevent setters being called in object initialisers.
12932 * interpreter/Interpreter.cpp:
12933 (JSC::Interpreter::privateExecute):
12935 2010-09-02 Yongjun Zhang <yongjun_zhang@apple.com>
12937 <rdar://problem/6068284> iOS: Improve Safari protection against JavaScript hijacking Object literal notation
12939 Merged ToT WebKit r62896.
12941 * interpreter/Interpreter.cpp: Changed codeBlock to callFrame->codeBlock() since local variable codeBlock is added in an earlier patch.
12943 2010-07-08 Oliver Hunt <oliver@apple.com>
12945 Reviewed by Sam Weinig.
12947 Property declarations in an object literal should not consider the prototype chain when being added to the new object
12948 https://bugs.webkit.org/show_bug.cgi?id=41929
12950 To fix this all we need to do is ensure that all new properties are
12951 added with putDirect rather than a fully generic call to put. This
12952 is safe as an object literal is by definition going to produce a
12953 completely normal object.
12955 Rather than duplicating all the put_by_id logic we add an additional
12956 flag to op_put_by_id to indicate it should be using putDirect. In
12957 the interpreter this adds a runtime branch, but in the jit this is
12958 essentially free as the branch is taken at compile time. This does
12959 actually improve object literal creation time even in the interpreter
12960 as we no longer need to walk the prototype chain to verify that the
12961 cached put is safe.
12963 We still emit normal put_by_id code when emitting __proto__ as we want
12964 to get the correct handling for changing the prototype.
12966 Sunspider claims this is a 0.7% speedup which is conceivably real due
12967 to the performance improvement in object literals, but I suspect its
12968 really just the result of code motion.
12970 * bytecode/Opcode.h:
12971 * bytecompiler/BytecodeGenerator.cpp:
12972 (JSC::BytecodeGenerator::emitPutById):
12973 (JSC::BytecodeGenerator::emitDirectPutById):
12974 * bytecompiler/BytecodeGenerator.h:
12975 * bytecompiler/NodesCodegen.cpp:
12976 (JSC::PropertyListNode::emitBytecode):
12977 * interpreter/Interpreter.cpp:
12978 (JSC::Interpreter::privateExecute):
12980 (JSC::JIT::compilePutByIdTransition):
12981 * jit/JITPropertyAccess.cpp:
12982 (JSC::JIT::emit_op_put_by_id):
12983 (JSC::JIT::emitSlow_op_put_by_id):
12984 (JSC::JIT::privateCompilePutByIdTransition):
12985 (JSC::JIT::patchPutByIdReplace):
12986 * jit/JITPropertyAccess32_64.cpp:
12987 (JSC::JIT::emitSlow_op_put_by_id):
12988 (JSC::JIT::privateCompilePutByIdTransition):
12989 (JSC::JIT::patchPutByIdReplace):
12990 * jit/JITStubs.cpp:
12991 (JSC::JITThunks::tryCachePutByID):
12992 (JSC::DEFINE_STUB_FUNCTION):
12995 * runtime/JSGlobalData.cpp:
12996 (JSC::JSGlobalData::JSGlobalData):
12997 * runtime/JSObject.h:
12998 (JSC::JSObject::putDirect):
12999 (JSC::JSValue::putDirect):
13000 * runtime/JSValue.h:
13002 2010-08-31 Dean Jackson <dino@apple.com>
13004 Reviewed by Chris Marrin
13006 <rdar://problem/7557398> iOS: Implement WebGL
13008 * Configurations/FeatureDefines.xcconfig:
13009 - ENABLE_3D_CANVAS defines
13011 2010-08-30 Pratik Solanki <psolanki@apple.com>
13013 <rdar://problem/8348440> Disable purgeable memory for N82 and N72
13015 Reviewed by David Carson.
13019 2010-08-28 Pratik Solanki <psolanki@apple.com>
13021 Part of <rdar://problem/8348440> Disable purgeable memory for N82 and N72
13023 Merged ToT WebKit r66301.
13025 2010-08-28 Pratik Solanki <psolanki@apple.com>
13027 Reviewed by Dan Bernstein.
13029 Add an ENABLE define for purgeable memory support
13030 https://bugs.webkit.org/show_bug.cgi?id=44777
13034 2010-08-27 Oliver Hunt <oliver@apple.com>
13036 Reviewed by Joe Pecoraro.
13038 REGRESSION: ~9.6% sunspider regression in interpreter on iphone due to 55564
13039 <rdar://problem/8362956>
13041 llvm-gcc has its own version of pathological badness in Interpreter::privateExecute
13042 that is caused by the computed goto jumps we do to appease gcc. This patch disables
13043 the gcc hacks when compiling with llvm-gcc and gives us back 8.7% -- completely removing
13044 r55564 and related patches only gets us 8.5% so i assume that the 8.7% win here
13045 is completely getting rid of this regression.
13047 * interpreter/Interpreter.cpp:
13048 (JSC::Interpreter::privateExecute):
13050 2010-08-26 David Kilzer <ddkilzer@apple.com>
13052 <rdar://problem/8208495> iOS: Multiplication overflow in JavaScriptCore StringImpl::replace() (42502)
13054 Merged ToT WebKit r66119.
13056 2010-08-25 Oliver Hunt <oliver@apple.com>
13058 Reviewed by Geoffrey Garen.
13060 Improve overflow handling in StringImpl::Replace
13061 https://bugs.webkit.org/show_bug.cgi?id=42502
13062 <rdar://problem/8203794>
13064 Harden StringImpl::replace against overflow -- I can't see how this
13065 could be abused, but it's better to be safe than sorry.
13067 * wtf/text/StringImpl.cpp:
13068 (WTF::StringImpl::replace):
13070 2010-08-25 Joseph Pecoraro <joepeck@webkit.org>
13072 Reviewed by David Kilzer.
13074 <rdar://problem/8327102> Disable Compile Time INSPECTOR Flag for N82
13076 * wtf/Platform.h: Disable ENABLE_INSPECTOR flag for ARMv6 devices like N82.
13078 2010-08-25 David Kilzer <ddkilzer@apple.com>
13080 <rdar://problem/8171034> iOS: [JSC] Math.random is predictable which may lead to cross-domain information leakage and temporary user tracking attacks (41868)
13082 Merged ToT WebKit r65947.
13084 * wtf/RandomNumber.h: Merged part of ToT WebKit r58941.
13086 2010-08-24 Oliver Hunt <oliver@apple.com>
13088 Reviewed by Geoff Garen.
13090 Don't seed the JS random number generator from time()
13091 https://bugs.webkit.org/show_bug.cgi?id=41868
13092 <rdar://problem/8171025>
13094 Switch to using the secure random number generator to
13095 seed the fast random generator, and make the generator
13096 be per global object.
13098 * runtime/JSGlobalData.cpp:
13099 (JSC::JSGlobalData::JSGlobalData):
13100 * runtime/JSGlobalData.h:
13101 * runtime/JSGlobalObject.h:
13102 (JSC::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData):
13103 (JSC::JSGlobalObject::weakRandomNumber):
13104 * runtime/MathObject.cpp:
13105 (JSC::mathProtoFuncRandom):
13107 2010-08-24 David Kilzer <ddkilzer@apple.com>
13109 <rdar://problem/8344233> iOS: JSON.stringify is much slower than Firefox on particular pathological input
13111 Merged ToT WebKit r65834.
13113 2010-08-23 Oliver Hunt <oliver@apple.com>
13115 Reviewed by Gavin Barraclough.
13117 JSON.stringify is much slower than Firefox on particular pathological input
13118 https://bugs.webkit.org/show_bug.cgi?id=44456
13120 Make StringBuilder::reserveCapacity reserve additional space so we don't end up
13121 repeatedly copying the entire result string.
13123 * runtime/StringBuilder.h:
13124 (JSC::StringBuilder::append):
13125 (JSC::StringBuilder::reserveCapacity):
13127 2010-08-23 Gavin Barraclough <barraclough@apple.com>
13129 Reviewed by Dave Carson.
13131 <rdar://problem/8283061> Enable JIT support for Durango
13136 2010-08-20 Pratik Solanki <psolanki@apple.com>
13138 <rdar://problem/8025275> iOS: Use _pthread_getspecific_direct or __thread in FastMalloc for 1.3% JS iBench speed boost.
13140 Reviewed by David Carson.
13142 Use the SPI pthread_getspecific_direct() a small perf win. Sunspider
13143 scores improves by about 0.5% overall, string subsection improves by
13146 * wtf/FastMalloc.cpp:
13147 (WTF::TCMalloc_ThreadCache::InitTSD):
13150 2010-08-19 Joseph Pecoraro <joepeck@webkit.org>
13152 Reviewed by David Kilzer.
13154 <rdar://problem/8327102> Disable Compile Time INSPECTOR Flag for N82
13156 * wtf/Platform.h: Disable ENABLE_INSPECTOR flag for ARMv6 devices like N82.
13158 2010-08-17 Enrica Casucci <enrica@apple.com>
13160 Reviewed by David Kilzer.
13162 <rdar://problem/5245015>
13163 Support WYSIWYG DHTML contentEditable editing areas (Google docs are not editable on P2)
13165 * wtf/Platform.h: Added ENABLE_CONTENTEDITABLE for iOS 4.3 or later.
13167 2010-08-17 Gavin Barraclough <barraclough@apple.com>
13169 Reviewed by David Kilzer.
13171 <rdar://problem/8283060> Disable JIT support for Jasper
13174 Change the ENABLE_JIT define so the JIT is compiled out. This change disables the
13175 JIT on all PLATFORM(IPHONE) builds, but leaves the settings in place (guarded by
13176 a '&& 0') to be able to quickly reenable when the blocking bug to enabling the
13177 JIT for Durango is fixed.
13179 2010-08-17 David Kilzer <ddkilzer@apple.com>
13181 <rdar://problem/8319473> Replace build train names with iOS version numbers in Platform.h
13183 Reviewed by David Carson.
13185 * wtf/Platform.h: Removed build train names in favor of version
13186 numbers. Also moved "_OR_LATER" macros so that they're only
13187 defined on iOS WebKit builds.
13189 2010-08-14 Dean Jackson <dino@apple.com>
13191 Reviewed by David Kilzer.
13193 <rdar://problem/8071468> TLF: Add Gyro DOM events
13194 <rdar://problem/5440938> TLF: Add Accelerometer DOM events
13196 Enable DEVICE_ORIENTATION in Features.
13198 * Configurations/FeatureDefines.xcconfig:
13200 2010-08-13 David Kilzer <ddkilzer@apple.com>
13202 <rdar://problem/8210340> SWB: ld64-116.2 of JavaScriptCore: cannot export symbol
13204 Reviewed by David Carson.
13206 The problem is that the iOS-specific configurations for the jsc,
13207 minidom and testapi targets were using Indigo.xcconfig for
13208 Simulator configurations and iPhone.xcconfig for hardware
13209 configurations. Both pulled in JavaScriptCore.xcconfig, which
13210 set EXPORTED_SYMBOLS_FILE to JavaScriptCore.exp, which caused
13213 The fix is to use IndigoSDK.xcconfig in place of Indigo.xcconfig
13214 and AspenSDK.xcconfig in place of iPhone.xcconfig for the iOS
13215 configurations of jsc, minidom and testapi.
13217 * JavaScriptCore.xcodeproj/project.pbxproj: Updated jsc, minidom
13218 and testapi targets to be based on xcconfig files that do not
13219 pull in JavaScriptCore.xcconfig.
13221 2010-08-12 David Kilzer <ddkilzer@apple.com>
13223 Relanding: <rdar://problem/7854586> iOS: Enable Ruby support
13225 Reviewed by David Carson.
13227 * Configurations/FeatureDefines.xcconfig: Enable Ruby support
13228 for all SDKs except iOS SDK 4.2.
13230 2010-08-12 Andy Estes <aestes@apple.com>
13232 <rdar://problem/8295061> Merge open source r64390, which added support
13233 for compiling open source WebKit against iOS SDKs.
13235 Relanded with fix: <rdar://problem/8300652> Jasper8C73: WebKit_Sim-591 installhdrs failed
13237 Reviewed by David Kilzer.
13239 * Configurations/Base.xcconfig:
13240 * Configurations/FeatureDefines.xcconfig:
13242 2010-08-11 Yongjun Zhang <yongjun_zhang@apple.com>
13244 <rdar://problem/8272261> iOS: parseFloat can be used to load arbitrary JSValues into JS, leading to badness (43461)
13246 Merged ToT WebKit r64706.
13248 2010-08-04 Geoffrey Garen <ggaren@apple.com>
13250 Reviewed by Oliver Hunt and Beth Dakin.
13252 https://bugs.webkit.org/show_bug.cgi?id=43461
13253 Invalid NaN parsing
13255 * wtf/dtoa.cpp: Turn off the dtoa feature that allows you to specify a
13256 non-standard NaN representation, since our NaN encoding assumes that all
13257 true NaNs have the standard bit pattern.
13259 * API/JSValueRef.cpp:
13260 (JSValueMakeNumber): Don't allow an API client to accidentally specify
13261 a non-standard NaN either.
13263 2010-08-10 David Kilzer <ddkilzer@apple.com>
13265 <rdar://problem/8210895> Change MACOSX_DEPLOYMENT_TARGET from 10.5 to 10.6
13267 Reviewed by David Carson.
13269 * Configurations/DebugRelease.xcconfig: Changed
13270 MACOSX_DEPLOYMENT_TARGET from "10.5" and "10.6" for iphoneos and
13271 iphonesimulator platforms.
13273 2010-08-09 David Kilzer <ddkilzer@apple.com>
13275 <rdar://problem/7902157> Enable web sockets once the spec has stabilized
13277 Reviewed by David Carson.
13279 * Configurations/FeatureDefines.xcconfig: Updated to enable
13280 web sockets for iOS WebKit.
13282 2010-08-07 Dan Bernstein <mitz@apple.com>
13284 <rdar://problem/8285101> Merge Open Source changes needed for color bitmap font support
13286 Merged TOT WebKit r64915.
13288 2010-08-07 Dan Bernstein <mitz@apple.com>
13290 Reviewed by Anders Carlsson.
13292 Created a separate SimpleFontData constructor exclusively for SVG fonts and moved the CTFontRef
13293 from SimpleFontData to FontPlatformData.
13294 https://bugs.webkit.org/show_bug.cgi?id=43674
13296 * wtf/Platform.h: Moved definitions of WTF_USE_CORE_TEXT and WTF_USE_ATSUI here from WebCore/config.h.
13298 2010-08-07 David Kilzer <ddkilzer@apple.com>
13300 <rdar://problem/8279408> Move some member variables around to reduce class sizes. (38961)
13302 Merged ToT WebKit r59197-r59198.
13304 2010-05-11 Anders Carlsson <andersca@apple.com>
13306 Reviewed by Sam Weinig.
13308 Add a compile time assert that sizeof(String) == sizeof(AtomicString).
13310 * wtf/text/AtomicString.cpp:
13312 2010-05-11 Anders Carlsson <andersca@apple.com>
13314 Reviewed by Mark Rowe.
13316 https://bugs.webkit.org/show_bug.cgi?id=38961
13317 Move some member variables around to reduce class sizes.
13319 Make AtomicString no longer inherit from FastAllocBase.
13321 Since AtomicString's first (and only) member variable, a RefPtr, also inherits from FastAllocBase this
13322 was causing the size of AtomicString to contain sizeof(void*) bytes of padding.
13324 * wtf/text/AtomicString.h:
13326 2010-08-07 David Kilzer <ddkilzer@apple.com>
13328 <rdar://problem/8282609> Enable sandboxed iframes
13330 Reviewed by David Carson.
13332 * Configurations/FeatureDefines.xcconfig: Updated to enable
13333 sandboxed iframes for iOS WebKit.
13335 2010-08-05 David Kilzer <ddkilzer@apple.com>
13337 <rdar://problem/8275644> REGRESSION (Havoc merge I): Assertion failure in JSC::Heap::registerThread() when running regression tests
13339 Reviewed by Pratik Solanki.
13341 * runtime/Collector.cpp:
13342 (JSC::Heap::registerThread): Removed ASSERT() hack added during
13343 <rdar://problem/7781582> in r242248.
13345 2010-08-05 David Kilzer <ddkilzer@apple.com>
13347 <rdar://problem/6645438> Merge Soil.xcconfig into Base.xcconfig
13349 Reviewed by David Carson.
13351 The BUILD_TYPE definitions don't need to be in a separate
13352 xcconfig file, so move them into Base.xcconfig.
13354 * Configurations/Base.xcconfig: Added BUILD_TYPE definitions
13355 from Soil.xcconfig.
13356 * Configurations/Soil.xcconfig: Removed.
13357 * JavaScriptCore.xcodeproj/project.pbxproj: Removed references
13360 2010-08-04 David Kilzer <ddkilzer@apple.com>
13362 Part 2 of 2: <rdar://problem/7781582> Merge WebKit with Safari Havoc Final/Safari Gemini
13364 Merged ToT WebKit r58930-r63936 from Safari Havoc and Gemini
13365 branches to iOS WebKit.
13367 870 files changed, 65193 insertions(+), 36489 deletions(-)
13369 2010-08-02 David Kilzer <ddkilzer@apple.com>
13371 Part 1 of 2: <rdar://problem/7781582> Merge WebKit with Safari Havoc Final/Safari Gemini
13373 Merged ToT WebKit r54085-r58928 to iOS WebKit.
13375 The second part will merge commits on the Havoc and Gemini branches.
13377 45864 files changed, 1788569 insertions(+), 269116 deletions(-)
13379 2010-07-30 Joseph Pecoraro <joepeck@webkit.org>
13381 Reviewed by Yongjun Zhang.
13383 <rdar://problem/8256224> Web Inspector: Turn on ENABLE_INSPECTOR by Default
13385 * wtf/Platform.h: enable ENABLE_INSPECTOR for PLATFORM(IPHONE)
13387 2010-07-29 Gavin Barraclough <barraclough@apple.com>
13389 Reviewed by NOBODY (OOPS!).
13391 Patch originally by David Goodwin.
13393 This change is functionally the same as:
13394 https://bugs.webkit.org/show_bug.cgi?id=43162
13395 (but very different, since code has moved around since then).
13397 Add support for MADV_FREE to ExecutableAllocatorFixedVMPool, so that
13398 unused memory pages in the JIT buffers can be returned to the system.
13400 * jit/ExecutableAllocatorFixedVMPool.cpp:
13401 (JSC::FixedVMPoolAllocator::release):
13402 (JSC::FixedVMPoolAllocator::reuse):
13404 2010-07-26 David Kilzer <ddkilzer@apple.com>
13406 <rdar://problem/7937509> JavaScriptCore-564 fails to build in Damnation
13408 Reviewed by David Carson.
13410 The iPhone Simulator in Durango and Telluride now apparently
13411 uses Barolo headers, so it needs to initialize the additional
13412 fields in the malloc_introspection_t struct.
13414 This rolls out iOS WebKit r235486.
13416 * wtf/FastMalloc.cpp:
13417 (jscore_fastmalloc_introspection): Include additional fields
13418 when compiling for the iPhone Simulator on Durango and newer.
13420 2010-07-23 Greg Bolsinga <bolsinga@apple.com>
13422 Reviewed by David Kilzer.
13424 <rdar://problem/6845619> Reset CoreLocation Warnings will not reset Geolocation warnings
13426 * wtf/Platform.h: Turn on ENABLE_GEOLOCATION_PERMISSION_CACHE.
13428 2010-07-21 Gavin Barraclough <barraclough@apple.com>
13430 Enable the JIT for Jasper.
13432 *** This change will not work on Jasper pre-8C55 - please update! ***
13434 Roll in patches r55834, r56000, r57608, r59037, r62306, r62419, r62437,
13435 r62612, r62799, r63023, r63056, r63336, r63341, and r63404 from open source.
13437 Change mmap in FixedVMPoolAllocator to pass MAP_JIT, and check the result for MAP_FAILED (fixes a bug in ToT).
13439 Makes the following changes to Platform.h:
13440 * Enable JIT for Jasper on ARMv7 (interpret only on future build trains until they pick up kernel changes,
13442 * Enable ENABLE_EXECUTABLE_ALLOCATOR_FIXED (the JIT uses a signle allocation).
13443 * Disable ENABLE_ASSEMBLER_WX_EXCLUSIVE (the JIt now uses RWX memory).
13445 Once future kernel changes have been made, if mmap with MAP_JIT returns MAP_FAILED (where the
13446 appropriate entitlement is not available) then JSC should gracefully fallback to the interpreter.
13448 * assembler/ARMv7Assembler.h:
13449 (JSC::ARMRegisters::):
13450 (JSC::ARMRegisters::asSingle):
13451 (JSC::ARMRegisters::asDouble):
13452 (JSC::VFPImmediate::VFPImmediate):
13453 (JSC::VFPImmediate::isValid):
13454 (JSC::VFPImmediate::value):
13455 (JSC::ARMv7Assembler::singleRegisterMask):
13456 (JSC::ARMv7Assembler::doubleRegisterMask):
13457 (JSC::ARMv7Assembler::):
13458 (JSC::ARMv7Assembler::add_S):
13459 (JSC::ARMv7Assembler::ldrb):
13460 (JSC::ARMv7Assembler::neg):
13461 (JSC::ARMv7Assembler::orr_S):
13462 (JSC::ARMv7Assembler::sub):
13463 (JSC::ARMv7Assembler::sub_S):
13464 (JSC::ARMv7Assembler::vadd_F64):
13465 (JSC::ARMv7Assembler::vcmp_F64):
13466 (JSC::ARMv7Assembler::vcvt_F64_S32):
13467 (JSC::ARMv7Assembler::vcvtr_S32_F64):
13468 (JSC::ARMv7Assembler::vdiv_F64):
13469 (JSC::ARMv7Assembler::vldr):
13470 (JSC::ARMv7Assembler::vmov_F64_0):
13471 (JSC::ARMv7Assembler::vmov):
13472 (JSC::ARMv7Assembler::vmrs):
13473 (JSC::ARMv7Assembler::vmul_F64):
13474 (JSC::ARMv7Assembler::vstr):
13475 (JSC::ARMv7Assembler::vsub_F64):
13476 (JSC::ARMv7Assembler::repatchLoadPtrToLEA):
13477 (JSC::ARMv7Assembler::VFPOperand::VFPOperand):
13478 (JSC::ARMv7Assembler::VFPOperand::bits1):
13479 (JSC::ARMv7Assembler::VFPOperand::bits4):
13480 (JSC::ARMv7Assembler::vcvtOp):
13481 (JSC::ARMv7Assembler::linkJumpAbsolute):
13482 (JSC::ARMv7Assembler::ARMInstructionFormatter::vfpOp):
13483 (JSC::ARMv7Assembler::ARMInstructionFormatter::vfpMemOp):
13484 * assembler/AbstractMacroAssembler.h:
13485 (JSC::AbstractMacroAssembler::ImmPtr::ImmPtr):
13486 * assembler/MacroAssemblerARM.h:
13487 * assembler/MacroAssemblerARMv7.h:
13488 (JSC::MacroAssemblerARMv7::fpTempRegisterAsSingle):
13489 (JSC::MacroAssemblerARMv7::neg32):
13490 (JSC::MacroAssemblerARMv7::load8):
13491 (JSC::MacroAssemblerARMv7::loadDouble):
13492 (JSC::MacroAssemblerARMv7::divDouble):
13493 (JSC::MacroAssemblerARMv7::convertInt32ToDouble):
13494 (JSC::MacroAssemblerARMv7::branchDouble):
13495 (JSC::MacroAssemblerARMv7::branchConvertDoubleToInt32):
13496 (JSC::MacroAssemblerARMv7::zeroDouble):
13497 (JSC::MacroAssemblerARMv7::branch8):
13498 (JSC::MacroAssemblerARMv7::branchTest8):
13499 (JSC::MacroAssemblerARMv7::branchOr32):
13500 (JSC::MacroAssemblerARMv7::set32):
13501 (JSC::MacroAssemblerARMv7::set8):
13502 (JSC::MacroAssemblerARMv7::setTest8):
13503 * assembler/MacroAssemblerX86Common.h:
13504 * bytecode/CodeBlock.cpp:
13505 (JSC::CodeBlock::~CodeBlock):
13506 (JSC::CodeBlock::shrinkToFit):
13507 * bytecode/CodeBlock.h:
13508 (JSC::CodeBlock::bytecodeOffset):
13509 * bytecode/Instruction.h:
13510 (JSC::Instruction::Instruction):
13511 * bytecode/Opcode.h:
13512 * interpreter/CallFrame.h:
13513 (JSC::ExecState::returnPC):
13514 (JSC::ExecState::returnVPC):
13515 * interpreter/Interpreter.cpp:
13516 (JSC::bytecodeOffsetForPC):
13517 (JSC::Interpreter::Interpreter):
13518 (JSC::Interpreter::isOpcode):
13519 (JSC::Interpreter::unwindCallFrame):
13520 (JSC::Interpreter::throwException):
13521 (JSC::Interpreter::execute):
13522 (JSC::Interpreter::prepareForRepeatCall):
13523 (JSC::Interpreter::privateExecute):
13524 (JSC::Interpreter::retrieveLastCaller):
13525 * interpreter/Interpreter.h:
13526 (JSC::Interpreter::getOpcode):
13527 (JSC::Interpreter::getOpcodeID):
13528 * jit/ExecutableAllocator.cpp:
13529 (JSC::ExecutableAllocator::reprotectRegion):
13530 (JSC::ExecutableAllocator::cacheFlush):
13531 * jit/ExecutableAllocator.h:
13532 (JSC::ExecutableAllocator::ExecutableAllocator):
13533 (JSC::ExecutableAllocator::poolForSize):
13534 * jit/ExecutableAllocatorFixedVMPool.cpp:
13535 (JSC::FixedVMPoolAllocator::FixedVMPoolAllocator):
13536 (JSC::FixedVMPoolAllocator::alloc):
13537 (JSC::FixedVMPoolAllocator::free):
13538 (JSC::FixedVMPoolAllocator::isValid):
13539 (JSC::ExecutableAllocator::isValid):
13540 (JSC::ExecutablePool::systemAlloc):
13541 (JSC::ExecutablePool::systemRelease):
13542 * jit/ExecutableAllocatorPosix.cpp:
13543 (JSC::ExecutableAllocator::isValid):
13544 * jit/ExecutableAllocatorSymbian.cpp:
13545 * jit/ExecutableAllocatorWin.cpp:
13546 (JSC::ExecutableAllocator::isValid):
13548 (JSC::JIT::linkCall):
13550 (JSC::JIT::compileCTIMachineTrampolines):
13552 (JSC::JIT::compileOpCallVarargs):
13553 (JSC::JIT::compileOpCallSlowCase):
13554 * jit/JITOpcodes.cpp:
13555 * jit/JITPropertyAccess.cpp:
13556 (JSC::JIT::privateCompilePutByIdTransition):
13557 * jit/JITStubs.cpp:
13558 (JSC::JITThunks::JITThunks):
13559 (JSC::JITThunks::tryCacheGetByID):
13560 * runtime/ArrayPrototype.cpp:
13561 (JSC::isNumericCompareFunction):
13562 * runtime/Executable.cpp:
13563 (JSC::EvalExecutable::generateJITCode):
13564 (JSC::ProgramExecutable::generateJITCode):
13565 (JSC::FunctionExecutable::generateJITCode):
13566 (JSC::FunctionExecutable::reparseExceptionInfo):
13567 (JSC::EvalExecutable::reparseExceptionInfo):
13568 * runtime/Executable.h:
13569 (JSC::NativeExecutable::NativeExecutable):
13570 * runtime/JSGlobalData.cpp:
13571 (JSC::JSGlobalData::JSGlobalData):
13572 * runtime/JSGlobalData.h:
13573 (JSC::JSGlobalData::canUseJIT):
13575 * yarr/RegexCompiler.cpp:
13576 (JSC::Yarr::RegexPatternConstructor::atomBackReference):
13577 (JSC::Yarr::RegexPatternConstructor::quantifyAtom):
13578 * yarr/RegexJIT.cpp:
13579 (JSC::Yarr::RegexGenerator::generateTerm):
13580 (JSC::Yarr::RegexGenerator::RegexGenerator):
13581 (JSC::Yarr::jitCompileRegex):
13583 (JSC::Yarr::RegexCodeBlock::operator!):
13584 * yarr/RegexPattern.h:
13585 (JSC::Yarr::RegexPattern::RegexPattern):
13586 (JSC::Yarr::RegexPattern::reset):
13588 2010-07-14 David Kilzer <ddkilzer@apple.com>
13590 Remove duplicate #include statement from ProfilerSerer.mm
13592 Rubber-stamped by Greg Bolsinga.
13594 * profiler/ProfilerServer.mm: Removed duplicate include.
13596 2010-07-14 Greg Bolsinga <bolsinga@apple.com>
13598 Let Xcode 3.2.4 update the project file.
13600 Reviewed by Paul Knight.
13602 * JavaScriptCore.xcodeproj/project.pbxproj:
13604 2010-07-05 David Kilzer <ddkilzer@apple.com>
13606 Part 2: <rdar://problem/8144692> iOS: Overflow in JSArray::copyToRegisters (41351)
13608 Merged ToT WebKit r62456, r62464.
13610 2010-07-04 Mark Rowe <mrowe@apple.com>
13612 Build fix after r62456.
13614 * interpreter/Interpreter.cpp:
13615 (JSC::Interpreter::privateExecute): Be slightly more consistent in using uint32_t to prevent
13616 warnings about comparisons between signed and unsigned types, and attempts to call an overload
13617 of std::min that doesn't exist.
13619 2010-07-03 Yong Li <yoli@rim.com>
13621 Reviewed by Darin Adler.
13623 Make Arguments::MaxArguments clamping work for numbers >= 0x80000000 in
13624 the interpreter as well as the JIT.
13626 https://bugs.webkit.org/show_bug.cgi?id=41351
13627 rdar://problem/8142141
13629 * interpreter/Interpreter.cpp:
13630 (JSC::Interpreter::privateExecute): Fix signed integer overflow problem
13631 in op_load_varargs handling. 0xFFFFFFFF was read as -1.
13633 2010-07-03 David Kilzer <ddkilzer@apple.com>
13635 <rdar://problem/8144692> iOS: Overflow in JSArray::copyToRegisters (41351)
13637 Merged ToT WebKit r62432.
13639 2010-07-02 Oliver Hunt <oliver@apple.com>
13641 Reviewed by Gavin Barraclough.
13643 Clamp the number of arguments supported by function.apply
13644 https://bugs.webkit.org/show_bug.cgi?id=41351
13645 <rdar://problem/8142141>
13647 Add clamping logic to function.apply similar to that
13648 enforced by firefox. We have a smaller clamp than
13649 firefox as our calling convention means that stack
13650 usage is proportional to argument count -- the firefox
13651 limit is larger than you could actually call.
13653 * interpreter/Interpreter.cpp:
13654 (JSC::Interpreter::privateExecute):
13655 * jit/JITStubs.cpp:
13656 (JSC::DEFINE_STUB_FUNCTION):
13657 * runtime/Arguments.h:
13658 (JSC::Arguments::):
13660 2010-07-02 David Kilzer <ddkilzer@apple.com>
13662 Use snprintf instead of sprintf everywhere in JavaScriptCore
13664 Merged ToT WebKit r62414.
13666 2010-07-02 Sam Weinig <sam@webkit.org>
13668 Reviewed by Geoffrey Garen.
13670 Patch for https://bugs.webkit.org/show_bug.cgi?id=41548
13671 Use snprintf instead of sprintf everywhere in JavaScriptCore
13673 * runtime/JSGlobalObjectFunctions.cpp:
13675 (JSC::globalFuncEscape):
13676 * runtime/UString.cpp:
13677 (JSC::UString::from):
13679 2010-07-01 Gavin Barraclough <barraclough@apple.com>
13681 Reviewed by David Carson.
13683 Switch ASSERTs to ASSERT_UNUSEDs to, to allow JIT to build Deployment on iPhone.
13685 * assembler/MacroAssemblerARMv7.h:
13686 (JSC::MacroAssemblerARMv7::branchMul32):
13688 2010-07-01 David Kilzer <ddkilzer@apple.com>
13690 <rdar://problem/8058479> Damnation8Z5059: JavaScriptCore_Sim-579 fails to build
13692 Reviewed by Cameron Zwarich.
13694 The iPhone Simulator in Durango and Telluride still uses
13695 pre-Barolo headers, so it doesn't need to initialize the
13696 additional fields in the malloc_introspection_t struct.
13698 * wtf/FastMalloc.cpp:
13699 (jscore_fastmalloc_introspection): Don't include the additional
13700 fields when compiling for the iPhone Simulator on Durango and
13703 2010-06-29 David Kilzer <ddkilzer@apple.com>
13705 <rdar://problem/8122363> iPhone: Safari 5 crashes due to incorrect handling of BOMs in JSC
13707 Merged ToT WebKit r61450.
13709 2010-06-18 Oliver Hunt <oliver@apple.com>
13711 Reviewed by Geoffrey Garen.
13713 Incorrect handling of multiple BOMs scattered through a file.
13714 https://bugs.webkit.org/show_bug.cgi?id=40865
13716 When determining the offset of open and close braces in a source
13717 with BOMs we were finishing our count early as we failed to account
13718 for BOMs prior to the open/close brace positions effecting those
13721 * parser/Lexer.cpp:
13722 (JSC::Lexer::sourceCode):
13724 2010-05-20 David Kilzer <ddkilzer@apple.com>
13726 <rdar://problem/8010351> Enable JavaScriptCore dtrace probes for iPhone Simulator
13728 Reviewed by Greg Bolsinga.
13730 * Configurations/Base.xcconfig: Enable dtrace probes for the
13733 2010-05-17 David Kilzer <ddkilzer@apple.com>
13735 <rdar://problem/7937509> JavaScriptCore-564 fails to build in Damnation
13737 Merged ToT WebKit r57457.
13739 2010-04-11 Mark Rowe <mrowe@apple.com>
13741 Reviewed by Sam Weinig.
13743 <rdar://problem/7851332> Fix the build.
13745 * wtf/FastMalloc.cpp:
13746 (WTF::TCMallocStats::): Initialize extra members of malloc_introspection_t to zero.
13748 2010-05-13 Yongjun Zhang <yongjun_zhang@apple.com>
13750 <rdar://problem/7977658> MobileSafari has 2 MB of VM_TAG_FOR_COLLECTOR_MEMORY resident in the background
13752 Merge ToT WebKit r54428, r54574, r54696, r54701
13754 2010-02-09 Geoffrey Garen <ggaren@apple.com>
13756 Reviewed by Oliver Hunt.
13758 Small refactoring to the small strings cache to allow it to be cleared
13761 * runtime/SmallStrings.cpp:
13762 (JSC::SmallStrings::SmallStrings):
13763 (JSC::SmallStrings::clear):
13764 * runtime/SmallStrings.h: Moved initialization code into a shared function,
13765 and changed the constructor to call it.
13767 2010-02-11 Geoffrey Garen <ggaren@apple.com>
13769 Reviewed by Oliver Hunt and Darin Adler.
13771 The rest of the fix for
13772 https://bugs.webkit.org/show_bug.cgi?id=34864 | <rdar://problem/7594198>
13773 Many objects left uncollected after visiting mail.google.com and closing
13776 Don't unconditionally hang onto small strings. Instead, hang onto all
13777 small strings as long as any small string is still referenced.
13779 SunSpider reports no change.
13781 * runtime/Collector.cpp:
13782 (JSC::Heap::markRoots): Mark the small strings cache last, so it can
13783 check if anything else has kept any strings alive.
13785 * runtime/SmallStrings.cpp:
13787 (JSC::SmallStrings::markChildren): Only keep our strings alive if some
13788 other reference to at least one of them exists, too.
13790 2010-02-04 Geoffrey Garen <ggaren@apple.com>
13792 Reviewed by Gavin Barraclough.
13794 Some progress toward fixing
13795 Reviewed by Oliver Hunt.
13797 Clearing a WeakGCPtr is weird
13798 https://bugs.webkit.org/show_bug.cgi?id=34627
13800 Added a WeakGCPtr::clear interface.
13802 As discussed in https://bugs.webkit.org/show_bug.cgi?id=33383, the old
13803 interface made it pretty weird for a client to conditionally clear a
13804 WeakGCPtr, which is exactly what clients want to do when objects are
13807 * API/JSClassRef.cpp:
13808 (clearReferenceToPrototype): Use the new WeakGCPtr::clear() interface.
13810 * runtime/WeakGCPtr.h:
13811 (JSC::WeakGCPtr::clear): Added an interface for clearing a WeakGCPtr,
13812 iff its current value is the value passed in. It's cumbersome for the
13813 client to do this test, since WeakGCPtr sometimes pretends to be null.
13815 2010-02-11 Geoffrey Garen <ggaren@apple.com>
13817 Reviewed by Gavin Barraclough.
13819 https://bugs.webkit.org/show_bug.cgi?id=34864 | <rdar://problem/7594198>
13820 Many objects left uncollected after visiting mail.google.com and closing
13823 SunSpider reports no change.
13825 Keep weak references, rather than protected references, to cached for-in
13826 property name enumerators.
13828 One problem with protected references is that a chain like
13829 [ gc object 1 ] => [ non-gc object ] => [ gc object 2 ]
13830 takes two GC passes to break, since the first pass collects [ gc object 1 ],
13831 releasing [ non-gc object ] and unprotecting [ gc object 2 ], and only
13832 then can a second pass collect [ gc object 2 ].
13834 Another problem with protected references is that they can keep a bunch
13835 of strings alive long after they're useful. In SunSpider and a few popular
13836 websites, the size-speed tradeoff seems to favor weak references.
13838 * runtime/JSPropertyNameIterator.cpp:
13839 (JSC::JSPropertyNameIterator::JSPropertyNameIterator): Moved this constructor
13840 into the .cpp file, since it's not used elsewhere.
13842 (JSC::JSPropertyNameIterator::~JSPropertyNameIterator): Added a destructor
13843 to support our weak reference.
13845 * runtime/JSPropertyNameIterator.h:
13846 (JSC::Structure::setEnumerationCache):
13847 (JSC::Structure::clearEnumerationCache):
13848 (JSC::Structure::enumerationCache): Added a function for clearing a
13849 Structure's enumeration cache, used by our new destructor. Also fixed
13850 indentation to match the rest of the file.
13852 * runtime/Structure.h: Changed from protected pointer to weak pointer.
13854 2010-05-04 Yongjun Zhang <yongjun_zhang@apple.com>
13856 <rdar://problem/7928746> WebKit crashes at DebuggerCallFrame::functionName() if m_callFrame is the top global callframe.
13858 Merged ToT WebKit r58779
13860 2010-05-04 Yongjun Zhang <yongjun_zhang@apple.com>
13862 Reviewed by Darin Adler.
13864 WebKit crashes at DebuggerCallFrame::functionName() if m_callFrame is the top global callframe.
13865 https://bugs.webkit.org/show_bug.cgi?id=38535
13867 Don't call asFunction if callee is not a FunctionType to prevent assertion failure
13868 in JSCell::isObject().
13870 * debugger/DebuggerCallFrame.cpp:
13871 (JSC::DebuggerCallFrame::functionName):
13872 (JSC::DebuggerCallFrame::calculatedFunctionName):
13874 2010-04-24 Greg Bolsinga <bolsinga@apple.com>
13876 Reviewed by Paul Knight.
13878 <rdar://problem/7542676> iPhone WebKit should not have ENABLE(DATALIST) defined
13880 * Configurations/FeatureDefines.xcconfig: Turn off DATALIST for iPhone.
13882 2010-04-23 David Kilzer <ddkilzer@apple.com>
13884 <rdar://problem/7901486> Disable WebSockets since the standard is still in flux
13886 Reviewed by Paul Knight.
13888 * Configurations/FeatureDefines.xcconfig: Disabled web sockets
13889 for iPhone OS and iPhone Simulator builds.
13891 2010-04-18 Dan Bernstein <mitz@apple.com>
13893 Reviewed by Dave Kilzer.
13895 JavaScriptCore part of <rdar://problem/7877559> Use Developer directory-relative #inlcudes in .xcconfig files
13896 Changed absolute #include paths to <DEVELOPER_DIR>-relative paths.
13898 * Configurations/Indigo.xcconfig:
13899 * Configurations/iPhone.xcconfig:
13901 2010-04-18 David Kilzer <ddkilzer@apple.com>
13903 Remove workarounds for iPhone OS 3.2 and earlier
13905 Reviewed by Greg Bolsinga.
13907 * wtf/FastMalloc.cpp:
13908 (WTF::TCMallocStats::): Removed workaround for iPhone OS 3.2.
13909 * wtf/Platform.h: Ditto.
13911 2010-04-17 David Kilzer <ddkilzer@apple.com>
13913 <rdar://problem/7876459> iPhone: REGRESSION: Crash beneath JSGlobalContextRelease when typing in Google search field with GuardMalloc/full page heap enabled
13915 Merged ToT WebKit r54785.
13917 2010-02-15 Geoffrey Garen <ggaren@apple.com>
13919 Reviewed by Oliver Hunt.
13921 Fixed <rdar://problem/7628524> Crash beneath JSGlobalContextRelease when
13922 typing in Google search field with GuardMalloc/full page heap enabled
13924 * API/JSContextRef.cpp: Don't use APIEntryShim, since that requires
13925 a JSGlobalData, which this function destroys. Do use setCurrentIdentifierTable
13926 and JSLock instead, since those are the two features of APIEntryShim we
13929 2010-04-17 David Kilzer <ddkilzer@apple.com>
13931 <rdar://problem/7548905> Change build version of WebKit from 10.5 (Leopard) to 10.6 (Snow Leopard)
13933 Reviewed by Joseph Pecoraro.
13935 This changes the WebKit version from 5532.9 to 6532.9 to signify
13936 that iPhone OS 4.0 is closer to SnowLeopard's version of WebKit
13937 than Leopard's version of WebKit.
13939 * Configurations/Version.xcconfig: Changed
13940 SYSTEM_VERSION_PREFIX_iphoneos from 5 to 6.
13942 2010-04-16 Mike Knippers <knippers@apple.com>
13944 Reviewed by David Kilzer.
13946 Updated JavaScriptCore order file for Apex.
13948 <rdar://problem/7869012> Update JavascriptCore order file for Apex
13950 * JavaScriptCore.iPhone.order:
13952 2010-04-08 Greg Bolsinga <bolsinga@apple.com>
13954 Reviewed by David Carson.
13956 <rdar://problem/7674554> Safari hangs when user replies to Hotmail email (flat frame code needs lots of help)
13958 Remove ENABLE(FRAME_FLATTENING_DEPRECATED) code so that OpenSource code can be merged in for this feature.
13962 2010-04-07 Enrica Casucci <enrica@apple.com>
13964 <rdar://problem/7702452> N90/Apex8A211: Text gets "white-out" by the insertion cursor
13966 Merged ToT WebKit r57218.
13968 2010-04-07 Enrica Casucci <enrica@apple.com>
13970 Reviewed by Darin Adler.
13972 https://bugs.webkit.org/show_bug.cgi?id=37219
13974 This change disables text caret for the iPhone platflorm.
13976 * wtf/Platform.h: Disabled text caret for iPhone.
13978 2010-04-07 Greg Bolsinga <bolsinga@apple.com>
13980 <rdar://problem/7822422> Event Targets are lost in a non-deterministic fashion
13982 Merged ToT WebKit r54402.
13984 2010-02-04 Geoffrey Garen <ggaren@apple.com>
13986 Build fix: export a header.
13988 * JavaScriptCore.xcodeproj/project.pbxproj:
13990 2010-04-06 Greg Bolsinga <bolsinga@apple.com>
13992 Reviewed by David Carson.
13994 <rdar://problem/6845619> Reset CoreLocation Warnings will not reset Geolocation warnings
13996 This is clean up in preparation to update to Open Source Geolocation. ENABLE_GEOLOCATION_PERMISSION_CACHE
13997 is an iPhone only concept that doesn't even work due to <rdar://problem/7835511>.
13999 * wtf/Platform.h: Add ENABLE_GEOLOCATION_PERMISSION_CACHE, which is always off.
14001 2010-04-05 Pratik Solanki <psolanki@apple.com>
14003 <rdar://problem/7830163> Enable pthread_setname_np
14005 Reviewed by Greg Bolsinga.
14007 We don't need to check for !IPHONE_SIMULATOR since the SDK requires
14008 Snow Leopard. Also, remove the check for 4.0.
14012 2010-03-31 David Kilzer <ddkilzer@apple.com>
14014 Make iPhone WebKit source build Mac OS X WebKit
14016 Reviewed by Greg Bolsinga and David Carson.
14018 Needed to test <rdar://problem/7763309> after merging.
14020 * wtf/CrossThreadRefCounted.h: Added #if PLATFORM(IPHONE)/#endif
14021 macros around iPhone-only header.
14023 2010-03-29 Joseph Pecoraro <joepeck@webkit.org>
14025 Reviewed by David Kilzer.
14027 <rdar://problem/7786502> ASSERT Crash when Using Local Storage
14029 Provide Function Pointers to be filled in by WebCore. These are the
14030 same name as WebCore's function, but prefixed with "WebCore". This
14031 introduces WebCoreWebThreadIsLockedOrDisabled.
14033 * wtf/iphone/WebCoreThread.cpp: Added. Function pointers to be filled.
14034 * wtf/iphone/WebCoreThread.h: Added. Function pointers to be filled.
14035 * wtf/CrossThreadRefCounted.h: Uses the improved function in the ASSERT
14036 (WTF::::ref): use the existing ASSERT
14037 (WTF::::deref): use the existing ASSERT
14038 (WTF::::crossThreadCopy): use the existing ASSERT
14040 Build System and other File Handling.
14042 * JavaScriptCore.exp: export the function pointers to be filled.
14043 * JavaScriptCore.xcodeproj/project.pbxproj: Added new Files.
14045 2010-03-27 David Kilzer <ddkilzer@apple.com>
14047 <rdar://problem/7748481> iPhone: TCMalloc should tag its memory, so it shows up distinctly in vmmap
14049 Merged ToT WebKit r55483.
14051 2010-03-03 Mark Rowe <mrowe@apple.com>
14053 Reviewed by Geoff Garen.
14055 Add virtual memory tags for TCMalloc and WebCore's purgeable buffers.
14057 * wtf/TCSystemAlloc.cpp:
14058 (TryMmap): Use the VM tag.
14059 * wtf/VMTags.h: Make use of VM_MEMORY_TCMALLOC and VM_MEMORY_WEBCORE_PURGEABLE_BUFFERS.
14061 2010-03-25 David Kilzer <ddkilzer@apple.com>
14063 <rdar://problem/7796325> Baker (4.1) needs to use llvm-gcc-4.2 to compile JavaScriptCore, WebCore, WKSI, WebKit
14065 Reviewed by Joseph Pecoraro.
14067 * Configurations/Base.xcconfig: Switched to use
14068 $(REAL_PLATFORM_NAME) to determine which compiler to use. For
14069 the iphoneos SDK, we always want llvm-gcc-4.2. For the
14070 iphonesimulator SDK, we just want the default compiler: gcc-4.2.
14072 2010-03-25 David Kilzer <ddkilzer@apple.com>
14074 <rdar://problem/7650521> iPhone: REGRESSION(r52116): WebCore::ImageEventSender::dispatchPendingEvents() crashes in certain conditions (34490)
14076 Merged ToT WebKit r54618, r54619.
14078 2010-02-10 Alexey Proskuryakov <ap@apple.com>
14080 Addressing issues found by style bot.
14082 * wtf/ValueCheck.h: Renamed header guard to match final file name.
14084 * wtf/Vector.h: (WTF::::checkConsistency): Remove braces around a one-line clause.
14086 2010-02-09 Alexey Proskuryakov <ap@apple.com>
14088 Reviewed by Geoffrey Garen.
14090 https://bugs.webkit.org/show_bug.cgi?id=34490
14091 WebCore::ImageEventSender::dispatchPendingEvents() crashes in certain conditions
14094 * JavaScriptCore.gypi:
14095 * JavaScriptCore.vcproj/WTF/WTF.vcproj:
14096 * JavaScriptCore.xcodeproj/project.pbxproj:
14097 Added ValueCheck.h.
14099 * wtf/ValueCheck.h: Added. Moved code out of HashTraits, since it would be awkward to
14100 include that from Vector.h.
14101 (WTF::ValueCheck::checkConsistency): Allow null pointers, those are pretty consistent.
14103 * wtf/HashTraits.h: Moved value checking code out of here.
14105 * wtf/HashTable.h: (WTF::::checkTableConsistencyExceptSize): Updated for the above changes.
14108 (WTF::::checkConsistency): Check all vector elements.
14109 (WTF::ValueCheck): Support checking a Vector as an element in other containers. Currently
14112 2010-03-25 David Kilzer <ddkilzer@apple.com>
14114 <rdar://problem/7597676> iPhone: JSC is failing to propagate anonymous slot count on some transitions
14116 Merged ToT WebKit r54100, r54129, r54141, r54265.
14118 2010-02-02 Oliver Hunt <oliver@apple.com>
14120 Reviewed by Geoffrey Garen.
14122 Crash in CollectorBitmap::get at nbcolympics.com
14123 https://bugs.webkit.org/show_bug.cgi?id=34504
14125 This was caused by the use of m_offset to determine the offset of
14126 a new property into the property storage. This patch corrects
14127 the effected cases by incorporating the anonymous slot count. It
14128 also removes the duplicate copy of anonymous slot count from the
14129 property table as keeping this up to date merely increased the
14130 chance of a mismatch. Finally I've added a large number of
14131 assertions in an attempt to prevent such a bug from happening
14134 With the new assertions in place the existing anonymous slot tests
14135 all fail without the m_offset fixes.
14137 * runtime/PropertyMapHashTable.h:
14138 * runtime/Structure.cpp:
14139 (JSC::Structure::materializePropertyMap):
14140 (JSC::Structure::addPropertyTransitionToExistingStructure):
14141 (JSC::Structure::addPropertyTransition):
14142 (JSC::Structure::removePropertyTransition):
14143 (JSC::Structure::flattenDictionaryStructure):
14144 (JSC::Structure::addPropertyWithoutTransition):
14145 (JSC::Structure::removePropertyWithoutTransition):
14146 (JSC::Structure::copyPropertyTable):
14147 (JSC::Structure::get):
14148 (JSC::Structure::put):
14149 (JSC::Structure::remove):
14150 (JSC::Structure::insertIntoPropertyMapHashTable):
14151 (JSC::Structure::createPropertyMapHashTable):
14152 (JSC::Structure::rehashPropertyMapHashTable):
14153 (JSC::Structure::checkConsistency):
14155 2010-02-01 Oliver Hunt <oliver@apple.com>
14157 Reviewed by Gavin Barraclough.
14159 Structure not accounting for anonymous slots when computing property storage size
14160 https://bugs.webkit.org/show_bug.cgi?id=34441
14162 Previously any Structure with anonymous storage would have a property map, so we
14163 were only including anonymous slot size if there was a property map. Given this
14164 is no longer the case we should always include the anonymous slot count in the
14165 property storage size.
14167 * runtime/Structure.h:
14168 (JSC::Structure::propertyStorageSize):
14170 2010-01-31 Oliver Hunt <oliver@apple.com>
14172 Reviewed by Maciej Stachowiak.
14174 JSC is failing to propagate anonymous slot count on some transitions
14175 https://bugs.webkit.org/show_bug.cgi?id=34321
14177 Remove secondary Structure constructor, and make Structure store a copy
14178 of the number of anonymous slots directly so saving an immediate allocation
14179 of a property map for all structures with anonymous storage, which also
14180 avoids the leaked property map on new property transition in the original
14181 version of this patch.
14183 We need to propagate the the anonymous slot count otherwise we can end up
14184 with a structure recording incorrect information about the available and
14185 needed space for property storage, or alternatively incorrectly reusing
14188 * JavaScriptCore.exp:
14189 * runtime/Structure.cpp:
14190 (JSC::Structure::Structure):
14191 (JSC::Structure::materializePropertyMap):
14192 (JSC::Structure::addPropertyTransition):
14193 (JSC::Structure::changePrototypeTransition):
14194 (JSC::Structure::despecifyFunctionTransition):
14195 (JSC::Structure::getterSetterTransition):
14196 (JSC::Structure::toDictionaryTransition):
14197 (JSC::Structure::flattenDictionaryStructure):
14198 (JSC::Structure::copyPropertyTable):
14199 (JSC::Structure::put):
14200 (JSC::Structure::remove):
14201 (JSC::Structure::insertIntoPropertyMapHashTable):
14202 (JSC::Structure::createPropertyMapHashTable):
14203 * runtime/Structure.h:
14204 (JSC::Structure::create):
14205 (JSC::Structure::hasAnonymousSlots):
14206 (JSC::Structure::anonymousSlotCount):
14208 2010-01-29 Mark Rowe <mrowe@apple.com>
14210 Roll out r54073 as it introduced many thousands of leaks.
14212 * runtime/JSObject.h:
14213 (JSC::JSObject::setStructure):
14214 * runtime/Structure.cpp:
14215 (JSC::Structure::addPropertyTransition):
14216 (JSC::Structure::changePrototypeTransition):
14217 (JSC::Structure::despecifyFunctionTransition):
14218 (JSC::Structure::getterSetterTransition):
14219 (JSC::Structure::toDictionaryTransition):
14220 * runtime/Structure.h:
14221 (JSC::Structure::create):
14223 2010-03-23 David Kilzer <ddkilzer@apple.com>
14225 <rdar://problem/7771301> JavaScriptCore, WebCore, WebKit projects only built for armv7 (missing armv6)
14227 Reviewed by Greg Bolsinga.
14229 ARCHS_UNIVERSAL_IPHONE_OS isn't as universal as the name
14230 suggests, so switch to using ARCHS_STANDARD_32_BIT instead.
14232 * Configurations/Base.xcconfig: Break out VALID_ARCHS by
14233 REAL_PLATFORM_NAME. Use ARCHS_STANDARD_32_BIT for iphoneos and
14235 * Configurations/DebugRelease.xcconfig: Switched from using
14236 ARCHS_UNIVERSAL_IPHONE_OS to using ARCHS_STANDARD_32_BIT.
14237 * JavaScriptCore.xcodeproj/project.pbxproj: Changed the base
14238 configuration for jsc, minidom and testapi targets to
14239 iPhone.xcconfig for Development_Hardware and Deployment_Hardware
14240 configurations, and to Indigo.xcconfig for Development and
14241 Deployment configurations. Note that Production_Deployment and
14242 Production_Hardware configurations were already based on
14243 Indigo.xccconfig and iPhone.xcconfig, respectively.
14245 2010-03-22 David Kilzer <ddkilzer@apple.com>
14247 <rdar://problem/7559240> Disable sandboxed iframe feature after Havoc merge
14249 Merged ToT WebKit r55043.
14251 * Configurations/FeatureDefines.xcconfig: Disable ENABLE_SANDBOX
14252 by default for iPhone WebKit.
14254 2010-02-19 Maciej Stachowiak <mjs@apple.com>
14256 Reviewed by David Levin.
14258 Add an ENABLE flag for sandboxed iframes to make it possible to disable it in releases
14259 https://bugs.webkit.org/show_bug.cgi?id=35147
14261 * Configurations/FeatureDefines.xcconfig:
14263 2010-03-21 Philippe Champeaux <champeaux.p@apple.com>
14265 <rdar://problem/7616665> WebKit should switch from MobileQuickLook to QuickLook
14267 Reviewed by David Kilzer.
14269 * wtf/Platform.h: Changed "USE(MOBILE_QUICK_LOOK)" to
14272 2010-03-21 David Kilzer <ddkilzer@apple.com>
14274 Part 2 of 2: <rdar://problem/7767168> Disable Ruby support for Apex
14276 Reviewed by David Carson.
14278 * Configurations/FeatureDefines.xcconfig: Disable Ruby support
14279 on iPhone OS and iPhone Simulator builds.
14281 2010-03-21 David Kilzer <ddkilzer@apple.com>
14283 Part 1 of 2: <rdar://problem/7767168> Disable Ruby support for Apex
14285 Merge ToT WebKit r54649.
14287 2010-02-08 Maciej Stachowiak <mjs@apple.com>
14289 Reviewed by Cameron Zwarich.
14291 Restore ENABLE_RUBY flag so vendors can ship with Ruby disabled if they choose.
14292 https://bugs.webkit.org/show_bug.cgi?id=34698
14294 * Configurations/FeatureDefines.xcconfig:
14296 2010-03-17 Joseph Pecoraro <joepeck@webkit.org>
14298 Reviewed by David Carson.
14300 <rdar://problem/7756577> REGRESSION: LayoutTests/fast/css/pseudo-required-optional-005.html fails on background of input type="range"
14302 Add ENABLE(RANGETYPE_AS_TEXT), which makes an <input type=range> display
14303 as a textfield. This is the preferred fallback behavior if the range
14304 input is not supported. The range input will still correctly respond
14305 with the "range" type, and handle the "required" attribute correctly.
14309 2010-03-08 Greg Bolsinga <bolsinga@apple.com>
14311 Reviewed by Simon Fraser.
14313 Add ENABLE(FRAME_FLATTENING_DEPRECATED), which wraps the code that explodes iframes within their parents.
14315 Investigation done for <rdar://problem/7674554>, Apex only.
14319 2010-03-13 David Kilzer <ddkilzer@apple.com>
14321 <rdar://problem/7751767> WebCore has a weak export of WebCore::jsString(JSC::ExecState*, WebCore::String const&)
14323 Merged ToT WebKit r54405.
14325 2010-02-04 Mark Rowe <mrowe@apple.com>
14327 Reviewed by Timothy Hatcher.
14329 Build fix. Remove a symbol corresponding to an inline function from the linker export
14330 file to prevent a weak external failure.
14332 * JavaScriptCore.xcodeproj/project.pbxproj: Accommodate rename of script.
14334 2010-03-13 David Kilzer <ddkilzer@apple.com>
14336 <rdar://problem/7610586> Merge Safari Havoc changes from ToT WebKit (r53218-r54084)
14338 Merged ToT WebKit r53218-r54084 on trunk.
14340 2593 files changed, 102315 insertions(+), 46263 deletions(-)
14342 2010-02-05 David Kilzer <ddkilzer@apple.com>
14344 Fix definition of ENABLE_SHARED_WORKERS
14346 Rubber-stamped by Simon Fraser.
14348 * Configurations/FeatureDefines.xcconfig: Fixed
14349 ENABLE_SHARED_WORKERS definition to be a variable.
14351 2010-02-05 David Kilzer <ddkilzer@apple.com>
14353 <rdar://problem/7618590> REGRESSION: JavaScriptCore is compiling with WTF_USE_JSVALUE32 instead of WTF_USE_JSVALUE32_64
14355 Reviewed by David Carson.
14357 * wtf/Platform.h: A "CPU(ARM)" test was added for USE(JSVALUE32)
14358 which caused iPhone OS builds to define that macro instead of
14359 USE(JSVALUE32_64). The fix is to change that to
14360 "CPU(ARM) && !PLATFORM(IPHONE)" so that it evaluates to false.
14362 2010-02-03 David Kilzer <ddkilzer@apple.com>
14364 BUILD FIX: Disable YARR and YARR_JIT features for PLATFORM(IPHONE)
14366 Reviewed by build-webkit --development --hardware ARCHS="armv7".
14368 Fixes the following build error:
14370 cc1plus: warnings being treated as errors
14371 In file included from JavaScriptCore/assembler/MacroAssembler.h:34,
14372 from JavaScriptCore/bytecode/Instruction.h:32,
14373 from JavaScriptCore/bytecode/CodeBlock.h:34,
14374 from JavaScriptCore/runtime/JSActivation.h:32,
14375 from JavaScriptCore/runtime/Arguments.h:27,
14376 from JavaScriptCore/runtime/Arguments.cpp:26:
14377 JavaScriptCore/assembler/MacroAssemblerARMv7.h:874: warning: unused parameter 'cond'
14378 JavaScriptCore/assembler/MacroAssemblerARMv7.h:882: warning: unused parameter 'cond'
14380 * wtf/Platform.h: Explicitly disable the YARR an YARR_JIT
14381 features for PLATFORM(IPHONE). Previously they were being
14382 enabled for armv7 builds, which caused the ASSEMBLER feature to
14383 be enabled, which caused the build error.
14385 2010-02-03 David Kilzer <ddkilzer@apple.com>
14387 <rdar://problem/6973416> TLF: Merge with OS X WebKit (Safari Havoc)
14389 Merged ToT WebKit r45705-r53217 on trunk.
14391 12615 files changed, 743109 insertions(+), 175794 deletions(-)
14393 2010-01-28 David Kilzer <ddkilzer@apple.com>
14395 <rdar://problem/7588478> WebKit fails to build with http pipelining enabled in Apex
14397 Reviewed by Aaron Golden.
14399 The iPhone availibility macros are defined in Availability.h not
14400 AvailabilityMacros.h. Because Availability.h was not included,
14401 the net effect was that anything that tested for _IPHONE_4_0 was
14402 effectively disabled. By including Availability.h in Platform.h
14403 we ensure that these macros are defined properly everywhere.
14405 * wtf/FastMalloc.cpp: Removed unneeded #include <Availability.h>.
14406 * wtf/Platform.h: Added #include <Availability.h>.
14408 2010-01-19 Pratik Solanki <psolanki@apple.com>
14410 <rdar://problem/7534560> REGRESSION: Embedded Google Map does not show all information
14412 Merge in r53341 from WebKit open source. Also merge in part of r49734
14413 which refactors countPrototypeChainEntriesAndCheckForProxies to
14414 normalizePrototypeChain.
14416 Reviewed by David Kilzer.
14418 (JSC::Interpreter::tryCacheGetByID):
14419 * jit/JITStubs.cpp:
14420 (JSC::JITThunks::tryCacheGetByID):
14421 (JSC::DEFINE_STUB_FUNCTION):
14422 * runtime/Operations.h:
14423 (JSC::normalizePrototypeChain):
14425 2010-01-14 Geoffrey Garen <ggaren@apple.com>
14427 Reviewed by Oliver Hunt.
14429 REGRESISON: Google maps buttons not working properly
14430 https://bugs.webkit.org/show_bug.cgi?id=31871
14432 REGRESSION(r52948): JavaScript exceptions thrown on Google Maps when
14433 getting directions for a second time
14434 https://bugs.webkit.org/show_bug.cgi?id=33446
14436 SunSpider and v8 report no change.
14438 * interpreter/Interpreter.cpp:
14439 (JSC::Interpreter::tryCacheGetByID): Update our cached offset in case
14440 flattening the dictionary changed any of its offsets.
14442 * jit/JITStubs.cpp:
14443 (JSC::JITThunks::tryCacheGetByID):
14444 (JSC::DEFINE_STUB_FUNCTION):
14445 * runtime/Operations.h:
14446 (JSC::normalizePrototypeChain): ditto
14448 2010-01-19 Pratik Solanki <psolanki@apple.com>
14450 Rename countPrototypeChainEntriesAndCheckForProxies to normalizePrototypeChain.
14451 This is part of the change from r49734 in open source WebKit.
14453 This is needed to merge in the fix for <rdar://7534560>
14455 Reviewed by David Kilzer.
14457 * interpreter/Interpreter.cpp:
14458 (JSC::Interpreter::tryCacheGetByID): Updated for rename to
14459 "normalizePrototypeChain"
14460 * jit/JITStubs.cpp:
14461 (JSC::JITThunks::tryCacheGetByID): Updated for rename to
14462 "normalizePrototypeChain"
14463 (JSC::DEFINE_STUB_FUNCTION):
14464 * runtime/Operations.h:
14465 (JSC::normalizePrototypeChain): Renamed countPrototypeChainEntriesAndCheckForProxies
14466 to normalizePrototypeChain, since it changes dictionary prototypes to
14467 non-dictionary objects.
14469 2010-01-12 David Kilzer <ddkilzer@apple.com>
14471 <rdar://problem/7387208> Enable http pipelining in WebKit
14473 Reviewed by David Carson.
14475 * wtf/Platform.h: Added ENABLE(HTTP_PIPELINING) macro and
14476 enabled it for PLATFORM(IPHONE) on Apex and later.
14478 2010-01-08 David Kilzer <ddkilzer@apple.com>
14480 <rdar://problem/7519233> Assertion failure in Interpreter.cpp:1047 !baseObject->structure()->isUncacheableDictionary()
14482 Merged ToT WebKit r50704.
14484 * runtime/Structure.cpp:
14485 (JSC::Structure::flattenDictionaryStructure): Since the
14486 anonymousSlotCount changes haven't been merged, just set the
14487 value to 0. Change suggested by Geoff Garen.
14489 2009-11-09 Oliver Hunt <oliver@apple.com>
14491 Reviewed by Gavin Barraclough.
14493 Can cache prototype lookups on uncacheable dictionaries.
14494 https://bugs.webkit.org/show_bug.cgi?id=31198
14496 Replace fromDictionaryTransition with flattenDictionaryObject and
14497 flattenDictionaryStructure. This change is necessary as we need to
14498 guarantee that our attempt to convert away from a dictionary structure
14499 will definitely succeed, and in some cases this requires mutating the
14500 object storage itself.
14502 * interpreter/Interpreter.cpp:
14503 (JSC::Interpreter::tryCacheGetByID):
14504 * jit/JITStubs.cpp:
14505 (JSC::JITThunks::tryCacheGetByID):
14506 (JSC::DEFINE_STUB_FUNCTION):
14507 * runtime/BatchedTransitionOptimizer.h:
14508 (JSC::BatchedTransitionOptimizer::~BatchedTransitionOptimizer):
14509 * runtime/JSObject.h:
14510 (JSC::JSObject::flattenDictionaryObject):
14511 * runtime/Operations.h:
14512 (JSC::normalizePrototypeChain):
14513 * runtime/Structure.cpp:
14514 (JSC::Structure::flattenDictionaryStructure):
14515 (JSC::comparePropertyMapEntryIndices):
14516 * runtime/Structure.h:
14518 2009-12-25 Cameron Zwarich <zwarich@apple.com>
14520 <rdar://problem/7498357> Enable WTF_USE_JSVALUE32_64 for armv6 with llvm-gcc-4.2
14522 Reviewed by David Kilzer.
14524 * wtf/Platform.h: Now that WebKit is being compiled with LLVM to match JavaScriptCore
14525 and WebCore, reenable JSVALUE32_64 on armv6 with llvm-gcc-4.2.
14527 2009-12-24 Cameron Zwarich <zwarich@apple.com>
14529 <rdar://problem/7493635> Crashes in JavaScriptCore::Heap::unprotect() in apps using UIWebView
14531 Reviewed by David Kilzer.
14533 * wtf/Platform.h: Roll out r125950, the fix for <rdar://problem/7488182> Enable
14534 WTF_USE_JSVALUE32_64 for armv6 with llvm-gcc-4.2. It appears to be hitting a bug
14537 2009-12-20 David Kilzer <ddkilzer@apple.com>
14539 <rdar://problem/7488182> Enable WTF_USE_JSVALUE32_64 for armv6 with llvm-gcc-4.2
14541 Reviewed by Cameron Zwarich.
14543 * wtf/Platform.h: Updated to enable USE(JSVALUE32_64) when
14544 compiling with llvm-gcc-4.2 and targeting armv6 since it doesn't
14545 have this compiler bug (<rdar://problem/7478149>).
14547 2009-12-19 David Kilzer <ddkilzer@apple.com>
14549 <rdar://problem/7486926> Change Register constructors to assignment operators to work around gcc-4.2 bug
14551 Merge ToT WebKit r52343.
14553 2009-12-18 Geoffrey Garen <ggaren@apple.com>
14555 Reviewed by Cameron Zwarich and Gavin Barraclough.
14557 Changed Register constructors to assignment operators, to streamline
14558 moving values into registers. (In theory, there's no difference between
14559 the two, since the constructor should just inline away, but there seems
14560 to be a big difference in the addled mind of the GCC optimizer.)
14562 In the interpreter, this is a 3.5% SunSpider speedup and a 1K-2K
14563 reduction in stack usage per privateExecute stack frame.
14565 * interpreter/CallFrame.h:
14566 (JSC::ExecState::setCalleeArguments):
14567 (JSC::ExecState::setCallerFrame):
14568 (JSC::ExecState::setScopeChain):
14569 (JSC::ExecState::init):
14570 (JSC::ExecState::setArgumentCount):
14571 (JSC::ExecState::setCallee):
14572 (JSC::ExecState::setCodeBlock): Added a little bit of casting so these
14573 functions could use the new Register assignment operators.
14575 * interpreter/Register.h:
14576 (JSC::Register::withInt):
14577 (JSC::Register::Register):
14578 (JSC::Register::operator=): Swapped in assignment operators for constructors.
14580 2009-12-17 David Kilzer <ddkilzer@apple.com>
14582 <rdar://problem/7451823> Investigate using WTF_USE_JSVALUE32_64 on ARM
14584 Reviewed by Cameron Zwarich.
14586 Merged ToT WebKit r52231 to fix the recursion crash after
14587 enabling USE(JSVALUE32_64). Also worked around a gcc-4.2 bug
14588 on armv6 (<rdar://problem/7478149>) by using USE(JSVALUE32) when
14591 This also addresses:
14592 <rdar://problem/7469369> SunSpider times regressed from Wildcat7B279 to Wildcat 7B280a
14594 * wtf/Platform.h: Enable USE(JSVALUE32_64) for armv7. Continue
14595 using USE(JSVALUE32) for armv6 until <rdar://problem/7478149> is
14598 2009-12-16 Geoffrey Garen <ggaren@apple.com>
14600 Reviewed by Oliver Hunt.
14602 Fixed <rdar://problem/7355025> Interpreter::privateExecute macro generates
14605 This patch cuts Interpreter stack use by about a third.
14607 * bytecode/Opcode.h: Changed Opcode to const void* to work with the
14608 const static initiliazation we want to do in Interpreter::privateExecute.
14610 * interpreter/Interpreter.cpp:
14611 (JSC::Interpreter::Interpreter): Moved hashtable initialization here to
14612 avoid polluting Interpreter::privateExecute's stack, and changed it from a
14613 series of add() calls to one add() call in a loop, to cut down on code size.
14615 (JSC::Interpreter::privateExecute): Changed a series of label computations
14616 to a copy of a compile-time constant array to cut down on code size.
14618 2009-12-17 David Kilzer <ddkilzer@apple.com>
14620 <rdar://problem/7002948> Backout workaround for bogus -Wmissing-prototypes warnings on SnowLeopard
14622 Reviewed by Greg Bolsinga.
14624 * Configurations/Base.xcconfig: Re-enable -Wmissing-prototypes
14625 for hardware builds.
14627 2009-12-10 David Kilzer <ddkilzer@apple.com>
14629 <rdar://problem/7266331> Merge WebKit engine changes from Safari Bronco
14631 Merged ToT WebKit r46833-r50479 on the safari-4-branch to iPhone WebKit.
14633 2009-12-10 David Kilzer <ddkilzer@apple.com>
14635 Don't enable the fast malloc scavenge thread on iPhone OS
14637 * wtf/FastMalloc.cpp: Until we can measure the performance
14638 impact and/or benefits, don't enable the scavenge thread on
14641 2009-12-10 David Kilzer <ddkilzer@apple.com>
14643 <rdar://problem/7450578> CrashTracer: [USER] 3 crashes in DumpRenderTree at JavaScriptCore: JSC::stringProtoFuncReplace + 12
14645 * wtf/Platform.h: Continue using WTF_USE_JSVALUE32 for
14646 PLATFORM(IPHONE) since WTF_USE_JSVALUE32_64 causes crashes.
14648 2009-12-04 David Kilzer <ddkilzer@apple.com>
14650 <rdar://problem/7437124> Build JavaScriptCore with LLVM for Apex
14652 Reviewed by Greg Bolsinga.
14654 * Configurations/Base.xcconfig: Don't build JavaScriptCore with
14655 llvm-gcc-4.2 for the iPhone Simulator just yet.
14657 2009-12-04 David Kilzer <ddkilzer@apple.com>
14659 BUILD FIX: Make sure malloc_introspection_t is NULL-terminated for Wildcat hardware builds
14661 * wtf/FastMalloc.cpp:
14662 (jscore_fastmalloc_introspection): When defining this struct,
14663 the NULL terminator is required on Wildcat hardware, Apex
14664 hardware and Apex simulator builds, but not Wildcat simulator
14665 builds. Thus, we have to restore the __IPHONE_3_2 check that
14666 was removed in r123040 and keep the __IPHONE_4_0 check. (The
14667 Apex simulator build will continue to fail until the next Apex
14668 SDK is released with Snow Leopard's CF/Foundation integrated.)
14670 2009-12-03 David Kilzer <ddkilzer@apple.com>
14672 <rdar://problem/7437124> Build JavaScriptCore with LLVM for Apex
14674 Reviewed by Cameron Zwarich.
14676 * Configurations/Base.xcconfig: Use llvm-gcc-4.2 when building
14677 for the iPhone OS 4.0 Internal SDK and iPhone Simulator 4.0 SDK.
14679 2009-11-10 David Kilzer <ddkilzer@apple.com>
14681 Introduce ENABLE(TEXT_AUTOSIZING)
14683 Reviewed by Greg Bolsinga.
14685 * wtf/Platform.h: Defined ENABLE_TEXT_AUTOSIZING to 1 for
14686 PLATFORM(IPHONE) and 0 for all other platforms.
14688 2009-11-08 David Kilzer <ddkilzer@apple.com>
14690 <rdar://problem/7311412> iPhone: REGRESSION (r48687): Pages on ucas.com appear blank (30424)
14692 Reverted iPhone WebKit r112546, which originally fixed:
14693 <rdar://problem/7239662> iPhone: CrashTracer: [USER] 1 crash in Safari at com.apple.WebCore • WebCore::ThreadTimers::fireTimers + 135 • abort() called
14695 The eventual fix will be picked up with the merge for Safari
14700 2009-09-30 David Kilzer <ddkilzer@apple.com>
14702 <rdar://problem/7239662> iPhone: CrashTracer: [USER] 1 crash in Safari at com.apple.WebCore • WebCore::ThreadTimers::fireTimers + 135 • abort() called
14704 Merged ToT WebKit r48650.
14706 2009-09-22 Darin Adler <darin@apple.com>
14708 Reviewed by Sam Weinig.
14710 * wtf/Forward.h: Added PassOwnPtr.
14712 2009-09-28 David Kilzer <ddkilzer@apple.com>
14714 <rdar://problem/7257975> LayoutTests/fast/js/postfix-syntax.html fails on interpreter
14716 Merged ToT WebKit r45904 from <http://webkit.org/b/27294>.
14718 2009-07-15 Oliver Hunt <oliver@apple.com>
14720 Reviewed by Simon Hausmann.
14722 REGRESSION: fast/js/postfix-syntax.html fails with interpreter
14723 https://bugs.webkit.org/show_bug.cgi?id=27294
14725 When postfix operators operating on locals assign to the same local
14726 the order of operations has to be to store the incremented value, then
14727 store the unmodified number. Rather than implementing this subtle
14728 semantic in the interpreter I've just made the logic explicit in the
14729 bytecode generator, so x=x++ effectively becomes x=ToNumber(x) (for a
14732 * parser/Nodes.cpp:
14733 (JSC::emitPostIncOrDec):
14735 2009-09-28 David Kilzer <ddkilzer@apple.com>
14737 <rdar://problem/7258042> LayoutTests/fast/js/kde/arguments-scope.html fails on interpreter
14739 Merged ToT WebKit r45903 from <http://webkit.org/b/27259>.
14741 2009-07-15 Oliver Hunt <oliver@apple.com>
14743 Reviewed by Simon Hausmann.
14745 REGRESSION(43559): fast/js/kde/arguments-scope.html fails with interpreter
14746 https://bugs.webkit.org/show_bug.cgi?id=27259
14748 The interpreter was incorrectly basing its need to create the arguments object
14749 based on the presence of the callframe's argument reference rather than the local
14750 arguments reference. Based on this it then overrode the local variable reference.
14752 * interpreter/Interpreter.cpp:
14753 (JSC::Interpreter::privateExecute):
14755 2009-09-23 David Kilzer <ddkilzer@apple.com>
14757 <rdar://problem/7241653> Changes to export files not always picked up
14759 Merged ToT WebKit r48685 from <http://webkit.org/b/29660>.
14761 2009-09-23 David Kilzer <ddkilzer@apple.com>
14763 Move definition of USE(PLUGIN_HOST_PROCESS) from WebKitPrefix.h to Platform.h
14765 Reviewed by Mark Rowe.
14767 * wtf/Platform.h: Define WTF_USE_PLUGIN_HOST_PROCESS to 1 when
14768 building on 64-bit SnowLeopard. Define to 0 elsewhere.
14770 2009-09-22 David Kilzer <ddkilzer@apple.com>
14772 <rdar://problem/7241653> Changes to export files not always picked up
14774 Reviewed by Paul Knight.
14776 * JavaScriptCore.xcodeproj/project.pbxproj: Fixed order of build
14777 phase scripts to match ToT WebKit.
14779 2009-09-21 Greg Bolsinga <bolsinga@apple.com>
14781 Merged TOT WebKit r48609.
14783 Thsi brings over the Open Source change for
14784 ENABLE(ORIENTATION_EVENTS), and removes the previous
14785 portions that do not apply and fixes bugs.
14789 2009-09-16 Greg Bolsinga <bolsinga@apple.com>
14791 Merged TOT WebKit r48430.
14793 This basically brings over the Open Source change for
14794 ENABLE_INSPECTOR, and removes the previous portions
14795 that do not apply (FeatureDefines.xcconfig, build-webkit,
14796 and EXCLUDED_SOURCE_FILE_NAMES changes).
14798 * Configurations/FeatureDefines.xcconfig:
14801 2009-09-16 Greg Bolsinga <bolsinga@apple.com>
14803 Merged TOT WebKit r48429.
14805 This basically brings over the Open Source change for
14806 ENABLE_CONTEXT_MENUS, and removes the previous portions
14807 that do not apply (FeatureDefines.xcconfig, build-webkit,
14808 and EXCLUDED_SOURCE_FILE_NAMES changes).
14810 * Configurations/FeatureDefines.xcconfig:
14813 2009-09-16 Greg Bolsinga <bolsinga@apple.com>
14815 Fix a bad merge in the previous commit.
14819 2009-09-16 Greg Bolsinga <bolsinga@apple.com>
14821 Merged TOT WebKit r46437.
14823 This basically brings over the Open Source change for
14824 ENABLE_DRAG_SUPPORT, and removes the previous portions
14825 that do not apply (FeatureDefines.xcconfig, build-webkit,
14826 and EXCLUDED_SOURCE_FILE_NAMES changes).
14828 * Configurations/FeatureDefines.xcconfig:
14831 2009-09-11 Greg Bolsinga <bolsinga@apple.com>
14833 Reviewed by David Carson.
14835 <rdar://problem/6732593> Add ENABLE(CONTEXT_MENU)
14837 Set up defaults for ENABLE_CONTEXT_MENU (off for iPhone, on for Mac OS X)
14839 * Configurations/FeatureDefines.xcconfig:
14842 2009-09-11 Greg Bolsinga <bolsinga@apple.com>
14844 Reviewed by David Carson.
14846 <rdar://problem/6732599> Add ENABLE(DRAG_SUPPORT)
14848 Set up defaults for ENABLE_DRAG_SUPPORT (off for iPhone, on for Mac OS X)
14850 * Configurations/FeatureDefines.xcconfig:
14853 2009-09-10 Greg Bolsinga <bolsinga@apple.com>
14855 Reviewed by Cameron Zwarich.
14857 <rdar://problem/6732605> Add ENABLE(INSPECTOR)
14859 Set up defaults for ENABLE_INSPECTOR (off for iPhone, on for Mac OS X)
14861 * Configurations/FeatureDefines.xcconfig:
14864 2009-08-21 David Kilzer <ddkilzer@apple.com>
14866 <rdar://problem/7154895> Annotate WTF assertion methods to prevent false-positives from clang static analyzer
14868 Reviewed by David Carson.
14870 * wtf/Assertions.h: Added CLANG_ANALYZER_NORETURN macro
14871 definition. Added #include <stdbool.h> for definition of false
14873 (WTFReportAssertionFailure): Added CLANG_ANALYZER_NORETURN
14874 annotation to fix false-positives in ASSERT() macro.
14875 (WTFReportAssertionFailureWithMessage): Ditto for
14876 ASSERT_WITH_MESSAGE() macro.
14877 (WTFReportArgumentAssertionFailure): Ditto for ASSERT_ARG()
14879 (WTFReportFatalError): Ditto for FATAL() macro.
14881 2009-08-16 David Kilzer <ddkilzer@apple.com>
14883 Move #define _DONT_USE_CTYPE_INLINE_ to <wtf/DisallowCType.h>
14885 Reviewed by Greg Bolsinga.
14887 All source files fail to build for the iPhone OS SDK and the
14888 iPhone Simulator SDK unless _DONT_USE_CTYPE_INLINE_ is defined
14889 before including <ctype.h>. Instead of defining it in
14890 WebCorePrefix.h and WebKitPrefix.h, move the definition to
14891 DisallowCType.h since that header is already included in
14892 WebCore/config.h and WebKit/WebKitPrefix.h.
14894 * wtf/DisallowCType.h: Added #define _DONT_USE_CTYPE_INLINE_ for
14897 2009-08-11 David Carson <dacarson@apple.com>
14899 <rdar://problem/7125030> Reproducible assertion failure in JavaScriptCore with google maps
14901 Reviewed by Greg Bolsinga
14903 Comment out ASSERTs as MobileSafari allocs on main thread and frees on Web thread.
14905 * wtf/CrossThreadRefCounted.h:
14909 2009-08-07 David Kilzer <ddkilzer@apple.com>
14911 <rdar://problem/7128246> Soft link MobileQuickLook only once
14913 Reviewed by Cameron Zwarich.
14915 * wtf/Platform.h: Added USE(MOBILE_QUICK_LOOK) macro.
14917 2009-08-02 David Kilzer <ddkilzer@apple.com>
14919 <rdar://problem/6907691> TLF: Merge Safari 4.0.3 SnowLeopard GM2 release (Rocket)
14921 Merged ToT WebKit r45764-r46452 on safari-4-branch (Safari Rocket branch).
14923 276 files changed, 4992 insertions(+), 3928 deletions(-)
14925 2009-08-02 David Kilzer <ddkilzer@apple.com>
14927 <rdar://problem/6907691> TLF: Merge Safari 4.0.3 SnowLeopard GM2 release (Rocket)
14929 Merged ToT WebKit r43832-r45704 on trunk (up to the Rocket branch point).
14931 3104 files changed, 429041 insertions(+), 273643 deletions(-)
14933 2009-07-23 David Kilzer <ddkilzer@apple.com>
14935 <rdar://problem/7082861> Eclair content isn't working after Jetstream merge
14937 Reviewed by Cameron Zwarich.
14939 * wtf/Platform.h: Define WTF_USE_ACCELERATED_COMPOSITING for
14940 PLATFORM(IPHONE). It's also currently defined in
14941 WebCore/config.h, but not in such a way as to enable it for
14942 iPhone WebKit, and the config.h definition will be removed in a
14945 2009-06-24 David Kilzer <ddkilzer@apple.com>
14947 <rdar://problem/6930369> Simulator should build with MACOSX_DEPLOYMENT_TARGET=10.5 on SnowLeopard
14949 Reviewed by Cameron Zwarich.
14951 * Configurations/DebugRelease.xcconfig: Set
14952 MACOSX_DEPLOYMENT_TARGET=10.5 when building for iphoneos and
14953 iphonesimulator platforms.
14955 2009-06-24 David Kilzer <ddkilzer@apple.com>
14957 Disable -Wmissing-prototypes when compiling for iphoneos
14959 Reviewed by Cameron Zwarich.
14961 This is a workaround for: <rdar://problem/6930844> SnowLeopard+Kirkwood: cc1plus: warning: command line option "-Wmissing-prototypes" is valid for C/ObjC but not for C++
14963 * Configurations/Base.xcconfig: Disable -Wmissing-prototypes
14964 when compiling for iphoneos.
14966 2009-06-18 David Kilzer <ddkilzer@apple.com>
14968 <rdar://problem/6954277> JavaScriptCore-525 fails to build in Wildcat
14970 Reviewed by David Carson.
14972 * wtf/FastMalloc.cpp:
14973 (WTF::TCMallocStats::): The CoreOS changes to
14974 malloc_introspection_t have been merged into Northstar+1, so
14975 change the macro test accordingly.
14977 2009-06-03 David Kilzer <ddkilzer@apple.com>
14979 <rdar://problem/6830711> JavascriptCore fails to verify when built armv5
14981 Patch by Anthony O'Blennis Yvanovich. Reviewed by David Kilzer.
14983 * Configurations/Base.xcconfig: Added
14984 GCC_GENERATE_DEBUGGING_SYMBOLS_armv5.
14985 * Configurations/JavaScriptCore.xcconfig: Added
14986 EXPORTED_SYMBOLS_FILE_armv5.
14988 2009-06-01 Cameron Zwarich <zwarich@apple.com>
14990 Reviewed by David Kilzer.
14992 <rdar://problem/6888365> CrashTracer: [USER] 1 crash in MobileSafari at WebCore • WebCore::JSEventTargetNode::getOwnPropertySlot + 9
14994 When using WebKit in threaded mode on iPhone, JavaScriptCore runs in the
14995 web thread, which is a secondary thread and thus has 512 kb of stack space
14996 by default. The relatively low amount of stack space was causing stack
14997 overflows when approaching the JavaScriptCore reentrancy limit. The solution
14998 is to simultaneously decrease the reentrancy limit while increasing the
14999 amount of stack space available for the web thread.
15001 * interpreter/Interpreter.h: decrease the reentrancy limit from 128 to
15002 100. I have never seen an actual web page that requires a limit higher
15003 than 65, but the Celtic Kane benchmark requires a limit of 94, at least
15004 with our current implementation of certain runtime methods. While this
15005 benchmark is completely stupid, it is still important that we are able
15008 2009-05-23 David Kilzer <ddkilzer@apple.com>
15010 <rdar://problem/6917404> JavaScriptCore_Sim fails to build in Apex
15012 Since the iPhone Simulator is currently built on Leopard (not
15013 SnowLeopard), we must exclude the malloc_introspection_t fix
15014 when building JavaScriptCore_Sim for Apex.
15016 * wtf/FastMalloc.cpp:
15017 (WTF::jscore_fastmalloc_introspection): Added check for
15018 !PLATFORM(IPHONE_SIMULATOR) when building on Apex or newer.
15020 2009-05-21 Cameron Zwarich <zwarich@apple.com>
15022 Reviewed by David Kilzer.
15024 I wanted to merge our change to tag TCMalloc memory, but Mark Rowe
15025 informed me that this is pointless, because TCMalloc has its own
15026 MallocZone and vmmap only needs tags to distinguish between
15027 allocations if they are not associated with a zone.
15029 * wtf/TCSystemAlloc.cpp: remove mmapFileDescriptor.
15030 (TryMMap): pass -1 to mmap instead of mmapFileDescriptor, matching
15032 (TCMalloc_SystemRelease): ditto.
15034 2009-05-21 David Kilzer <ddkilzer@apple.com>
15036 <rdar://problem/6912575> iPhone: REGRESSION: cached DOM global object property access fails in browser (25921)
15038 Merged ToT WebKit r44016.
15040 2009-05-21 Oliver Hunt <oliver@apple.com>
15042 Reviewed by Maciej Stachowiak.
15044 <rdar://problem/6910264> REGRESSION: Cached DOM global object property access fails in browser (25921)
15045 <https://bugs.webkit.org/show_bug.cgi?id=25921>
15047 When caching properties on the global object we need to ensure that we're
15048 not attempting to cache through a shell object.
15050 * interpreter/Interpreter.cpp:
15051 (JSC::Interpreter::resolveGlobal):
15052 * jit/JITStubs.cpp:
15053 (JSC::JITStubs::cti_op_resolve_global):
15055 2009-05-21 David Kilzer <ddkilzer@apple.com>
15057 <rdar://problem/6886808> JavaScriptCore fails to build in RacerFive
15059 Merged ToT WebKit r41023.
15061 2009-02-16 Mark Rowe <mrowe@apple.com>
15065 * wtf/FastMalloc.cpp:
15066 (WTF::TCMallocStats::):
15067 (WTF::TCMallocStats::FastMallocZone::FastMallocZone):
15069 2009-05-03 Antti Koivisto <antti@apple.com>
15071 Reviewed by David Carson.
15073 <rdar://problem/6850915> REGRESSION (SUTimberline): Reduce the size of the FastMalloc thread cache (from 6410061)
15075 Merge back r73166 from SUTimberline.
15077 --- Submission Information ---
15079 - Risk details: Changes constant back to SUTimberline value.
15080 - Code reviewed by: David Carson.
15081 - Testing details: Tested that a rerun of a short session
15082 (google->nytimes->wsj->google) produces 1MB difference in
15083 FastMalloc dirty pages. Verified basic browsing was
15086 * wtf/FastMalloc.cpp: Changed thread cache size from 2MB to 0.5MB.
15088 2009-04-30 David Kilzer <ddkilzer@apple.com>
15090 <rdar://problem/6842050> MERGE: Javascript, ParseInt and Negative value
15092 Merged ToT WebKit r42607.
15094 --- Submission Information ---
15096 - Risk details: Fixed parsing of negative integer values.
15097 - Code reviewed by: Oliver Hunt.
15098 - Testing details: Ran javascriptcore and layout tests.
15099 Verified basic browsing was unaffected.
15101 2009-04-08 Mihnea Ovidenie <mihnea@adobe.com>
15103 Reviewed by Oliver Hunt.
15105 Bug 25027: JavaScript parseInt wrong on negative numbers
15106 <https://bugs.webkit.org/show_bug.cgi?id=25027>
15108 When dealing with negative numbers, parseInt should use ceil instead of floor.
15110 * runtime/JSGlobalObjectFunctions.cpp:
15111 (JSC::globalFuncParseInt):
15113 2009-04-29 David Kilzer <ddkilzer@apple.com>
15115 <rdar://problem/6015733> iPhone: UString::expandCapacity called with addition as parameter, that could overflow
15117 Merged ToT WebKit r42988.
15119 --- Submission Information ---
15121 - Risk details: Updated integer overflow check.
15122 - Code reviewed by: Maciej Stachowiak.
15123 - Testing details: Ran javascriptcore and layout tests.
15124 Verified basic browsing was unaffected.
15126 2009-04-28 David Kilzer <ddkilzer@apple.com>
15128 A little more hardening for UString
15130 Reviewed by Maciej Stachowiak.
15132 Revised fix for <rdar://problem/5861045> in r42644.
15134 * runtime/UString.cpp:
15135 (JSC::newCapacityWithOverflowCheck): Added.
15136 (JSC::concatenate): Used newCapacityWithOverflowCheck().
15137 (JSC::UString::append): Ditto.
15139 2009-04-29 David Kilzer <ddkilzer@apple.com>
15141 <rdar://problem/6836543> Build system issues with ENABLE_RESPECT_EXIF_ORIENTATION
15143 Reviewed by Greg Bolsinga.
15145 --- Submission Information ---
15147 - Risk details: Removed unneeded FEATURE_DEFINES from *.xcconfig
15148 files and build-webkit. Does not affect B&I builds.
15149 - Code reviewed by: Greg Bolsinga.
15150 - Testing details: Built Development and Deployment_Hardware
15151 configurations using build-webkit.
15153 * Configurations/JavaScriptCore.xcconfig: Removed unneeded
15154 ENABLE_RESPECT_EXIF_ORIENTATION from FEATURE_DEFINES.
15156 2009-04-28 Greg Bolsinga <bolsinga@apple.com>
15158 <rdar://problem/6832549> REGR: Canvas is busted
15159 --- Submission Information ---
15160 - Risk level: Medium
15161 - Risk details: Images could still be screwed up somehow in a way not yet found.
15162 - Code reviewed by: David Kilzer
15163 - Testing details: The canvas example in the bug and photos copied from Photos to Mail to verify the bug that broke canvas still works.
15165 * Configurations/JavaScriptCore.xcconfig:
15167 Add ENABLE_RESPECT_EXIF_ORIENTATION where needed.
15169 2009-04-20 David Kilzer <ddkilzer@apple.com>
15171 <rdar://problem/6015744> iPhone: Integer overflow in JSStringCreateWithCFString
15173 Merged ToT WebKit r42659, r42662.
15175 --- Submission Information ---
15177 - Risk details: Added sanity check to prevent integer overflow.
15178 - Code reviewed by: Dan Bernstein and Darin Adler. Patch by Sam Weinig.
15179 - Testing details: Ran layout tests. Verified basic browsing
15182 2009-04-19 Sam Weinig <sam@webkit.org>
15184 Reviewed by Darin Adler.
15186 Better fix for JSStringCreateWithCFString hardening.
15188 * API/JSStringRefCF.cpp:
15189 (JSStringCreateWithCFString):
15191 2009-04-19 Sam Weinig <sam@webkit.org>
15193 Reviewed by Dan Bernstein.
15195 Fix for <rdar://problem/5860954>
15196 Harden JSStringCreateWithCFString against malformed CFStringRefs.
15198 * API/JSStringRefCF.cpp:
15199 (JSStringCreateWithCFString):
15201 2009-04-18 David Kilzer <ddkilzer@apple.com>
15203 <rdar://problem/6015733> iPhone: UString::expandCapacity called with addition as parameter, that could overflow
15205 Merged ToT WebKit r42644.
15207 --- Submission Information ---
15209 - Risk details: Added sanity checks to prevent integer overflow exploits.
15210 - Code reviewed by: Mark Rowe. Patch by Sam Weinig.
15211 - Testing details: Ran layout tests. Verified basic browsing
15214 2009-04-18 Sam Weinig <sam@webkit.org>
15216 Reviewed by Mark Rowe.
15218 Fix for <rdar://problem/5861045>
15219 A little bit of hardening for UString.
15221 * runtime/UString.cpp:
15222 (JSC::concatenate):
15223 (JSC::UString::append):
15225 2009-04-18 David Kilzer <ddkilzer@apple.com>
15227 <rdar://problem/6015721> iPhone: Integer overflow (m_size + dataSize) in wtf::Vector::append
15229 Merged ToT WebKit r42643.
15231 --- Submission Information ---
15233 - Risk details: Added sanity check to prevent integer overflow exploits.
15234 - Code reviewed by: Mark Rowe and Dan Bernstein. Patch by Sam Weinig.
15235 - Testing details: Ran layout tests. Verified basic browsing
15238 2009-04-18 Sam Weinig <sam@webkit.org>
15240 Reviewed by Mark Rowe and Dan Bernstein.
15242 Fix for <rdar://problem/5861188>
15243 A little bit of hardening for Vector.
15246 (WTF::Vector<T, inlineCapacity>::append):
15247 (WTF::Vector<T, inlineCapacity>::insert):
15249 2009-04-17 David Carson <dacarson@apple.com>
15251 Reviewed by David Kilzer, Richard Williamson
15253 <rdar://problem/6674885> Pasted image from Camera album is rotated
15255 Read the orientation from the image data and make it available to
15256 the drawing code. When drawing the image, orientate the image
15257 according to the EXIF orientation code.
15258 This patch is a copy of the patch attached to WebKit bug:
15259 https://bugs.webkit.org/show_bug.cgi?id=19688
15261 --- Submission Information ---
15263 - Risk details: Web sites could have mis-matched orientation
15264 data. Though, I could not find any such site.
15265 - Code reviewed by: David Kilzer, Richard Williamson
15266 - Testing details: Tested pasting images into mail that
15267 were taken with the iPhone camera. Tested photo sites
15268 flickr.com, picasaweb.google.com and MobileMe.
15271 Turn on ENABLE_RESPECT_EXIF_ORIENTATION
15273 2009-04-17 Drew Wilson <amw@apple.com>
15275 Reviewed by Dan Bernstein, Debbie Goldsmith, Brad Moore.
15278 * wtf/unicode/icu/UnicodeIcu.h:
15279 (WTF::Unicode::hasLineBreakingPropertyComplexContextOrIdeographic):
15281 2009-04-08 David Kilzer <ddkilzer@apple.com>
15283 <rdar://problem/6718589> Turn off SVG DOM Objective-C bindings in WebCore and WebKit
15285 Merged ToT WebKit r42345.
15287 --- Submission Information ---
15288 - Risk level: Medium
15289 - Risk details: Disabling a feature that has been present since
15290 BigBear (iPhone OS 2.0).
15291 - Code reviewed by: Darin Adler and Maciej Stachowiak.
15292 - Testing details: Built Development, Deployment,
15293 Development_Hardware and Deployment_Hardware configurations of
15294 JavaScriptCore, WebCore and WebKit. Verified basic browsing
15297 2009-04-08 David Kilzer <ddkilzer@apple.com>
15299 <rdar://problem/6718589> Option to turn off SVG DOM Objective-C bindings
15301 Reviewed by Darin Adler and Maciej Stachowiak.
15303 Introduce the ENABLE_SVG_DOM_OBJC_BINDINGS feature define so
15304 that SVG DOM Objective-C bindings may be optionally disabled.
15306 * Configurations/JavaScriptCore.xcconfig: Added
15307 ENABLE_SVG_DOM_OBJC_BINDINGS variable and use it in
15310 2009-04-03 David Kilzer <ddkilzer@apple.com>
15312 <rdar://problem/6511168> MERGE: iPhone: Thai text selection in Safari is incorrect
15314 Merged ToT WebKit r41607.
15316 2009-03-11 Dan Bernstein <mitz@apple.com>
15318 Reviewed by Darin Adler.
15320 - WTF support for fixing <rdar://problem/3919124> Thai text selection
15321 in Safari is incorrect
15323 * wtf/unicode/icu/UnicodeIcu.h:
15324 (WTF::Unicode::hasLineBreakingPropertyComplexContext): Added. Returns
15325 whether the character has Unicode line breaking property value SA
15326 ("Complex Context").
15327 * wtf/unicode/qt4/UnicodeQt4.h:
15328 (WTF::Unicode::hasLineBreakingPropertyComplexContext): Added an
15329 implementation that always returns false.
15331 2009-04-02 David Kilzer <ddkilzer@apple.com>
15333 <rdar://problem/6746155> WebCore and WebKit Development_Hardware ARCHS seems wrong.
15335 Reviewed by Simon Fraser.
15337 This change only affects local Development[_Hardware] and
15338 Deployment[_Hardware] builds using Xcode, whose configurations
15339 are based on DebugRelease.xcconfig.
15341 * Configurations/DebugRelease.xcconfig: Simplified ARCHS value
15342 and used $(ARCHS_STANDARD_32_BIT) for iphoneos platform instead
15343 of hard-coding "armv6".
15345 2009-04-01 Greg Bolsinga <bolsinga@apple.com>
15347 Reviewed by David Kilzer.
15349 <rdar://problem/6746296> Update order file for JavaScriptCore
15351 * Configurations/Base.xcconfig:
15352 * JavaScriptCore.iPhone.order: Added.
15354 2009-04-01 Greg Bolsinga <bolsinga@apple.com>
15356 Bring over https://bugs.webkit.org/show_bug.cgi?id=24990
15358 Reviewed by David Kilzer
15360 2009-04-01 Greg Bolsinga <bolsinga@apple.com>
15362 Reviewed by Mark Rowe.
15364 https://bugs.webkit.org/show_bug.cgi?id=24990
15365 Put SECTORDER_FLAGS into xcconfig files.
15367 * Configurations/Base.xcconfig:
15368 * Configurations/DebugRelease.xcconfig:
15370 2009-03-29 David Kilzer <ddkilzer@apple.com>
15372 Bug 23676: Speed up uses of reserveCapacity on new vectors by adding a new reserveInitialCapacity
15374 <https://bugs.webkit.org/show_bug.cgi?id=23676>
15376 Merged ToT WebKit r40501. Needed to fix <rdar://problem/6733652>.
15378 2009-02-02 Darin Adler <darin@apple.com>
15380 Reviewed by Dave Hyatt.
15382 Bug 23676: Speed up uses of reserveCapacity on new vectors by adding a new reserveInitialCapacity
15383 https://bugs.webkit.org/show_bug.cgi?id=23676
15385 * API/JSObjectRef.cpp:
15386 (JSObjectCopyPropertyNames): Use reserveInitialCapacity.
15387 * parser/Lexer.cpp:
15388 (JSC::Lexer::Lexer): Ditto.
15389 (JSC::Lexer::clear): Ditto.
15391 * wtf/Vector.h: Added reserveInitialCapacity, a more efficient version of
15392 reserveCapacity for use when the vector is brand new (still size 0 with no
15393 capacity other than the inline capacity).
15395 2009-03-23 David Kilzer <ddkilzer@apple.com>
15397 <rdar://problem/6712454> Fix JavaScript function compatability issues
15399 Merged ToT WebKit r41851 and r41895.
15401 Note that the testapi.c changes were not merged with r41895.
15403 2009-03-21 Oliver Hunt <oliver@apple.com>
15405 Reviewed by Cameron Zwarich.
15407 Ensure that JSObjectMakeFunction doesn't produce incorrect line numbers.
15409 Also make test api correctly propagate failures.
15411 * API/tests/testapi.c:
15413 * runtime/FunctionConstructor.cpp:
15414 (JSC::constructFunction):
15416 2009-03-19 Cameron Zwarich <cwzwarich@uwaterloo.ca>
15418 Reviewed by Oliver Hunt.
15420 Bug 24350: REGRESSION: Safari 4 breaks SPAW wysiwyg editor multiple instances
15421 <https://bugs.webkit.org/show_bug.cgi?id=24350>
15422 <rdar://problem/6674182>
15424 The SPAW editor's JavaScript assumes that toString() on a function
15425 constructed with the Function constructor produces a function with
15426 a newline after the opening brace.
15428 * runtime/FunctionConstructor.cpp:
15429 (JSC::constructFunction): Add a newline after the opening brace of the
15430 function's source code.
15432 2009-03-23 David Kilzer <ddkilzer@apple.com>
15434 <rdar://problem/6464366> REGRESSION: Fix Debug Console message printed for slow script (10 second) timeout
15436 Merged ToT WebKit r41912.
15438 2009-03-23 David Kilzer <ddkilzer@apple.com>
15440 Provide JavaScript exception information after slow script timeout
15442 Reviewed by Oliver Hunt.
15444 * runtime/Completion.cpp:
15445 (JSC::evaluate): Set the exception object as the Completion
15446 object's value for slow script timeouts. This is used in
15447 WebCore when reporting the exception.
15448 * runtime/ExceptionHelpers.cpp:
15449 (JSC::InterruptedExecutionError::toString): Added. Provides a
15450 description message for the exception when it is reported.
15452 2009-03-21 David Kilzer <ddkilzer@apple.com>
15454 <rdar://problem/6708484> iPhone: REGRESSION (Safari 4): regular expression pattern size limit lower than Safari 3.2, other browsers, breaks SAP (14873)
15456 Merged ToT WebKit r41842.
15458 2009-03-19 Geoffrey Garen <ggaren@apple.com>
15460 Reviewed by Sam Weinig.
15462 Fixed <rdar://problem/6603562> REGRESSION (Safari 4): regular expression
15463 pattern size limit lower than Safari 3.2, other browsers, breaks SAP (14873)
15465 Bumped the pattern size limit to 1MB, and standardized it between PCRE
15466 and WREC. (Empirical testing says that we can easily compile a 1MB regular
15467 expression without risking a hang. Other browsers support bigger regular
15468 expressions, but also hang.)
15470 SunSpider reports no change.
15472 I started with a patch posted to Bugzilla by Erik Corry (erikcorry@google.com).
15474 * pcre/pcre_internal.h:
15477 (put3ByteValueAndAdvance):
15478 (putLinkValueAllowZero):
15479 (getLinkValueAllowZero): Made PCRE's "LINK_SIZE" (the number of bytes
15480 used to record jumps between bytecodes) 3, to accomodate larger potential
15481 jumps. Bumped PCRE's "MAX_PATTERN_SIZE" to 1MB. (Technically, at this
15482 LINK_SIZE, we can support even larger patterns, but we risk a hang during
15483 compilation, and it's not clear that such large patterns are important
15487 (JSC::WREC::Generator::compileRegExp): Match PCRE's maximum pattern size,
15488 to avoid quirks between platforms.
15490 2009-03-20 David Kilzer <ddkilzer@apple.com>
15492 <rdar://problem/6696219> iPhone: REGRESSION (Safari 4): Incorrect function return value when using IE "try ... finally" memory leak work-around (24654)
15494 Merged ToT WebKit r41806.
15496 2009-03-17 Oliver Hunt <oliver@apple.com>
15498 Reviewed by Cameron Zwarich.
15500 <rdar://problem/6692138> REGRESSION (Safari 4): Incorrect function return value when using IE "try ... finally" memory leak work-around (24654)
15501 <https://bugs.webkit.org/show_bug.cgi?id=24654>
15503 If the return value for a function is in a local register we need
15504 to copy it before executing any finalisers, otherwise it is possible
15505 for the finaliser to clobber the result.
15507 * bytecompiler/BytecodeGenerator.h:
15508 (JSC::BytecodeGenerator::hasFinaliser):
15509 * parser/Nodes.cpp:
15510 (JSC::ReturnNode::emitBytecode):
15512 2009-03-20 David Kilzer <ddkilzer@apple.com>
15514 <rdar://problem/6033956> iPhone: integer overflow and lack of null check in KJS::Collector::heapAllocate
15516 Merged ToT WebKit r41854.
15518 2009-03-19 Geoffrey Garen <ggaren@apple.com>
15520 Reviewed by Oliver Hunt.
15522 Fixed <rdar://problem/6033712> -- a little bit of hardening in the Collector.
15524 SunSpider reports no change. I also verified in the disassembly that
15525 we end up with a single compare to constant.
15527 * runtime/Collector.cpp:
15528 (JSC::Heap::heapAllocate):
15530 2009-03-15 David Kilzer <ddkilzer@apple.com>
15532 <rdar://problem/6666796> iPhone: REGRESSION (r38635): Single line JavaScript comment prevents HTML button click handler execution (24291)
15534 Merged ToT WebKit r41565.
15536 2009-03-10 Cameron Zwarich <cwzwarich@uwaterloo.ca>
15538 Reviewed by Geoff Garen.
15540 Bug 24291: REGRESSION (r38635): Single line JavaScript comment prevents HTML button click handler execution
15541 <https://bugs.webkit.org/show_bug.cgi?id=24291>
15542 <rdar://problem/6663472>
15544 Add an extra newline to the end of the body of the program text constructed
15545 by the Function constructor for parsing. This allows single line comments to
15546 be handled correctly by the parser.
15548 * runtime/FunctionConstructor.cpp:
15549 (JSC::constructFunction):
15551 2009-03-15 David Kilzer <ddkilzer@apple.com>
15553 <rdar://problem/6586232> Merge commits on Safari Hurricane branch
15555 Merged ToT Safari Hurricane branch (webkit/branches/Safari-6528)
15556 through r41575 on the branch.
15558 278 files changed, 26981 insertions(+), 16358 deletions(-)
15560 2009-03-05 Antti Koivisto <antti@apple.com>
15562 Reviewed by Dave Hyatt.
15564 <rdar://problem/6591072> REGRESSION: Bring back repaint throttling during page loading
15566 Intergrate r41431 from the open source TOT.
15568 Enable it for the phone.
15572 2009-03-05 David Kilzer <ddkilzer@apple.com>
15574 <rdar://problem/6645446> JavaScriptCore and WebCore should compile with -Wshorten-64-to-32
15576 Reviewed by David Carson.
15578 * Configurations/Base.xcconfig: Added -Wshorten-64-to-32 to
15579 iphoneos and iphonesimulator builds. No other code changes
15582 2009-03-04 David Kilzer <ddkilzer@apple.com>
15584 <rdar://problem/6571915> WebKit-333 doesn't install complete headers during installhdrs
15586 Merged ToT WebKit r41417.
15588 * Configurations/Base.xcconfig: Switched from PLATFORM_NAME to
15589 REAL_PLATFORM_NAME in iPhone-only variables.
15590 * Configurations/DebugRelease.xcconfig: Ditto.
15591 * Configurations/JavaScriptCore.xcconfig: Ditto.
15593 2009-03-03 David Kilzer <ddkilzer@apple.com>
15595 <rdar://problem/6581203> WebCore and WebKit should install the same set of headers during installhdrs phase as build phase
15597 Reviewed by Mark Rowe.
15599 * Configurations/Base.xcconfig: Defined REAL_PLATFORM_NAME based
15600 on PLATFORM_NAME to work around the missing definition on Tiger.
15601 Updated HAVE_DTRACE to use REAL_PLATFORM_NAME.
15603 2009-03-01 David Kilzer <ddkilzer@apple.com>
15605 <rdar://problem/6580941> webkit can enable dtrace probes
15607 Merged ToT WebKit r41350.
15609 * Configurations/Base.xcconfig: Added line for iphoneos to
15610 enable dtrace probes. Added line for iphonesimulator to
15611 disable dtrace probes based on Leopard issue.
15613 2009-03-01 David Kilzer <ddkilzer@apple.com>
15615 <rdar://problem/6635688> Move HAVE_DTRACE check to Base.xcconfig
15617 Reviewed by Mark Rowe.
15619 * Configurations/Base.xcconfig: Set HAVE_DTRACE Xcode variable
15620 based on PLATFORM_NAME and MAC_OS_X_VERSION_MAJOR. Also define
15621 it as a preprocessor macro by modifying
15622 GCC_PREPROCESSOR_DEFINITIONS.
15623 * JavaScriptCore.xcodeproj/project.pbxproj: Changed "Generate
15624 DTrace header" script phase to check for HAVE_DTRACE instead of
15625 MACOSX_DEPLOYMENT_TARGET.
15626 * wtf/Platform.h: Removed definition of HAVE_DTRACE macro since
15627 it's defined in Base.xcconfig now.
15629 2009-03-01 David Kilzer <ddkilzer@apple.com>
15631 <rdar://problem/6548277> Project setting default to Xcode 2.4; need to change to Xcode 3.1
15633 Reviewed by Andre Boule.
15635 * JavaScriptCore.xcodeproj/project.pbxproj: Switched
15636 compatibilityVersion from "Xcode 2.4" to "Xcode 3.1".
15638 2009-03-01 David Kilzer <ddkilzer@apple.com>
15640 <rdar://problem/6217293> WebKit projects get warning when building with BlackOpal
15642 Reviewed by Scott Goodson.
15644 * JavaScriptCore.xcodeproj/project.pbxproj: Changed productType
15645 back to the non-shallow version.
projects / apple / javascriptcore.git / blob